Edit tour

Linux Analysis Report
harm5.elf

Overview

General Information

Sample name:	harm5.elf
Analysis ID:	1546689
MD5:	da8a02f5d1090c3633e860e3ed5b7d23
SHA1:	b967c6f02bcf7680f023f8f4d8142710620cb076
SHA256:	c33d2a74c0eaaa11eb17a1e1e748eca205c749cf4cc7a5744b13080b2518db5a
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546689
Start date and time:	2024-11-01 13:27:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	harm5.elf
Detection:	MAL
Classification:	mal52.troj.linELF@0/0@23/0

Warnings

VT rate limit hit for: harm5.elf

Runtime Messages

Command:	/tmp/harm5.elf
PID:	6249
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	you are now apart of hail cock botnet
Standard Error:

Process Tree

system is lnxubuntu20

harm5.elf (PID: 6249, Parent: 6175, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/harm5.elf

harm5.elf New Fork (PID: 6251, Parent: 6249)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: harm5.elf

ReversingLabs: Detection: 13%

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 31.13.248.89 ports 1,3,6,7,8,16738
Source: global traffic	TCP traffic: 88.151.195.22 ports 12472,0,1,3,4,11304
Source: global traffic	TCP traffic: 91.149.238.18 ports 0,3,2444,6,8,6308

Source: global traffic	TCP traffic: 192.168.2.23:52674 -> 217.28.130.41:16466
Source: global traffic	TCP traffic: 192.168.2.23:43390 -> 91.149.218.232:1512
Source: global traffic	TCP traffic: 192.168.2.23:57850 -> 81.29.149.178:2457
Source: global traffic	TCP traffic: 192.168.2.23:57182 -> 91.149.238.18:6308
Source: global traffic	TCP traffic: 192.168.2.23:41960 -> 213.182.204.57:19908
Source: global traffic	TCP traffic: 192.168.2.23:60450 -> 31.13.248.89:16738
Source: global traffic	TCP traffic: 192.168.2.23:57136 -> 88.151.195.22:11304
Source: global traffic	TCP traffic: 192.168.2.23:47814 -> 86.107.100.80:9841

Source: /tmp/harm5.elf (PID: 6249)

Socket: 127.0.0.1:1172

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203

Source: global traffic

DNS traffic detected: DNS query: kingstonwikkerink.dyn

Source: harm5.elf, 6249.1.00007ff99002e000.00007ff990031000.rw-.sdmp

String found in binary or memory: http://hailcocks.ru/wget.sh;

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal52.troj.linELF@0/0@23/0

Source: /tmp/harm5.elf (PID: 6249)

Queries kernel information via 'uname':

Jump to behavior

Source: harm5.elf, 6249.1.000055ff5f83c000.000055ff5f9b2000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: harm5.elf, 6249.1.000055ff5f83c000.000055ff5f9b2000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: harm5.elf, 6249.1.00007fff7f31c000.00007fff7f33d000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: harm5.elf, 6249.1.00007fff7f31c000.00007fff7f33d000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/harm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/harm5.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
harm5.elf	13%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kingstonwikkerink.dyn	91.149.238.18	true	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hailcocks.ru/wget.sh;	harm5.elf, 6249.1.00007ff99002e000.00007ff990031000.rw-.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
217.28.130.41	unknown	United Kingdom	15839	COBWEB-NETGB	false
213.182.204.57	unknown	Latvia	9009	M247GB	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.149.218.232	unknown	Poland	198401	GECKONET-ASPL	false
31.13.248.89	unknown	Bulgaria	34224	NETERRA-ASBG	true
86.107.100.80	unknown	Romania	38995	AMG-ASRO	false
88.151.195.22	unknown	Azerbaijan	15723	AZERONLINEAZ	true
81.29.149.178	unknown	Switzerland	39616	COMUNICA_IT_SERVICESCH	false
91.149.238.18	kingstonwikkerink.dyn	Poland	41952	MARTON-ASPL	true
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
217.28.130.41	harm4.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
213.182.204.57	harm4.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	nshmpsl.elf	Get hash	malicious	Unknown	Browse
	nsharm.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.149.218.232	harm4.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Mirai	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
31.13.248.89	harm4.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Mirai	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Mirai	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
kingstonwikkerink.dyn	harm4.elf	Get hash	malicious	Mirai	Browse	213.182.204.57
	harm5.elf	Get hash	malicious	Mirai	Browse	217.28.130.41
	harm5.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	harm4.elf	Get hash	malicious	Unknown	Browse	31.13.248.89
	mips.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	arm4.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	arm5.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	x86.elf	Get hash	malicious	Mirai	Browse	88.151.195.22
	x86.elf	Get hash	malicious	Unknown	Browse	195.133.92.51
	arm5.elf	Get hash	malicious	Unknown	Browse	185.82.200.181

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	harm4.elf	Get hash	malicious	Mirai	Browse	213.182.204.57
	harm5.elf	Get hash	malicious	Mirai	Browse	213.182.204.57
	g5tO58gHku.exe	Get hash	malicious	AsyncRAT	Browse	45.74.34.32
	harm5.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	harm4.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	mips.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	arm4.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	bxUX6ztvg2.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	45.74.34.32
	nOrden_de_Compra___0001245.vbs	Get hash	malicious	Remcos, GuLoader	Browse	185.236.203.101
	wZU2edEGL3.elf	Get hash	malicious	Unknown	Browse	38.203.241.135
INIT7CH	boatnet.spc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.arm6.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.x86.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	harm5.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	linux_ppc64.elf	Get hash	malicious	Chaos	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	armv6l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
GECKONET-ASPL	harm4.elf	Get hash	malicious	Mirai	Browse	91.149.218.232
	harm5.elf	Get hash	malicious	Mirai	Browse	91.149.218.232
	harm5.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	harm4.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	mips.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	arm4.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	arm5.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	x86.elf	Get hash	malicious	Mirai	Browse	91.149.218.232
	x86.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	arm5.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
COBWEB-NETGB	harm4.elf	Get hash	malicious	Mirai	Browse	217.28.130.41
	harm5.elf	Get hash	malicious	Mirai	Browse	217.28.130.41
	harm5.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	mips.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	arm5.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	UiodpDMy4N.elf	Get hash	malicious	Unknown	Browse	217.28.142.8
	miori.arm	Get hash	malicious	Mirai	Browse	217.28.142.91
	Iw6uyVeTY4	Get hash	malicious	Mirai	Browse	217.28.142.95
	x86	Get hash	malicious	Mirai	Browse	217.28.142.99
	kEZpozRREF	Get hash	malicious	Mirai	Browse	217.28.142.97

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	6.106418881718192
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	harm5.elf
File size:	60'268 bytes
MD5:	da8a02f5d1090c3633e860e3ed5b7d23
SHA1:	b967c6f02bcf7680f023f8f4d8142710620cb076
SHA256:	c33d2a74c0eaaa11eb17a1e1e748eca205c749cf4cc7a5744b13080b2518db5a
SHA512:	38ee5c35d660213217314d8d1a99da19e1a063c66501145df40424ba4a2850a3b059d3c97ba060e2c607a695498499b71a4b2ef8cfbbc171abaf84d9857023d8
SSDEEP:	768:9wopuRouWN5dpIdl7k+N7GuP7CMA3VC+QcG4NrWFDNKdFp+MKf0vqFBrr4yd1Iuj:lpBNIIsGM7CSjFhKHK4WrrnddG
TLSH:	F9434B81BD815A13C6D422BAFB6E428D372613A8D2EF3307DD296F11738692F0E77651
File Content Preview:	.ELF...a..........(.........4...........4. ...(.........................................................l%..........Q.td..................................-...L."...b4..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x2
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	59828
Section Header Size:	40
Number of Section Headers:	11
Header String Table Index:	10

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0xd1c0	0x0	0x6	AX	16
.fini	PROGBITS	0x15270	0xd270	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x15284	0xd284	0x1358	0x0	0x2	A	4
.eh_frame	PROGBITS	0x165dc	0xe5dc	0x4	0x0	0x2	A	4
.ctors	PROGBITS	0x1e5e0	0xe5e0	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1e5e8	0xe5e8	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1e5f4	0xe5f4	0x378	0x0	0x3	WA	4
.bss	NOBITS	0x1e96c	0xe96c	0x21e0	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xe96c	0x48	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0xe5e0	0xe5e0	6.1460	0x5	R E	0x8000	.init .text .fini .rodata .eh_frame
LOAD	0xe5e0	0x1e5e0	0x1e5e0	0x38c	0x256c	2.8095	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2024 13:27:53.150460958 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:53.155478001 CET	16466	52674	217.28.130.41	192.168.2.23
Nov 1, 2024 13:27:53.155545950 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:53.155740023 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:53.160875082 CET	16466	52674	217.28.130.41	192.168.2.23
Nov 1, 2024 13:27:53.160950899 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:53.165859938 CET	16466	52674	217.28.130.41	192.168.2.23
Nov 1, 2024 13:27:53.836729050 CET	16466	52674	217.28.130.41	192.168.2.23
Nov 1, 2024 13:27:53.836749077 CET	16466	52674	217.28.130.41	192.168.2.23
Nov 1, 2024 13:27:53.836993933 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:53.836994886 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:53.837322950 CET	52674	16466	192.168.2.23	217.28.130.41
Nov 1, 2024 13:27:55.922264099 CET	43928	443	192.168.2.23	91.189.91.42
Nov 1, 2024 13:28:01.297629118 CET	42836	443	192.168.2.23	91.189.91.43
Nov 1, 2024 13:28:02.577321053 CET	42516	80	192.168.2.23	109.202.202.202
Nov 1, 2024 13:28:03.873260021 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:03.878114939 CET	1512	43390	91.149.218.232	192.168.2.23
Nov 1, 2024 13:28:03.878187895 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:03.878247976 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:03.883023024 CET	1512	43390	91.149.218.232	192.168.2.23
Nov 1, 2024 13:28:03.883099079 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:03.888003111 CET	1512	43390	91.149.218.232	192.168.2.23
Nov 1, 2024 13:28:04.842369080 CET	1512	43390	91.149.218.232	192.168.2.23
Nov 1, 2024 13:28:04.842468977 CET	1512	43390	91.149.218.232	192.168.2.23
Nov 1, 2024 13:28:04.842672110 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:04.842710018 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:04.842804909 CET	43390	1512	192.168.2.23	91.149.218.232
Nov 1, 2024 13:28:15.887465954 CET	43928	443	192.168.2.23	91.189.91.42
Nov 1, 2024 13:28:24.897123098 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:24.903158903 CET	2457	57850	81.29.149.178	192.168.2.23
Nov 1, 2024 13:28:24.903214931 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:24.903270960 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:24.908504963 CET	2457	57850	81.29.149.178	192.168.2.23
Nov 1, 2024 13:28:24.908556938 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:24.913395882 CET	2457	57850	81.29.149.178	192.168.2.23
Nov 1, 2024 13:28:25.935003996 CET	2457	57850	81.29.149.178	192.168.2.23
Nov 1, 2024 13:28:25.935035944 CET	2457	57850	81.29.149.178	192.168.2.23
Nov 1, 2024 13:28:25.935139894 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:25.935139894 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:25.935265064 CET	57850	2457	192.168.2.23	81.29.149.178
Nov 1, 2024 13:28:28.173775911 CET	42836	443	192.168.2.23	91.189.91.43
Nov 1, 2024 13:28:32.269115925 CET	42516	80	192.168.2.23	109.202.202.202
Nov 1, 2024 13:28:36.200048923 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:36.204973936 CET	6308	57182	91.149.238.18	192.168.2.23
Nov 1, 2024 13:28:36.205023050 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:36.205071926 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:36.209907055 CET	6308	57182	91.149.238.18	192.168.2.23
Nov 1, 2024 13:28:36.209956884 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:36.214721918 CET	6308	57182	91.149.238.18	192.168.2.23
Nov 1, 2024 13:28:37.149174929 CET	6308	57182	91.149.238.18	192.168.2.23
Nov 1, 2024 13:28:37.149192095 CET	6308	57182	91.149.238.18	192.168.2.23
Nov 1, 2024 13:28:37.149200916 CET	6308	57182	91.149.238.18	192.168.2.23
Nov 1, 2024 13:28:37.149452925 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:37.149452925 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:37.149452925 CET	57182	6308	192.168.2.23	91.149.238.18
Nov 1, 2024 13:28:42.178237915 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:42.183175087 CET	19908	41960	213.182.204.57	192.168.2.23
Nov 1, 2024 13:28:42.183224916 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:42.183263063 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:42.188107967 CET	19908	41960	213.182.204.57	192.168.2.23
Nov 1, 2024 13:28:42.188155890 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:42.193088055 CET	19908	41960	213.182.204.57	192.168.2.23
Nov 1, 2024 13:28:43.163630962 CET	19908	41960	213.182.204.57	192.168.2.23
Nov 1, 2024 13:28:43.163662910 CET	19908	41960	213.182.204.57	192.168.2.23
Nov 1, 2024 13:28:43.163759947 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:43.163759947 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:43.163805962 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:43.164180040 CET	19908	41960	213.182.204.57	192.168.2.23
Nov 1, 2024 13:28:43.164232969 CET	41960	19908	192.168.2.23	213.182.204.57
Nov 1, 2024 13:28:56.841784000 CET	43928	443	192.168.2.23	91.189.91.42
Nov 1, 2024 13:28:58.204842091 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:28:58.210105896 CET	16738	60450	31.13.248.89	192.168.2.23
Nov 1, 2024 13:28:58.210177898 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:28:58.210217953 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:28:58.215064049 CET	16738	60450	31.13.248.89	192.168.2.23
Nov 1, 2024 13:28:58.215126038 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:28:58.220019102 CET	16738	60450	31.13.248.89	192.168.2.23
Nov 1, 2024 13:28:59.308872938 CET	16738	60450	31.13.248.89	192.168.2.23
Nov 1, 2024 13:28:59.308886051 CET	16738	60450	31.13.248.89	192.168.2.23
Nov 1, 2024 13:28:59.308962107 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:28:59.308962107 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:28:59.309184074 CET	60450	16738	192.168.2.23	31.13.248.89
Nov 1, 2024 13:29:09.344238997 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:09.349119902 CET	2444	54702	91.149.238.18	192.168.2.23
Nov 1, 2024 13:29:09.349205017 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:09.349248886 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:09.354054928 CET	2444	54702	91.149.238.18	192.168.2.23
Nov 1, 2024 13:29:09.354110956 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:09.358973026 CET	2444	54702	91.149.238.18	192.168.2.23
Nov 1, 2024 13:29:10.289788008 CET	2444	54702	91.149.238.18	192.168.2.23
Nov 1, 2024 13:29:10.289808035 CET	2444	54702	91.149.238.18	192.168.2.23
Nov 1, 2024 13:29:10.289922953 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:10.289922953 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:10.289995909 CET	54702	2444	192.168.2.23	91.149.238.18
Nov 1, 2024 13:29:15.383572102 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:15.388401985 CET	11304	57136	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:15.388457060 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:15.388489962 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:15.393475056 CET	11304	57136	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:15.393532038 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:15.399352074 CET	11304	57136	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:16.481559038 CET	11304	57136	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:16.481695890 CET	11304	57136	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:16.481827021 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:16.481827021 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:16.481940985 CET	57136	11304	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:26.562623024 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:26.567498922 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:26.567579031 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:26.567579031 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:26.572469950 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:26.572535992 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:26.577404976 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:28.162095070 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:28.162112951 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:28.162267923 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:28.162359953 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:28.162360907 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:28.162360907 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:28.162465096 CET	9841	47814	86.107.100.80	192.168.2.23
Nov 1, 2024 13:29:28.162575960 CET	47814	9841	192.168.2.23	86.107.100.80
Nov 1, 2024 13:29:33.193025112 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.197877884 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.197973013 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.197973013 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.202855110 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.202914953 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.207712889 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.878859997 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.878873110 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.878885984 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.879012108 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.879012108 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.879040956 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.879069090 CET	12788	34642	217.28.130.41	192.168.2.23
Nov 1, 2024 13:29:33.879117966 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:33.879173994 CET	34642	12788	192.168.2.23	217.28.130.41
Nov 1, 2024 13:29:43.921627045 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:43.926630020 CET	20305	32860	91.149.218.232	192.168.2.23
Nov 1, 2024 13:29:43.926707029 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:43.926759958 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:43.931616068 CET	20305	32860	91.149.218.232	192.168.2.23
Nov 1, 2024 13:29:43.931701899 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:43.936552048 CET	20305	32860	91.149.218.232	192.168.2.23
Nov 1, 2024 13:29:44.872317076 CET	20305	32860	91.149.218.232	192.168.2.23
Nov 1, 2024 13:29:44.872330904 CET	20305	32860	91.149.218.232	192.168.2.23
Nov 1, 2024 13:29:44.872699022 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:44.872770071 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:44.872885942 CET	32860	20305	192.168.2.23	91.149.218.232
Nov 1, 2024 13:29:54.897258997 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:54.902144909 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:54.902256012 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:54.902256012 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:54.907129049 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:54.907216072 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:54.912054062 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:56.013057947 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:56.013072968 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:56.013086081 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:56.013094902 CET	12472	60350	88.151.195.22	192.168.2.23
Nov 1, 2024 13:29:56.013371944 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:56.013437033 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:56.013437033 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:56.013473988 CET	60350	12472	192.168.2.23	88.151.195.22
Nov 1, 2024 13:29:56.013473988 CET	60350	12472	192.168.2.23	88.151.195.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2024 13:27:53.110821962 CET	36328	53	192.168.2.23	217.160.70.42
Nov 1, 2024 13:27:53.137927055 CET	53	36328	217.160.70.42	192.168.2.23
Nov 1, 2024 13:27:58.838949919 CET	38168	53	192.168.2.23	5.161.109.23
Nov 1, 2024 13:28:03.844727039 CET	44334	53	192.168.2.23	81.169.136.222
Nov 1, 2024 13:28:03.872375965 CET	53	44334	81.169.136.222	192.168.2.23
Nov 1, 2024 13:28:09.845536947 CET	57921	53	192.168.2.23	64.176.6.48
Nov 1, 2024 13:28:14.851531029 CET	57639	53	192.168.2.23	64.176.6.48
Nov 1, 2024 13:28:19.857378960 CET	47928	53	192.168.2.23	5.161.109.23
Nov 1, 2024 13:28:24.863234997 CET	60545	53	192.168.2.23	185.181.61.24
Nov 1, 2024 13:28:24.896522045 CET	53	60545	185.181.61.24	192.168.2.23
Nov 1, 2024 13:28:30.937283039 CET	39222	53	192.168.2.23	5.161.109.23
Nov 1, 2024 13:28:35.939510107 CET	55767	53	192.168.2.23	185.181.61.24
Nov 1, 2024 13:28:36.199143887 CET	53	55767	185.181.61.24	192.168.2.23
Nov 1, 2024 13:28:42.151192904 CET	47024	53	192.168.2.23	65.21.1.106
Nov 1, 2024 13:28:42.177853107 CET	53	47024	65.21.1.106	192.168.2.23
Nov 1, 2024 13:28:48.165786028 CET	38759	53	192.168.2.23	64.176.6.48
Nov 1, 2024 13:28:53.171283960 CET	39437	53	192.168.2.23	178.254.22.166
Nov 1, 2024 13:28:58.177011967 CET	55290	53	192.168.2.23	217.160.70.42
Nov 1, 2024 13:28:58.204272985 CET	53	55290	217.160.70.42	192.168.2.23
Nov 1, 2024 13:29:04.310363054 CET	41270	53	192.168.2.23	178.254.22.166
Nov 1, 2024 13:29:09.316484928 CET	50816	53	192.168.2.23	217.160.70.42
Nov 1, 2024 13:29:09.343447924 CET	53	50816	217.160.70.42	192.168.2.23
Nov 1, 2024 13:29:15.292160034 CET	60614	53	192.168.2.23	168.235.111.72
Nov 1, 2024 13:29:15.383023977 CET	53	60614	168.235.111.72	192.168.2.23
Nov 1, 2024 13:29:21.484097004 CET	57264	53	192.168.2.23	64.176.6.48
Nov 1, 2024 13:29:26.486957073 CET	39897	53	192.168.2.23	80.152.203.134
Nov 1, 2024 13:29:26.561990976 CET	53	39897	80.152.203.134	192.168.2.23
Nov 1, 2024 13:29:33.164486885 CET	53625	53	192.168.2.23	81.169.136.222
Nov 1, 2024 13:29:33.192217112 CET	53	53625	81.169.136.222	192.168.2.23
Nov 1, 2024 13:29:38.881730080 CET	35541	53	192.168.2.23	5.161.109.23
Nov 1, 2024 13:29:43.887674093 CET	37017	53	192.168.2.23	185.181.61.24
Nov 1, 2024 13:29:43.920973063 CET	53	37017	185.181.61.24	192.168.2.23
Nov 1, 2024 13:29:49.874703884 CET	40885	53	192.168.2.23	5.161.109.23
Nov 1, 2024 13:29:54.880565882 CET	59636	53	192.168.2.23	51.158.108.203
Nov 1, 2024 13:29:54.896641016 CET	53	59636	51.158.108.203	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 1, 2024 13:27:53.110821962 CET	192.168.2.23	217.160.70.42	0x1666	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:58.838949919 CET	192.168.2.23	5.161.109.23	0x306d	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.844727039 CET	192.168.2.23	81.169.136.222	0x35b1	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:09.845536947 CET	192.168.2.23	64.176.6.48	0x8aa2	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:14.851531029 CET	192.168.2.23	64.176.6.48	0x12a8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:19.857378960 CET	192.168.2.23	5.161.109.23	0x84ce	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.863234997 CET	192.168.2.23	185.181.61.24	0x40e8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:30.937283039 CET	192.168.2.23	5.161.109.23	0x1a5a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:35.939510107 CET	192.168.2.23	185.181.61.24	0x6bff	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.151192904 CET	192.168.2.23	65.21.1.106	0xc955	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:48.165786028 CET	192.168.2.23	64.176.6.48	0x71df	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:53.171283960 CET	192.168.2.23	178.254.22.166	0x18e9	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.177011967 CET	192.168.2.23	217.160.70.42	0x1af2	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:04.310363054 CET	192.168.2.23	178.254.22.166	0x75e9	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.316484928 CET	192.168.2.23	217.160.70.42	0xef78	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.292160034 CET	192.168.2.23	168.235.111.72	0xdf67	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:21.484097004 CET	192.168.2.23	64.176.6.48	0x3a74	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.486957073 CET	192.168.2.23	80.152.203.134	0xd6d	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.164486885 CET	192.168.2.23	81.169.136.222	0x77e6	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:38.881730080 CET	192.168.2.23	5.161.109.23	0x1ae7	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.887674093 CET	192.168.2.23	185.181.61.24	0x71c5	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:49.874703884 CET	192.168.2.23	5.161.109.23	0x6e8e	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.880565882 CET	192.168.2.23	51.158.108.203	0x4160	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:27:53.137927055 CET	217.160.70.42	192.168.2.23	0x1666	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:03.872375965 CET	81.169.136.222	192.168.2.23	0x35b1	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:24.896522045 CET	185.181.61.24	192.168.2.23	0x40e8	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:36.199143887 CET	185.181.61.24	192.168.2.23	0x6bff	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:42.177853107 CET	65.21.1.106	192.168.2.23	0xc955	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:28:58.204272985 CET	217.160.70.42	192.168.2.23	0x1af2	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:09.343447924 CET	217.160.70.42	192.168.2.23	0xef78	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:15.383023977 CET	168.235.111.72	192.168.2.23	0xdf67	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:26.561990976 CET	80.152.203.134	192.168.2.23	0xd6d	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:33.192217112 CET	81.169.136.222	192.168.2.23	0x77e6	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:43.920973063 CET	185.181.61.24	192.168.2.23	0x71c5	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	217.28.130.41	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Nov 1, 2024 13:29:54.896641016 CET	51.158.108.203	192.168.2.23	0x4160	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: harm5.elf PID: 6249, Parent PID: 6175

General

Start time (UTC):	12:27:52
Start date (UTC):	01/11/2024
Path:	/tmp/harm5.elf
Arguments:	/tmp/harm5.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: harm5.elf PID: 6251, Parent PID: 6249

General

Start time (UTC):	12:27:52
Start date (UTC):	01/11/2024
Path:	/tmp/harm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report harm5.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: harm5.elf PID: 6249, Parent PID: 6175

General

Chronological Activities

Analysis Process: harm5.elf PID: 6251, Parent PID: 6249

General

Chronological Activities

Linux Analysis Report
harm5.elf