Linux Analysis Report
8LcL1JKgoC.elf

Overview

General Information

Sample name:	8LcL1JKgoC.elf renamed because original name is a hash value
Original sample name:	98dcd7450c105a74124c4a43ac3d9cf6.elf
Analysis ID:	1446377
MD5:	98dcd7450c105a74124c4a43ac3d9cf6
SHA1:	0f148920823ceffabb843a119397731d761ee376
SHA256:	1676e47228a2773c1081e8a1526215647b2cc7b71eaba96c20fa2ed1d2d181da
Tags:	64elfgafgyt
Infos:

Detection

Gafgyt

Score:	88
Range:	0 - 100
Whitelisted:	false

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Gafgyt

Machine Learning detection for sample

Opens /proc/net/* files useful for finding connected devices and routers

Sample and/or dropped files contains symbols with suspicious names

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Signatures

AV Detection

Found malware configuration

Source: 8LcL1JKgoC.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "91.92.240.85:23"}

Multi AV Scanner detection for submitted file

Source: 8LcL1JKgoC.elf	ReversingLabs: Detection: 71%
Source: 8LcL1JKgoC.elf	Virustotal: Detection: 59%			Perma Link

Machine Learning detection for sample

Source: 8LcL1JKgoC.elf

Joe Sandbox ML: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/8LcL1JKgoC.elf (PID: 5471)

Opens: /proc/net/route

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59616 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59618 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59620 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59622 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59624 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59626 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59628 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59630 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59632 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59634 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59636 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59638 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59640 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59642 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59644 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59646 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59648 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59650 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59652 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59654 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59656 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59658 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59660 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59662 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59664 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59666 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59668 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59670 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59672 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59674 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59676 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59678 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59680 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59682 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59684 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59686 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59688 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59690 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59692 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59694 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59696 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59698 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59700 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59702 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59704 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59706 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59708 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59710 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59712 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59714 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59716 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59718 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59720 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59722 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59724 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59726 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59728 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59730 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59732 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59734 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59736 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59738 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59740 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59742 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59744 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59746 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59748 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59750 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59752 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59754 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59756 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59758 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59760 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59762 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59764 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59766 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59768 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59770 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59772 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59774 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59776 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59778 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59780 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59782 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59784 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59786 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59788 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59790 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59792 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59794 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59796 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59798 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59800 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59802 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59804 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59806 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59808 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59810 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59812 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59814 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59816 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59818 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59820 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59822 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59824 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59826 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59828 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59830 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59832 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59834 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59836 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59838 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59840 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59842 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59844 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59846 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59848 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59850 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59852 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59854 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59856 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59858 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59860 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59862 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59864 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59866 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59868 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59870 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59872 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59874 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59876 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59878 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59880 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59882 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59884 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59886 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59888 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59890 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59892 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59894 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59896 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59898 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59900 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59902 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59904 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59906 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59908 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59910 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59912 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59914 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59916 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59918 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59920 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59922 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59924 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59926 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59928 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59930 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59932 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59934 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59936 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59938 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59940 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59942 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59944 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59946 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59948 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59950 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59952 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59954 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59956 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59958 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59960 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59962 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59964 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59966 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59968 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59970 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59972 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59974 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59976 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59978 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59980 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59982 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59984 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59986 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59988 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59990 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59992 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59994 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59996 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59998 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60000 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60002 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60004 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60006 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60008 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60010 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60012 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60014 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60016 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60018 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60020 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60022 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60024 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60026 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60028 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60030 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60032 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60034 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60036 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60038 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60040 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60042 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60044 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60046 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60048 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60050 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60052 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60054 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60056 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60058 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60060 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60062 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60064 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60066 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60068 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60070 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60072 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60074 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60076 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60078 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60080 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60082 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60084 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60086 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60088 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60090 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60092 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60094 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60096 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60098 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60100 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60102 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60104 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60106 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60108 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60110 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60112 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60114 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60116 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60118 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60120 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60122 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60124 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60126 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60128 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60130 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60132 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60134 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60136 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60138 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60140 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60142 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60144 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60146 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60148 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60150 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60152 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60154 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60156 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60158 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60160 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60162 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60164 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60166 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60168 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60170 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60172 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60174 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60176 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60178 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60180 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60182 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60184 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60186 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60188 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60190 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60192 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60194 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60196 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60198 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60200 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60202 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60204 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60206 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60208 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60210 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60212 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60214 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60216 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60218 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60220 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60222 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60224 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60226 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60228 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60230 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60232 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60234 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60236 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60238 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60240 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60242 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60244 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60246 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60248 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60250 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60252 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60254 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60256 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60258 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60260 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60262 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60264 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60266 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60268 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60270 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60272 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60274 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60276 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60278 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60280 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60282 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60284 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60286 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60288 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60290 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60292 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60294 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60296 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60298 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60300 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60302 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60304 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60306 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60308 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60310 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60312 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60314 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60316 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60318 -> 91.92.240.85:23

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: 8LcL1JKgoC.elf

String found in binary or memory: http://91.92.240.85/bins.sh;

System Summary

Malicious sample detected (through community Yara rule)

Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown

Sample and/or dropped files contains symbols with suspicious names

Source: 8LcL1JKgoC.elf	ELF static info symbol of initial sample: passwords
Source: 8LcL1JKgoC.elf	ELF static info symbol of initial sample: usernames

Yara signature match

Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26

Source: classification engine

Classification label: mal88.spre.troj.linELF@0/0@2/0

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: 8LcL1JKgoC.elf, type: SAMPLE

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: 8LcL1JKgoC.elf, type: SAMPLE

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
91.92.240.85	unknown	Bulgaria		34368	THEZONEBG	true

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.24	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
91.92.240.85:23	true		unknown

AV Detection

Found malware configuration

Source: 8LcL1JKgoC.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "91.92.240.85:23"}

Multi AV Scanner detection for submitted file

Source: 8LcL1JKgoC.elf	ReversingLabs: Detection: 71%
Source: 8LcL1JKgoC.elf	Virustotal: Detection: 59%			Perma Link

Machine Learning detection for sample

Source: 8LcL1JKgoC.elf

Joe Sandbox ML: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/8LcL1JKgoC.elf (PID: 5471)

Opens: /proc/net/route

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59616 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59618 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59620 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59622 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59624 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59626 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59628 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59630 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59632 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59634 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59636 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59638 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59640 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59642 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59644 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59646 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59648 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59650 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59652 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59654 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59656 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59658 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59660 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59662 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59664 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59666 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59668 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59670 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59672 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59674 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59676 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59678 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59680 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59682 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59684 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59686 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59688 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59690 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59692 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59694 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59696 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59698 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59700 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59702 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59704 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59706 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59708 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59710 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59712 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59714 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59716 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59718 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59720 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59722 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59724 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59726 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59728 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59730 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59732 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59734 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59736 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59738 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59740 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59742 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59744 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59746 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59748 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59750 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59752 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59754 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59756 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59758 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59760 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59762 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59764 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59766 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59768 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59770 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59772 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59774 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59776 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59778 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59780 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59782 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59784 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59786 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59788 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59790 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59792 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59794 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59796 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59798 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59800 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59802 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59804 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59806 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59808 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59810 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59812 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59814 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59816 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59818 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59820 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59822 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59824 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59826 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59828 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59830 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59832 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59834 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59836 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59838 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59840 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59842 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59844 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59846 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59848 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59850 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59852 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59854 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59856 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59858 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59860 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59862 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59864 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59866 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59868 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59870 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59872 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59874 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59876 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59878 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59880 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59882 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59884 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59886 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59888 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59890 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59892 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59894 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59896 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59898 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59900 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59902 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59904 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59906 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59908 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59910 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59912 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59914 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59916 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59918 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59920 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59922 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59924 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59926 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59928 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59930 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59932 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59934 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59936 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59938 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59940 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59942 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59944 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59946 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59948 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59950 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59952 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59954 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59956 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59958 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59960 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59962 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59964 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59966 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59968 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59970 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59972 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59974 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59976 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59978 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59980 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59982 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59984 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59986 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59988 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59990 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59992 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59994 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59996 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:59998 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60000 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60002 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60004 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60006 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60008 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60010 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60012 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60014 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60016 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60018 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60020 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60022 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60024 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60026 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60028 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60030 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60032 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60034 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60036 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60038 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60040 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60042 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60044 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60046 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60048 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60050 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60052 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60054 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60056 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60058 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60060 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60062 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60064 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60066 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60068 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60070 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60072 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60074 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60076 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60078 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60080 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60082 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60084 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60086 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60088 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60090 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60092 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60094 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60096 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60098 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60100 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60102 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60104 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60106 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60108 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60110 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60112 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60114 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60116 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60118 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60120 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60122 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60124 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60126 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60128 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60130 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60132 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60134 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60136 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60138 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60140 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60142 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60144 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60146 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60148 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60150 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60152 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60154 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60156 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60158 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60160 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60162 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60164 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60166 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60168 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60170 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60172 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60174 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60176 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60178 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60180 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60182 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60184 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60186 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60188 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60190 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60192 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60194 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60196 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60198 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60200 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60202 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60204 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60206 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60208 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60210 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60212 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60214 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60216 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60218 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60220 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60222 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60224 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60226 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60228 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60230 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60232 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60234 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60236 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60238 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60240 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60242 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60244 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60246 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60248 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60250 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60252 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60254 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60256 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60258 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60260 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60262 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60264 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60266 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60268 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60270 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60272 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60274 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60276 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60278 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60280 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60282 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60284 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60286 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60288 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60290 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60292 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60294 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60296 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60298 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60300 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60302 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60304 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60306 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60308 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60310 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60312 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60314 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60316 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.14:60318 -> 91.92.240.85:23

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: 8LcL1JKgoC.elf

String found in binary or memory: http://91.92.240.85/bins.sh;

System Summary

Malicious sample detected (through community Yara rule)

Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown

Sample and/or dropped files contains symbols with suspicious names

Source: 8LcL1JKgoC.elf	ELF static info symbol of initial sample: passwords
Source: 8LcL1JKgoC.elf	ELF static info symbol of initial sample: usernames

Yara signature match

Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 8LcL1JKgoC.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5474.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5471.1.0000000000400000.0000000000410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26

Source: classification engine

Classification label: mal88.spre.troj.linELF@0/0@2/0

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: 8LcL1JKgoC.elf, type: SAMPLE

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: 8LcL1JKgoC.elf, type: SAMPLE

ID:	1446377
Product:	CloudBasic
Start time:	11:03:04
Start date:	23.05.2024
Sample:	8LcL1JKgoC.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	98dcd7450c105a74124c4a43ac3d9cf6
SHA1:	0f148920823ceffabb843a119397731d761ee376
SHA256:	1676e47228a2773c1081e8a1526215647b2cc7b71eaba96c20fa2ed1d2d181da
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report 8LcL1JKgoC.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Spreading

Networking

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
8LcL1JKgoC.elf

Malware Threat Intel
Provided by