Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
bot.x86_64.elf

Overview

General Information

Sample name:bot.x86_64.elf
Analysis ID:1577744
MD5:40441cd25f19fe8f6ab3129f1430dcb5
SHA1:d276d4ba83538119f92cb4144594dd488e4931c3
SHA256:f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai, Gafgyt, Okiru
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gafgyt
Yara detected Mirai
Yara detected Okiru
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1577744
Start date and time:2024-12-18 17:58:34 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:bot.x86_64.elf
Detection:MAL
Classification:mal100.troj.linELF@0/0@17/0
  • VT rate limit hit for: bot.x86_64.elf
Command:/tmp/bot.x86_64.elf
PID:5537
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:
  • system is lnxubuntu20
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite
SourceRuleDescriptionAuthorStrings
bot.x86_64.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    bot.x86_64.elfJoeSecurity_OkiruYara detected OkiruJoe Security
      bot.x86_64.elfJoeSecurity_Mirai_3Yara detected MiraiJoe Security
        bot.x86_64.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          bot.x86_64.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0x17480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1750c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1755c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          Click to see the 15 entries
          SourceRuleDescriptionAuthorStrings
          5537.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
            5537.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
              5537.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_Mirai_3Yara detected MiraiJoe Security
                5537.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
                  5537.1.0000000000400000.000000000041b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
                  • 0x17480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x1750c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x1755c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  Click to see the 20 entries
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-18T17:59:21.572932+010020304901Malware Command and Control Activity Detected192.168.2.1534660154.213.187.10647925TCP
                  2024-12-18T17:59:32.222816+010020304901Malware Command and Control Activity Detected192.168.2.1534662154.213.187.10647925TCP
                  2024-12-18T17:59:36.860777+010020304901Malware Command and Control Activity Detected192.168.2.1534664154.213.187.10647925TCP
                  2024-12-18T17:59:48.429711+010020304901Malware Command and Control Activity Detected192.168.2.1534666154.213.187.10647925TCP
                  2024-12-18T17:59:59.057498+010020304901Malware Command and Control Activity Detected192.168.2.1534668154.213.187.10647925TCP
                  2024-12-18T18:00:11.655125+010020304901Malware Command and Control Activity Detected192.168.2.1534670154.213.187.10647925TCP
                  2024-12-18T18:00:18.089692+010020304901Malware Command and Control Activity Detected192.168.2.1534672154.213.187.10647925TCP
                  2024-12-18T18:00:21.506155+010020304901Malware Command and Control Activity Detected192.168.2.1534674154.213.187.10647925TCP
                  2024-12-18T18:00:26.931439+010020304901Malware Command and Control Activity Detected192.168.2.1534676154.213.187.10647925TCP
                  2024-12-18T18:00:32.362967+010020304901Malware Command and Control Activity Detected192.168.2.1534678154.213.187.10647925TCP
                  2024-12-18T18:00:38.940666+010020304901Malware Command and Control Activity Detected192.168.2.1534680154.213.187.10647925TCP
                  2024-12-18T18:00:41.526039+010020304901Malware Command and Control Activity Detected192.168.2.1534682154.213.187.10647925TCP
                  2024-12-18T18:00:49.970771+010020304901Malware Command and Control Activity Detected192.168.2.1534684154.213.187.10647925TCP
                  2024-12-18T18:00:58.671440+010020304901Malware Command and Control Activity Detected192.168.2.1534686154.213.187.10647925TCP
                  2024-12-18T18:01:03.285089+010020304901Malware Command and Control Activity Detected192.168.2.1534688154.213.187.10647925TCP
                  2024-12-18T18:01:09.713909+010020304901Malware Command and Control Activity Detected192.168.2.1534690154.213.187.10647925TCP
                  2024-12-18T18:01:19.365786+010020304901Malware Command and Control Activity Detected192.168.2.1534692154.213.187.10647925TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: bot.x86_64.elfAvira: detected
                  Source: bot.x86_64.elfReversingLabs: Detection: 52%
                  Source: bot.x86_64.elfJoe Sandbox ML: detected
                  Source: bot.x86_64.elfString: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f

                  Networking

                  barindex
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34666 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34678 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34668 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34660 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34674 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34672 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34686 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34664 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34684 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34670 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34676 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34680 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34690 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34692 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34662 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34682 -> 154.213.187.106:47925
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34688 -> 154.213.187.106:47925
                  Source: global trafficTCP traffic: 154.213.187.106 ports 47925,2,4,5,7,9
                  Source: global trafficTCP traffic: 192.168.2.15:34660 -> 154.213.187.106:47925
                  Source: global trafficDNS traffic detected: DNS query: botnet.sharkcdn.net

                  System Summary

                  barindex
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
                  Source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
                  Source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
                  Source: Initial sampleString containing 'busybox' found: /bin/busybox
                  Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f
                  Source: ELF static info symbol of initial sample.symtab present: no
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
                  Source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
                  Source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
                  Source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
                  Source: classification engineClassification label: mal100.troj.linELF@0/0@17/0
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/110/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/231/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/111/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/112/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/233/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/113/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/114/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/235/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/115/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1333/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/116/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1695/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/117/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/118/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/119/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/911/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/914/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/10/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/917/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/11/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/12/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/13/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/14/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/15/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/16/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/17/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/18/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/19/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1591/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/120/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/121/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/122/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/243/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/2/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/123/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/3/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/124/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1588/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/125/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/4/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/246/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/126/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/5/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/127/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/6/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1585/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/128/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/7/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/129/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/8/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/800/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/9/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/802/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/803/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/804/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/20/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/21/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/3407/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/22/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/23/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/24/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/25/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/26/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/27/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/28/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/29/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1484/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/490/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/250/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/130/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/251/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/131/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/132/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/133/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1479/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/378/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/258/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/259/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/931/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1595/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/812/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/933/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/30/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/3419/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/35/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/3310/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/260/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/261/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/262/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/142/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/263/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/264/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/265/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/145/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/266/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/267/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/268/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/3303/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/269/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1486/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/1806/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/3440/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/270/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5539)File opened: /proc/271/cmdlineJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTR
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTR
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5537.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5537, type: MEMORYSTR
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting
                  Valid AccountsWindows Management Instrumentation1
                  Scripting
                  Path InterceptionDirect Volume Access1
                  OS Credential Dumping
                  System Service DiscoveryRemote ServicesData from Local System1
                  Non-Standard Port
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
                  Non-Application Layer Protocol
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
                  Application Layer Protocol
                  Automated ExfiltrationData Encrypted for Impact
                  No configs have been found
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Number of created Files
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  bot.x86_64.elf53%ReversingLabsLinux.Backdoor.Mirai
                  bot.x86_64.elf100%AviraEXP/ELF.Mirai.Z.A
                  bot.x86_64.elf100%Joe Sandbox ML
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  botnet.sharkcdn.net
                  154.213.187.106
                  truefalse
                    high
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    154.213.187.106
                    botnet.sharkcdn.netSeychelles
                    22769DDOSING-BGP-NETWORKUSfalse
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    154.213.187.106bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                      bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                        bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                          bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              botnet.sharkcdn.netbot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                              • 154.213.187.106
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              DDOSING-BGP-NETWORKUSbot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              • 154.213.187.106
                              bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                              • 154.213.187.106
                              bandwidth_monitor.exeGet hashmaliciousUnknownBrowse
                              • 154.213.184.70
                              BandwidthMonitor.exeGet hashmaliciousUnknownBrowse
                              • 154.213.187.18
                              pXdN91.armv6l.elfGet hashmaliciousMirai, GafgytBrowse
                              • 154.213.187.14
                              arm.elfGet hashmaliciousMirai, MoobotBrowse
                              • 41.93.138.125
                              x-8.6-.Logicnet.elfGet hashmaliciousMiraiBrowse
                              • 154.213.187.62
                              No context
                              No context
                              No created / dropped files found
                              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                              Entropy (8bit):5.285188222428993
                              TrID:
                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                              File name:bot.x86_64.elf
                              File size:143'832 bytes
                              MD5:40441cd25f19fe8f6ab3129f1430dcb5
                              SHA1:d276d4ba83538119f92cb4144594dd488e4931c3
                              SHA256:f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4
                              SHA512:c069a69dfd6f2627e734983f0094d2e946726f90c791277b3ad78d2ec2927d724b0521bc0b08707160e03401a1a1ecbc67261f66bde81772e3a43f52ffe7138a
                              SSDEEP:3072:mTUTfCdO6FFto6M6EwKhc/t/ekNaogMewcgsK027uPOlM:mTUTfCdO6FFto67wwQdAM
                              TLSH:D0E34A07B4C184FDC4DAC1B44B9FF53AED32B0AD1238B16B27D4AE222E59E215F1DA54
                              File Content Preview:.ELF..............>.......@.....@.......X/..........@.8...@.......................@.......@...............................................Q.......Q.....p.......................Q.td....................................................H...._....zk..H........

                              ELF header

                              Class:ELF64
                              Data:2's complement, little endian
                              Version:1 (current)
                              Machine:Advanced Micro Devices X86-64
                              Version Number:0x1
                              Type:EXEC (Executable file)
                              OS/ABI:UNIX - System V
                              ABI Version:0
                              Entry Point Address:0x400194
                              Flags:0x0
                              ELF Header Size:64
                              Program Header Offset:64
                              Program Header Size:56
                              Number of Program Headers:3
                              Section Header Offset:143192
                              Section Header Size:64
                              Number of Section Headers:10
                              Header String Table Index:9
                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                              NULL0x00x00x00x00x0000
                              .initPROGBITS0x4000e80xe80x130x00x6AX001
                              .textPROGBITS0x4001000x1000x16ba60x00x6AX0016
                              .finiPROGBITS0x416ca60x16ca60xe0x00x6AX001
                              .rodataPROGBITS0x416cc00x16cc00x33e00x00x2A0032
                              .ctorsPROGBITS0x51a0a80x1a0a80x180x00x3WA008
                              .dtorsPROGBITS0x51a0c00x1a0c00x100x00x3WA008
                              .dataPROGBITS0x51a0e00x1a0e00x8e380x00x3WA0032
                              .bssNOBITS0x522f200x22f180x72a00x00x3WA0032
                              .shstrtabSTRTAB0x00x22f180x3e0x00x0001
                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                              LOAD0x00x4000000x4000000x1a0a00x1a0a06.41980x5R E0x100000.init .text .fini .rodata
                              LOAD0x1a0a80x51a0a80x51a0a80x8e700x101180.22800x6RW 0x100000.ctors .dtors .data .bss
                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8
                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2024-12-18T17:59:21.572932+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534660154.213.187.10647925TCP
                              2024-12-18T17:59:32.222816+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534662154.213.187.10647925TCP
                              2024-12-18T17:59:36.860777+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534664154.213.187.10647925TCP
                              2024-12-18T17:59:48.429711+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534666154.213.187.10647925TCP
                              2024-12-18T17:59:59.057498+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534668154.213.187.10647925TCP
                              2024-12-18T18:00:11.655125+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534670154.213.187.10647925TCP
                              2024-12-18T18:00:18.089692+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534672154.213.187.10647925TCP
                              2024-12-18T18:00:21.506155+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534674154.213.187.10647925TCP
                              2024-12-18T18:00:26.931439+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534676154.213.187.10647925TCP
                              2024-12-18T18:00:32.362967+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534678154.213.187.10647925TCP
                              2024-12-18T18:00:38.940666+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534680154.213.187.10647925TCP
                              2024-12-18T18:00:41.526039+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534682154.213.187.10647925TCP
                              2024-12-18T18:00:49.970771+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534684154.213.187.10647925TCP
                              2024-12-18T18:00:58.671440+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534686154.213.187.10647925TCP
                              2024-12-18T18:01:03.285089+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534688154.213.187.10647925TCP
                              2024-12-18T18:01:09.713909+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534690154.213.187.10647925TCP
                              2024-12-18T18:01:19.365786+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534692154.213.187.10647925TCP
                              TimestampSource PortDest PortSource IPDest IP
                              Dec 18, 2024 17:59:21.451989889 CET3466047925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:21.571774006 CET4792534660154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:21.571837902 CET3466047925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:21.572932005 CET3466047925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:21.762243986 CET4792534660154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:22.696019888 CET4792534660154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:22.696122885 CET3466047925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:22.818238974 CET4792534660154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:32.101763010 CET3466247925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:32.221394062 CET4792534662154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:32.221544981 CET3466247925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:32.222815990 CET3466247925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:32.343637943 CET4792534662154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:33.297540903 CET4792534662154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:33.297723055 CET3466247925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:33.418461084 CET4792534662154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:36.739940882 CET3466447925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:36.859498024 CET4792534664154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:36.859703064 CET3466447925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:36.860776901 CET3466447925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:36.980334044 CET4792534664154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:37.911096096 CET4792534664154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:37.911380053 CET3466447925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:38.031233072 CET4792534664154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:48.308820963 CET3466647925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:48.428462982 CET4792534666154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:48.428675890 CET3466647925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:48.429711103 CET3466647925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:48.549591064 CET4792534666154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:49.479952097 CET4792534666154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:49.480223894 CET3466647925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:49.599786997 CET4792534666154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:58.933181047 CET3466847925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:59.056145906 CET4792534668154.213.187.106192.168.2.15
                              Dec 18, 2024 17:59:59.056412935 CET3466847925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:59.057497978 CET3466847925192.168.2.15154.213.187.106
                              Dec 18, 2024 17:59:59.177207947 CET4792534668154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:00.106334925 CET4792534668154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:00.106702089 CET3466847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:00.226340055 CET4792534668154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:10.508579016 CET3467047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:10.628293037 CET4792534670154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:10.628432989 CET3467047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:11.531209946 CET3467047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:11.653791904 CET4792534670154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:11.653980017 CET3467047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:11.655124903 CET3467047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:11.776490927 CET4792534670154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:12.717734098 CET4792534670154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:12.718027115 CET3467047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:12.837944031 CET4792534670154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:17.968637943 CET3467247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:18.088673115 CET4792534672154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:18.088785887 CET3467247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:18.089692116 CET3467247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:18.209336042 CET4792534672154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:19.137170076 CET4792534672154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:19.137377024 CET3467247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:19.257060051 CET4792534672154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:21.382827044 CET3467447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:21.505038977 CET4792534674154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:21.505183935 CET3467447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:21.506155014 CET3467447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:21.625804901 CET4792534674154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:22.563997984 CET4792534674154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:22.564265013 CET3467447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:22.684495926 CET4792534674154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:26.810827017 CET3467647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:26.930480957 CET4792534676154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:26.930706024 CET3467647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:26.931438923 CET3467647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:27.051203966 CET4792534676154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:27.987325907 CET4792534676154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:27.987593889 CET3467647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:28.107623100 CET4792534676154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:32.241353989 CET3467847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:32.361629009 CET4792534678154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:32.361717939 CET3467847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:32.362967014 CET3467847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:32.482822895 CET4792534678154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:33.417932987 CET4792534678154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:33.418123007 CET3467847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:33.537770033 CET4792534678154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:38.819550037 CET3468047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:38.939723015 CET4792534680154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:38.939806938 CET3468047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:38.940665960 CET3468047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:39.060297012 CET4792534680154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:39.993799925 CET4792534680154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:39.994040012 CET3468047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:40.115073919 CET4792534680154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:41.402609110 CET3468247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:41.524981022 CET4792534682154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:41.525104046 CET3468247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:41.526038885 CET3468247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:41.645925999 CET4792534682154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:42.596927881 CET4792534682154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:42.597143888 CET3468247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:42.716938972 CET4792534682154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:49.844525099 CET3468447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:49.968976974 CET4792534684154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:49.969068050 CET3468447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:49.970771074 CET3468447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:50.093135118 CET4792534684154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:51.099082947 CET4792534684154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:51.099329948 CET3468447925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:51.219997883 CET4792534684154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:58.547602892 CET3468647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:58.670126915 CET4792534686154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:58.670327902 CET3468647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:58.671439886 CET3468647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:58.791174889 CET4792534686154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:59.758508921 CET4792534686154.213.187.106192.168.2.15
                              Dec 18, 2024 18:00:59.758666992 CET3468647925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:00:59.878459930 CET4792534686154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:03.164302111 CET3468847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:03.284121990 CET4792534688154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:03.284311056 CET3468847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:03.285089016 CET3468847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:03.404748917 CET4792534688154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:04.340493917 CET4792534688154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:04.340651989 CET3468847925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:04.461798906 CET4792534688154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:09.592529058 CET3469047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:09.712563992 CET4792534690154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:09.712681055 CET3469047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:09.713908911 CET3469047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:09.835956097 CET4792534690154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:10.781949043 CET4792534690154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:10.782134056 CET3469047925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:10.901981115 CET4792534690154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:19.244761944 CET3469247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:19.364562035 CET4792534692154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:19.364809990 CET3469247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:19.365786076 CET3469247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:19.485578060 CET4792534692154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:20.420990944 CET4792534692154.213.187.106192.168.2.15
                              Dec 18, 2024 18:01:20.421165943 CET3469247925192.168.2.15154.213.187.106
                              Dec 18, 2024 18:01:20.541238070 CET4792534692154.213.187.106192.168.2.15
                              TimestampSource PortDest PortSource IPDest IP
                              Dec 18, 2024 17:59:21.065316916 CET3878653192.168.2.158.8.8.8
                              Dec 18, 2024 17:59:21.451515913 CET53387868.8.8.8192.168.2.15
                              Dec 18, 2024 17:59:31.702342033 CET4974553192.168.2.158.8.8.8
                              Dec 18, 2024 17:59:32.100878954 CET53497458.8.8.8192.168.2.15
                              Dec 18, 2024 17:59:36.300235033 CET6073153192.168.2.158.8.8.8
                              Dec 18, 2024 17:59:36.739007950 CET53607318.8.8.8192.168.2.15
                              Dec 18, 2024 17:59:47.914159060 CET4027253192.168.2.158.8.8.8
                              Dec 18, 2024 17:59:48.307806015 CET53402728.8.8.8192.168.2.15
                              Dec 18, 2024 17:59:58.482743025 CET4840153192.168.2.158.8.8.8
                              Dec 18, 2024 17:59:58.932100058 CET53484018.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:10.108875036 CET5031453192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:10.507966995 CET53503148.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:17.720274925 CET3680353192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:17.967959881 CET53368038.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:21.139848948 CET4271653192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:21.381710052 CET53427168.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:26.566371918 CET5770853192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:26.810139894 CET53577088.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:31.990163088 CET5861953192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:32.240345955 CET53586198.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:38.420428991 CET5910553192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:38.818711996 CET53591058.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:40.996252060 CET4807453192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:41.401885033 CET53480748.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:49.599725008 CET5353353192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:49.844037056 CET53535338.8.8.8192.168.2.15
                              Dec 18, 2024 18:00:58.101238012 CET5082453192.168.2.158.8.8.8
                              Dec 18, 2024 18:00:58.546556950 CET53508248.8.8.8192.168.2.15
                              Dec 18, 2024 18:01:02.761245012 CET4867153192.168.2.158.8.8.8
                              Dec 18, 2024 18:01:03.163441896 CET53486718.8.8.8192.168.2.15
                              Dec 18, 2024 18:01:09.343033075 CET4123953192.168.2.158.8.8.8
                              Dec 18, 2024 18:01:09.591726065 CET53412398.8.8.8192.168.2.15
                              Dec 18, 2024 18:01:18.783977985 CET3782453192.168.2.158.8.8.8
                              Dec 18, 2024 18:01:19.243978024 CET53378248.8.8.8192.168.2.15
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Dec 18, 2024 17:59:21.065316916 CET192.168.2.158.8.8.80x1472Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:31.702342033 CET192.168.2.158.8.8.80xfa7fStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:36.300235033 CET192.168.2.158.8.8.80xa952Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:47.914159060 CET192.168.2.158.8.8.80xa290Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:58.482743025 CET192.168.2.158.8.8.80xc115Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:10.108875036 CET192.168.2.158.8.8.80x9332Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:17.720274925 CET192.168.2.158.8.8.80x90f6Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:21.139848948 CET192.168.2.158.8.8.80x7217Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:26.566371918 CET192.168.2.158.8.8.80xe3afStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:31.990163088 CET192.168.2.158.8.8.80x60e2Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:38.420428991 CET192.168.2.158.8.8.80x5125Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:40.996252060 CET192.168.2.158.8.8.80x76f0Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:49.599725008 CET192.168.2.158.8.8.80x1dc0Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:58.101238012 CET192.168.2.158.8.8.80xcb78Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:01:02.761245012 CET192.168.2.158.8.8.80x2107Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:01:09.343033075 CET192.168.2.158.8.8.80xf7aStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              Dec 18, 2024 18:01:18.783977985 CET192.168.2.158.8.8.80xd1daStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Dec 18, 2024 17:59:21.451515913 CET8.8.8.8192.168.2.150x1472No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:32.100878954 CET8.8.8.8192.168.2.150xfa7fNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:36.739007950 CET8.8.8.8192.168.2.150xa952No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:48.307806015 CET8.8.8.8192.168.2.150xa290No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 17:59:58.932100058 CET8.8.8.8192.168.2.150xc115No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:10.507966995 CET8.8.8.8192.168.2.150x9332No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:17.967959881 CET8.8.8.8192.168.2.150x90f6No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:21.381710052 CET8.8.8.8192.168.2.150x7217No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:26.810139894 CET8.8.8.8192.168.2.150xe3afNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:32.240345955 CET8.8.8.8192.168.2.150x60e2No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:38.818711996 CET8.8.8.8192.168.2.150x5125No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:41.401885033 CET8.8.8.8192.168.2.150x76f0No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:49.844037056 CET8.8.8.8192.168.2.150x1dc0No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:00:58.546556950 CET8.8.8.8192.168.2.150xcb78No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:01:03.163441896 CET8.8.8.8192.168.2.150x2107No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:01:09.591726065 CET8.8.8.8192.168.2.150xf7aNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                              Dec 18, 2024 18:01:19.243978024 CET8.8.8.8192.168.2.150xd1daNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false

                              System Behavior

                              Start time (UTC):16:59:20
                              Start date (UTC):18/12/2024
                              Path:/tmp/bot.x86_64.elf
                              Arguments:/tmp/bot.x86_64.elf
                              File size:143832 bytes
                              MD5 hash:40441cd25f19fe8f6ab3129f1430dcb5

                              Start time (UTC):16:59:20
                              Start date (UTC):18/12/2024
                              Path:/tmp/bot.x86_64.elf
                              Arguments:-
                              File size:143832 bytes
                              MD5 hash:40441cd25f19fe8f6ab3129f1430dcb5

                              Start time (UTC):16:59:20
                              Start date (UTC):18/12/2024
                              Path:/tmp/bot.x86_64.elf
                              Arguments:-
                              File size:143832 bytes
                              MD5 hash:40441cd25f19fe8f6ab3129f1430dcb5