Linux Analysis Report
V8Y8niXzmL.elf

Overview

General Information

Sample name:	V8Y8niXzmL.elf renamed because original name is a hash value
Original sample name:	e55d75e516e2eb484929c399aa79aa33.elf
Analysis ID:	1446379
MD5:	e55d75e516e2eb484929c399aa79aa33
SHA1:	27a7b8a3d255799f08c795c32f8637ebe92da11c
SHA256:	c42028a99920f03cb36155ec2525276e6adfa023bbcfc4f0a110221d6d028453
Tags:	32elfgafgytintel
Infos:

Detection

Gafgyt

Score:	88
Range:	0 - 100
Whitelisted:	false

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Gafgyt

Machine Learning detection for sample

Opens /proc/net/* files useful for finding connected devices and routers

Sample and/or dropped files contains symbols with suspicious names

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Signatures

AV Detection

Found malware configuration

Source: V8Y8niXzmL.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "91.92.240.85:23"}

Multi AV Scanner detection for submitted file

Source: V8Y8niXzmL.elf	ReversingLabs: Detection: 71%
Source: V8Y8niXzmL.elf	Virustotal: Detection: 59%			Perma Link

Machine Learning detection for sample

Source: V8Y8niXzmL.elf

Joe Sandbox ML: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/V8Y8niXzmL.elf (PID: 5451)

Opens: /proc/net/route

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37794 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37796 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37798 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37800 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37802 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37804 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37806 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37808 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37810 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37812 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37814 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37816 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37818 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37820 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37822 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37824 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37826 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37828 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37830 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37832 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37834 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37836 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37838 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37840 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37842 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37844 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37846 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37848 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37850 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37852 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37854 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37856 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37858 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37860 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37862 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37864 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37866 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37868 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37870 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37872 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37874 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37876 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37878 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37880 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37882 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37884 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37886 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37888 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37890 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37892 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37894 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37896 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37898 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37900 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37902 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37904 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37906 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37908 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37910 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37912 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37914 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37916 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37918 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37920 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37922 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37924 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37926 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37928 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37930 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37932 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37934 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37936 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37938 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37940 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37942 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37944 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37946 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37948 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37950 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37952 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37954 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37956 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37958 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37960 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37962 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37964 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37966 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37968 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37970 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37972 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37974 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37976 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37978 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37980 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37982 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37984 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37986 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37988 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37990 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37992 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37994 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37996 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37998 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38000 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38002 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38004 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38006 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38008 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38010 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38012 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38014 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38016 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38018 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38020 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38022 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38024 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38026 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38028 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38030 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38032 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38034 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38036 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38038 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38040 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38042 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38044 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38046 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38048 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38050 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38052 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38054 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38056 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38058 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38060 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38062 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38064 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38066 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38068 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38070 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38072 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38074 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38076 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38078 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38080 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38082 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38084 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38086 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38088 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38090 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38092 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38094 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38096 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38098 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38100 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38102 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38104 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38106 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38108 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38110 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38112 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38114 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38116 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38118 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38120 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38122 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38124 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38126 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38128 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38130 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38132 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38134 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38136 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38138 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38140 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38142 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38144 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38146 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38148 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38150 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38152 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38154 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38156 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38158 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38160 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38162 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38164 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38166 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38168 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38170 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38172 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38174 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38176 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38178 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38180 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38182 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38184 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38186 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38188 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38190 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38192 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38194 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38196 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38198 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38200 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38202 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38204 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38206 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38208 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38210 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38212 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38214 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38216 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38218 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38220 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38222 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38224 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38226 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38228 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38230 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38232 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38234 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38236 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38238 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38240 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38242 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38244 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38246 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38248 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38250 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38252 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38254 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38256 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38258 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38260 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38262 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38264 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38266 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38268 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38270 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38272 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38274 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38276 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38278 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38280 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38282 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38284 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38286 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38288 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38290 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38292 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38294 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38296 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38298 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38300 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38302 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38304 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38306 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38308 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38310 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38312 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38314 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38316 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38318 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38320 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38322 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38324 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38326 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38328 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38330 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38332 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38334 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38336 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38338 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38340 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38342 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38344 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38346 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38348 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38350 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38352 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38354 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38356 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38358 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38360 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38362 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38364 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38366 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38368 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38370 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38372 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38374 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38376 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38378 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38380 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38382 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38384 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38386 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38388 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38390 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38392 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38394 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38396 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38398 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38400 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38402 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38404 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38406 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38408 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38410 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38412 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38414 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38416 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38418 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38420 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38422 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38424 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38426 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38428 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38430 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38432 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38434 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38436 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38438 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38440 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38442 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38444 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38446 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38448 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38450 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38452 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38454 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38456 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38458 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38460 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38462 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38464 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38466 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38468 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38470 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38472 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38474 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38476 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38478 -> 91.92.240.85:23

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: V8Y8niXzmL.elf

String found in binary or memory: http://91.92.240.85/bins.sh;

System Summary

Malicious sample detected (through community Yara rule)

Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_71e487ea Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_20f5e74f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown

Sample and/or dropped files contains symbols with suspicious names

Source: V8Y8niXzmL.elf	ELF static info symbol of initial sample: passwords
Source: V8Y8niXzmL.elf	ELF static info symbol of initial sample: usernames

Yara signature match

Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_71e487ea reference_sample = b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8df69968ddfec5821500949015192b6cdbc188c74f785a272effd7bc9707f661, id = 71e487ea-a592-469c-a03e-0c64d2549e74, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f reference_sample = 48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e99805e8917d6526031270b6da5c2f3cc1c8235fed1d47134835a107d0df497c, id = e6d75e6f-aa04-4767-8730-6909958044a7, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_20f5e74f reference_sample = 9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 070fe0d678612b4ec8447a07ead0990a0abd908ce714388720e7fd7055bf1175, id = 20f5e74f-9f94-431b-877c-9b0d78a1d4eb, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea reference_sample = b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8df69968ddfec5821500949015192b6cdbc188c74f785a272effd7bc9707f661, id = 71e487ea-a592-469c-a03e-0c64d2549e74, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f reference_sample = 48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e99805e8917d6526031270b6da5c2f3cc1c8235fed1d47134835a107d0df497c, id = e6d75e6f-aa04-4767-8730-6909958044a7, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f reference_sample = 9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 070fe0d678612b4ec8447a07ead0990a0abd908ce714388720e7fd7055bf1175, id = 20f5e74f-9f94-431b-877c-9b0d78a1d4eb, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea reference_sample = b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8df69968ddfec5821500949015192b6cdbc188c74f785a272effd7bc9707f661, id = 71e487ea-a592-469c-a03e-0c64d2549e74, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f reference_sample = 48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e99805e8917d6526031270b6da5c2f3cc1c8235fed1d47134835a107d0df497c, id = e6d75e6f-aa04-4767-8730-6909958044a7, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f reference_sample = 9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 070fe0d678612b4ec8447a07ead0990a0abd908ce714388720e7fd7055bf1175, id = 20f5e74f-9f94-431b-877c-9b0d78a1d4eb, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal88.spre.troj.linELF@0/0@2/0

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: V8Y8niXzmL.elf, type: SAMPLE

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: V8Y8niXzmL.elf, type: SAMPLE

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
91.92.240.85	unknown	Bulgaria		34368	THEZONEBG	true

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.24	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
91.92.240.85:23	true		unknown

AV Detection

Found malware configuration

Source: V8Y8niXzmL.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "91.92.240.85:23"}

Multi AV Scanner detection for submitted file

Source: V8Y8niXzmL.elf	ReversingLabs: Detection: 71%
Source: V8Y8niXzmL.elf	Virustotal: Detection: 59%			Perma Link

Machine Learning detection for sample

Source: V8Y8niXzmL.elf

Joe Sandbox ML: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/V8Y8niXzmL.elf (PID: 5451)

Opens: /proc/net/route

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37794 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37796 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37798 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37800 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37802 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37804 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37806 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37808 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37810 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37812 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37814 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37816 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37818 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37820 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37822 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37824 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37826 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37828 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37830 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37832 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37834 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37836 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37838 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37840 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37842 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37844 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37846 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37848 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37850 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37852 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37854 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37856 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37858 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37860 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37862 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37864 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37866 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37868 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37870 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37872 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37874 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37876 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37878 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37880 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37882 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37884 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37886 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37888 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37890 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37892 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37894 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37896 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37898 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37900 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37902 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37904 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37906 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37908 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37910 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37912 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37914 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37916 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37918 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37920 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37922 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37924 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37926 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37928 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37930 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37932 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37934 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37936 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37938 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37940 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37942 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37944 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37946 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37948 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37950 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37952 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37954 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37956 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37958 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37960 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37962 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37964 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37966 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37968 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37970 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37972 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37974 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37976 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37978 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37980 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37982 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37984 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37986 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37988 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37990 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37992 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37994 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37996 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:37998 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38000 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38002 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38004 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38006 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38008 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38010 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38012 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38014 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38016 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38018 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38020 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38022 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38024 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38026 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38028 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38030 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38032 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38034 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38036 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38038 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38040 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38042 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38044 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38046 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38048 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38050 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38052 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38054 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38056 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38058 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38060 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38062 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38064 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38066 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38068 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38070 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38072 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38074 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38076 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38078 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38080 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38082 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38084 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38086 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38088 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38090 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38092 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38094 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38096 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38098 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38100 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38102 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38104 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38106 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38108 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38110 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38112 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38114 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38116 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38118 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38120 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38122 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38124 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38126 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38128 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38130 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38132 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38134 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38136 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38138 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38140 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38142 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38144 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38146 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38148 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38150 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38152 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38154 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38156 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38158 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38160 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38162 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38164 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38166 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38168 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38170 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38172 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38174 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38176 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38178 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38180 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38182 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38184 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38186 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38188 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38190 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38192 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38194 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38196 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38198 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38200 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38202 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38204 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38206 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38208 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38210 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38212 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38214 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38216 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38218 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38220 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38222 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38224 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38226 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38228 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38230 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38232 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38234 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38236 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38238 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38240 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38242 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38244 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38246 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38248 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38250 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38252 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38254 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38256 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38258 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38260 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38262 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38264 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38266 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38268 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38270 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38272 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38274 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38276 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38278 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38280 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38282 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38284 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38286 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38288 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38290 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38292 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38294 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38296 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38298 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38300 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38302 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38304 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38306 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38308 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38310 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38312 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38314 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38316 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38318 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38320 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38322 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38324 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38326 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38328 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38330 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38332 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38334 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38336 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38338 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38340 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38342 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38344 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38346 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38348 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38350 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38352 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38354 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38356 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38358 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38360 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38362 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38364 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38366 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38368 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38370 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38372 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38374 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38376 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38378 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38380 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38382 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38384 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38386 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38388 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38390 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38392 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38394 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38396 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38398 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38400 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38402 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38404 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38406 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38408 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38410 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38412 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38414 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38416 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38418 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38420 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38422 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38424 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38426 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38428 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38430 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38432 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38434 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38436 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38438 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38440 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38442 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38444 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38446 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38448 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38450 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38452 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38454 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38456 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38458 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38460 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38462 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38464 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38466 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38468 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38470 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38472 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38474 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38476 -> 91.92.240.85:23
Source: Traffic	Snort IDS: 2840333 ETPRO TROJAN ELF/BASHLITE Variant CnC Activity 192.168.2.13:38478 -> 91.92.240.85:23

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.240.85

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: V8Y8niXzmL.elf

String found in binary or memory: http://91.92.240.85/bins.sh;

System Summary

Malicious sample detected (through community Yara rule)

Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_71e487ea Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_20f5e74f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown

Sample and/or dropped files contains symbols with suspicious names

Source: V8Y8niXzmL.elf	ELF static info symbol of initial sample: passwords
Source: V8Y8niXzmL.elf	ELF static info symbol of initial sample: usernames

Yara signature match

Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_71e487ea reference_sample = b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8df69968ddfec5821500949015192b6cdbc188c74f785a272effd7bc9707f661, id = 71e487ea-a592-469c-a03e-0c64d2549e74, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f reference_sample = 48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e99805e8917d6526031270b6da5c2f3cc1c8235fed1d47134835a107d0df497c, id = e6d75e6f-aa04-4767-8730-6909958044a7, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_20f5e74f reference_sample = 9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 070fe0d678612b4ec8447a07ead0990a0abd908ce714388720e7fd7055bf1175, id = 20f5e74f-9f94-431b-877c-9b0d78a1d4eb, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: V8Y8niXzmL.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea reference_sample = b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8df69968ddfec5821500949015192b6cdbc188c74f785a272effd7bc9707f661, id = 71e487ea-a592-469c-a03e-0c64d2549e74, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f reference_sample = 48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e99805e8917d6526031270b6da5c2f3cc1c8235fed1d47134835a107d0df497c, id = e6d75e6f-aa04-4767-8730-6909958044a7, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f reference_sample = 9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 070fe0d678612b4ec8447a07ead0990a0abd908ce714388720e7fd7055bf1175, id = 20f5e74f-9f94-431b-877c-9b0d78a1d4eb, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: 5451.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_71e487ea reference_sample = b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8df69968ddfec5821500949015192b6cdbc188c74f785a272effd7bc9707f661, id = 71e487ea-a592-469c-a03e-0c64d2549e74, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e6d75e6f reference_sample = 48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e99805e8917d6526031270b6da5c2f3cc1c8235fed1d47134835a107d0df497c, id = e6d75e6f-aa04-4767-8730-6909958044a7, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_20f5e74f reference_sample = 9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 070fe0d678612b4ec8447a07ead0990a0abd908ce714388720e7fd7055bf1175, id = 20f5e74f-9f94-431b-877c-9b0d78a1d4eb, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal88.spre.troj.linELF@0/0@2/0

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: V8Y8niXzmL.elf, type: SAMPLE

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: V8Y8niXzmL.elf, type: SAMPLE

ID:	1446379
Product:	CloudBasic
Start time:	11:09:28
Start date:	23.05.2024
Sample:	V8Y8niXzmL.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	e55d75e516e2eb484929c399aa79aa33
SHA1:	27a7b8a3d255799f08c795c32f8637ebe92da11c
SHA256:	c42028a99920f03cb36155ec2525276e6adfa023bbcfc4f0a110221d6d028453
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report V8Y8niXzmL.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Spreading

Networking

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
V8Y8niXzmL.elf

Malware Threat Intel
Provided by