Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
bot.x86.elf

Overview

General Information

Sample name:bot.x86.elf
Analysis ID:1577748
MD5:7b53bc149e9ce32ab19be4b00dd3bb41
SHA1:94623818b19e6946af3ba975b85a87390a3e084b
SHA256:02f9aeaaa4ec18245b4e3e160be8f7a5413cd1f9569e1dc0a47c3e5af0a58e62
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai, Okiru
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Mirai
Yara detected Okiru
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1577748
Start date and time:2024-12-18 18:02:38 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 41s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:bot.x86.elf
Detection:MAL
Classification:mal100.troj.linELF@0/0@22/0
  • VT rate limit hit for: bot.x86.elf
Command:/tmp/bot.x86.elf
PID:5817
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:
  • system is lnxubuntu20
  • bot.x86.elf (PID: 5817, Parent: 5744, MD5: 7b53bc149e9ce32ab19be4b00dd3bb41) Arguments: /tmp/bot.x86.elf
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
bot.x86.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    bot.x86.elfJoeSecurity_Mirai_3Yara detected MiraiJoe Security
      bot.x86.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        bot.x86.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x10704:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10718:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1072c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10740:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10754:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10768:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1077c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10790:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x107a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x107b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x107cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x107e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x107f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10808:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1081c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10830:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10844:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10858:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1086c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10880:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10894:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        bot.x86.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0x105e4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 7 entries
        SourceRuleDescriptionAuthorStrings
        5817.1.0000000008048000.000000000805b000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
          5817.1.0000000008048000.000000000805b000.r-x.sdmpJoeSecurity_Mirai_3Yara detected MiraiJoe Security
            5817.1.0000000008048000.000000000805b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              5817.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
              • 0x10704:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10718:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1072c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10740:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10754:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10768:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1077c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10790:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x107a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x107b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x107cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x107e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x107f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10808:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1081c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10830:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10844:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10858:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1086c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10880:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10894:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              5817.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
              • 0x105e4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
              Click to see the 12 entries
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-18T18:03:45.460441+010020304901Malware Command and Control Activity Detected192.168.2.1534668154.213.187.10647925TCP
              2024-12-18T18:03:48.154951+010020304901Malware Command and Control Activity Detected192.168.2.1534670154.213.187.10647925TCP
              2024-12-18T18:03:52.582628+010020304901Malware Command and Control Activity Detected192.168.2.1534672154.213.187.10647925TCP
              2024-12-18T18:04:00.163423+010020304901Malware Command and Control Activity Detected192.168.2.1534674154.213.187.10647925TCP
              2024-12-18T18:04:04.590920+010020304901Malware Command and Control Activity Detected192.168.2.1534676154.213.187.10647925TCP
              2024-12-18T18:04:09.008285+010020304901Malware Command and Control Activity Detected192.168.2.1534678154.213.187.10647925TCP
              2024-12-18T18:04:12.583398+010020304901Malware Command and Control Activity Detected192.168.2.1534680154.213.187.10647925TCP
              2024-12-18T18:04:15.012373+010020304901Malware Command and Control Activity Detected192.168.2.1534682154.213.187.10647925TCP
              2024-12-18T18:04:19.433425+010020304901Malware Command and Control Activity Detected192.168.2.1534684154.213.187.10647925TCP
              2024-12-18T18:04:26.033515+010020304901Malware Command and Control Activity Detected192.168.2.1534686154.213.187.10647925TCP
              2024-12-18T18:04:30.647188+010020304901Malware Command and Control Activity Detected192.168.2.1534688154.213.187.10647925TCP
              2024-12-18T18:04:35.308207+010020304901Malware Command and Control Activity Detected192.168.2.1534690154.213.187.10647925TCP
              2024-12-18T18:04:42.937223+010020304901Malware Command and Control Activity Detected192.168.2.1534692154.213.187.10647925TCP
              2024-12-18T18:04:52.371942+010020304901Malware Command and Control Activity Detected192.168.2.1534694154.213.187.10647925TCP
              2024-12-18T18:05:00.810339+010020304901Malware Command and Control Activity Detected192.168.2.1534696154.213.187.10647925TCP
              2024-12-18T18:05:05.446458+010020304901Malware Command and Control Activity Detected192.168.2.1534698154.213.187.10647925TCP
              2024-12-18T18:05:11.037982+010020304901Malware Command and Control Activity Detected192.168.2.1534700154.213.187.10647925TCP
              2024-12-18T18:05:16.616674+010020304901Malware Command and Control Activity Detected192.168.2.1534702154.213.187.10647925TCP
              2024-12-18T18:05:21.040978+010020304901Malware Command and Control Activity Detected192.168.2.1534704154.213.187.10647925TCP
              2024-12-18T18:05:31.728358+010020304901Malware Command and Control Activity Detected192.168.2.1534706154.213.187.10647925TCP
              2024-12-18T18:05:34.304043+010020304901Malware Command and Control Activity Detected192.168.2.1534708154.213.187.10647925TCP
              2024-12-18T18:05:44.884610+010020304901Malware Command and Control Activity Detected192.168.2.1534710154.213.187.10647925TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: bot.x86.elfAvira: detected
              Source: bot.x86.elfReversingLabs: Detection: 68%
              Source: bot.x86.elfJoe Sandbox ML: detected
              Source: bot.x86.elfString: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34680 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34676 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34668 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34690 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34686 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34670 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34692 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34678 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34698 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34700 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34672 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34704 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34706 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34682 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34694 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34674 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34684 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34696 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34708 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34688 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34710 -> 154.213.187.106:47925
              Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:34702 -> 154.213.187.106:47925
              Source: global trafficTCP traffic: 154.213.187.106 ports 47925,2,4,5,7,9
              Source: global trafficTCP traffic: 192.168.2.15:34668 -> 154.213.187.106:47925
              Source: global trafficDNS traffic detected: DNS query: botnet.sharkcdn.net

              System Summary

              barindex
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
              Source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Initial sampleString containing 'busybox' found: /bin/busybox
              Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
              Source: bot.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
              Source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
              Source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: classification engineClassification label: mal100.troj.linELF@0/0@22/0
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/110/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/231/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/111/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/112/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/233/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/5818/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/113/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/5819/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/114/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/235/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/115/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1333/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/116/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1695/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/117/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/118/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/119/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/911/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/914/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/10/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/917/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/11/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/12/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/13/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/14/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/15/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/16/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/17/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/18/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/19/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1591/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/120/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/121/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/122/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/243/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/2/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/123/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/3/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/124/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1588/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/125/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/4/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/246/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/126/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/5/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/127/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/6/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1585/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/128/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/7/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/129/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/8/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/800/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/9/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/802/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/803/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/804/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/20/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/21/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/3407/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/22/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/23/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/24/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/25/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/26/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/27/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/28/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/29/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1484/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/490/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/250/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/130/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/251/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/131/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/132/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/133/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1479/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/378/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/258/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/259/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/931/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1595/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/812/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/933/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/3896/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/30/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/3419/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/35/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/3310/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/260/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/261/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/262/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/142/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/263/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/264/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/265/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/145/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/266/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/267/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/268/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/3303/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/269/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1486/cmdlineJump to behavior
              Source: /tmp/bot.x86.elf (PID: 5819)File opened: /proc/1806/cmdlineJump to behavior

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: bot.x86.elf, type: SAMPLE
              Source: Yara matchFile source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTR
              Source: Yara matchFile source: bot.x86.elf, type: SAMPLE
              Source: Yara matchFile source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
              Source: Yara matchFile source: bot.x86.elf, type: SAMPLE
              Source: Yara matchFile source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTR
              Source: Yara matchFile source: bot.x86.elf, type: SAMPLE
              Source: Yara matchFile source: 5817.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: bot.x86.elf PID: 5817, type: MEMORYSTR
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting
              Valid AccountsWindows Management Instrumentation1
              Scripting
              Path InterceptionDirect Volume Access1
              OS Credential Dumping
              System Service DiscoveryRemote ServicesData from Local System1
              Non-Standard Port
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
              Non-Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
              Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              No configs have been found
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              SourceDetectionScannerLabelLink
              bot.x86.elf68%ReversingLabsLinux.Backdoor.Mirai
              bot.x86.elf100%AviraEXP/ELF.Mirai.Z.A
              bot.x86.elf100%Joe Sandbox ML
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              NameIPActiveMaliciousAntivirus DetectionReputation
              botnet.sharkcdn.net
              154.213.187.106
              truefalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                154.213.187.106
                botnet.sharkcdn.netSeychelles
                22769DDOSING-BGP-NETWORKUSfalse
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                154.213.187.106bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                  bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    bot.m68k.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                      bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                        bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                          bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                            bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                              bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  botnet.sharkcdn.netbot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.m68k.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.213.187.106
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  DDOSING-BGP-NETWORKUSbot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.m68k.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 154.213.187.106
                                  bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.213.187.106
                                  bandwidth_monitor.exeGet hashmaliciousUnknownBrowse
                                  • 154.213.184.70
                                  No context
                                  No context
                                  No created / dropped files found
                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                  Entropy (8bit):5.772744051174123
                                  TrID:
                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                  File name:bot.x86.elf
                                  File size:93'768 bytes
                                  MD5:7b53bc149e9ce32ab19be4b00dd3bb41
                                  SHA1:94623818b19e6946af3ba975b85a87390a3e084b
                                  SHA256:02f9aeaaa4ec18245b4e3e160be8f7a5413cd1f9569e1dc0a47c3e5af0a58e62
                                  SHA512:b226d26ec13ae03477bafa7a1a8219ab314ad01bc77af46043582572d9122aed7b6e6daf956cf8985a2724e7d3b36b03de4d8f20ae1fa7a732e3e694458e8ba3
                                  SSDEEP:1536:oFd1IRgCXUzx7t0fMqlIgcEiyhcgSnyy72wPZnWhZS5xtY+z:oFdmR9XUzxh0fMgIgcEim8yHAdew5bz
                                  TLSH:1C936CC4F243E5F1EC9709B16137EB374B32F0BA111AEA43C7699972DCA2541DA06B9C
                                  File Content Preview:.ELF....................d...4....l......4. ...(......................$...$...............$...........G..8...........Q.td............................U..S.......o4...h....c...[]...$.............U......=.....t..5....$......$.......u........t....h............

                                  ELF header

                                  Class:ELF32
                                  Data:2's complement, little endian
                                  Version:1 (current)
                                  Machine:Intel 80386
                                  Version Number:0x1
                                  Type:EXEC (Executable file)
                                  OS/ABI:UNIX - System V
                                  ABI Version:0
                                  Entry Point Address:0x8048164
                                  Flags:0x0
                                  ELF Header Size:52
                                  Program Header Offset:52
                                  Program Header Size:32
                                  Number of Program Headers:3
                                  Section Header Offset:93368
                                  Section Header Size:40
                                  Number of Section Headers:10
                                  Header String Table Index:9
                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                  NULL0x00x00x00x00x0000
                                  .initPROGBITS0x80480940x940x1c0x00x6AX001
                                  .textPROGBITS0x80480b00xb00xfe860x00x6AX0016
                                  .finiPROGBITS0x8057f360xff360x170x00x6AX001
                                  .rodataPROGBITS0x8057f600xff600x25900x00x2A0032
                                  .ctorsPROGBITS0x805b4f40x124f40xc0x00x3WA004
                                  .dtorsPROGBITS0x805b5000x125000x80x00x3WA004
                                  .dataPROGBITS0x805b5200x125200x47580x00x3WA0032
                                  .bssNOBITS0x805fc800x16c780x49ac0x00x3WA0032
                                  .shstrtabSTRTAB0x00x16c780x3e0x00x0001
                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                  LOAD0x00x80480000x80480000x124f00x124f06.60560x5R E0x1000.init .text .fini .rodata
                                  LOAD0x124f40x805b4f40x805b4f40x47840x91380.36420x6RW 0x1000.ctors .dtors .data .bss
                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-12-18T18:03:45.460441+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534668154.213.187.10647925TCP
                                  2024-12-18T18:03:48.154951+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534670154.213.187.10647925TCP
                                  2024-12-18T18:03:52.582628+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534672154.213.187.10647925TCP
                                  2024-12-18T18:04:00.163423+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534674154.213.187.10647925TCP
                                  2024-12-18T18:04:04.590920+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534676154.213.187.10647925TCP
                                  2024-12-18T18:04:09.008285+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534678154.213.187.10647925TCP
                                  2024-12-18T18:04:12.583398+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534680154.213.187.10647925TCP
                                  2024-12-18T18:04:15.012373+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534682154.213.187.10647925TCP
                                  2024-12-18T18:04:19.433425+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534684154.213.187.10647925TCP
                                  2024-12-18T18:04:26.033515+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534686154.213.187.10647925TCP
                                  2024-12-18T18:04:30.647188+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534688154.213.187.10647925TCP
                                  2024-12-18T18:04:35.308207+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534690154.213.187.10647925TCP
                                  2024-12-18T18:04:42.937223+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534692154.213.187.10647925TCP
                                  2024-12-18T18:04:52.371942+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534694154.213.187.10647925TCP
                                  2024-12-18T18:05:00.810339+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534696154.213.187.10647925TCP
                                  2024-12-18T18:05:05.446458+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534698154.213.187.10647925TCP
                                  2024-12-18T18:05:11.037982+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534700154.213.187.10647925TCP
                                  2024-12-18T18:05:16.616674+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534702154.213.187.10647925TCP
                                  2024-12-18T18:05:21.040978+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534704154.213.187.10647925TCP
                                  2024-12-18T18:05:31.728358+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534706154.213.187.10647925TCP
                                  2024-12-18T18:05:34.304043+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534708154.213.187.10647925TCP
                                  2024-12-18T18:05:44.884610+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.1534710154.213.187.10647925TCP
                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 18, 2024 18:03:45.338666916 CET3466847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:45.460310936 CET4792534668154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:45.460380077 CET3466847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:45.460441113 CET3466847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:45.580265999 CET4792534668154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:46.580851078 CET4792534668154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:46.580990076 CET3466847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:46.707412004 CET4792534668154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:48.034904957 CET3467047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:48.154863119 CET4792534670154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:48.154917955 CET3467047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:48.154951096 CET3467047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:48.275098085 CET4792534670154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:49.208950996 CET4792534670154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:49.209055901 CET3467047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:49.328825951 CET4792534670154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:52.460863113 CET3467247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:52.582514048 CET4792534672154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:52.582627058 CET3467247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:52.582628012 CET3467247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:52.702238083 CET4792534672154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:53.640126944 CET4792534672154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:03:53.640223026 CET3467247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:03:53.759964943 CET4792534672154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:00.043114901 CET3467447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:00.163073063 CET4792534674154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:00.163423061 CET3467447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:00.163423061 CET3467447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:00.283205986 CET4792534674154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:01.220969915 CET4792534674154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:01.221271992 CET3467447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:01.341036081 CET4792534674154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:04.470902920 CET3467647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:04.590572119 CET4792534676154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:04.590919971 CET3467647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:04.590919971 CET3467647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:04.710798979 CET4792534676154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:05.644633055 CET4792534676154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:05.645056009 CET3467647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:05.764775038 CET4792534676154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:08.888111115 CET3467847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:09.008141994 CET4792534678154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:09.008260965 CET3467847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:09.008285046 CET3467847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:09.133464098 CET4792534678154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:10.071149111 CET4792534678154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:10.071368933 CET3467847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:10.191108942 CET4792534678154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:12.463134050 CET3468047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:12.583122969 CET4792534680154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:12.583290100 CET3468047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:12.583398104 CET3468047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:12.707180977 CET4792534680154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:13.634881020 CET4792534680154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:13.634980917 CET3468047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:13.755247116 CET4792534680154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:14.888797998 CET3468247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:15.012161970 CET4792534682154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:15.012331963 CET3468247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:15.012372971 CET3468247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:15.132754087 CET4792534682154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:16.062000036 CET4792534682154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:16.062293053 CET3468247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:16.182032108 CET4792534682154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:19.313433886 CET3468447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:19.433135986 CET4792534684154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:19.433336020 CET3468447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:19.433424950 CET3468447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:19.553126097 CET4792534684154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:20.514267921 CET4792534684154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:20.514513969 CET3468447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:20.638232946 CET4792534684154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:25.906287909 CET3468647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:26.033355951 CET4792534686154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:26.033468008 CET3468647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:26.033514977 CET3468647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:26.157977104 CET4792534686154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:27.112534046 CET4792534686154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:27.112946987 CET3468647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:27.233249903 CET4792534686154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:30.520494938 CET3468847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:30.646845102 CET4792534688154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:30.647103071 CET3468847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:30.647187948 CET3468847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:30.773575068 CET4792534688154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:31.787390947 CET4792534688154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:31.787595987 CET3468847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:31.907411098 CET4792534688154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:35.187799931 CET3469047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:35.307924032 CET4792534690154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:35.308132887 CET3469047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:35.308207035 CET3469047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:35.433682919 CET4792534690154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:36.370861053 CET4792534690154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:36.371030092 CET3469047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:36.491050959 CET4792534690154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:42.816580057 CET3469247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:42.936850071 CET4792534692154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:42.937222958 CET3469247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:42.937222958 CET3469247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:43.058017015 CET4792534692154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:44.003561974 CET4792534692154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:44.003937960 CET3469247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:44.124577045 CET4792534692154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:52.247209072 CET3469447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:52.371565104 CET4792534694154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:52.371942043 CET3469447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:52.371942043 CET3469447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:52.498183012 CET4792534694154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:53.435774088 CET4792534694154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:04:53.435956001 CET3469447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:04:53.562033892 CET4792534694154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:00.690351963 CET3469647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:00.810055017 CET4792534696154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:00.810242891 CET3469647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:00.810338974 CET3469647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:00.930330038 CET4792534696154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:01.875924110 CET4792534696154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:01.876203060 CET3469647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:01.995857000 CET4792534696154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:05.325074911 CET3469847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:05.446233034 CET4792534698154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:05.446379900 CET3469847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:05.446458101 CET3469847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:05.566183090 CET4792534698154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:06.520035982 CET4792534698154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:06.520241022 CET3469847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:06.641614914 CET4792534698154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:10.917840958 CET3470047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:11.037714005 CET4792534700154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:11.037852049 CET3470047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:11.037981987 CET3470047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:11.158560991 CET4792534700154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:12.092808008 CET4792534700154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:12.093039036 CET3470047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:12.213151932 CET4792534700154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:16.492872953 CET3470247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:16.616277933 CET4792534702154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:16.616672993 CET3470247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:16.616673946 CET3470247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:16.740864038 CET4792534702154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:17.677920103 CET4792534702154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:17.678344011 CET3470247925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:17.798562050 CET4792534702154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:20.921127081 CET3470447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:21.040759087 CET4792534704154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:21.040977955 CET3470447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:21.040977955 CET3470447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:21.162231922 CET4792534704154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:22.146976948 CET4792534704154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:22.147175074 CET3470447925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:22.267148972 CET4792534704154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:31.602660894 CET3470647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:31.728044033 CET4792534706154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:31.728358030 CET3470647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:31.728358030 CET3470647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:31.856014967 CET4792534706154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:32.787226915 CET4792534706154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:32.787442923 CET3470647925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:32.907983065 CET4792534706154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:34.183841944 CET3470847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:34.303803921 CET4792534708154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:34.304043055 CET3470847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:34.304043055 CET3470847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:34.424607992 CET4792534708154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:35.362854004 CET4792534708154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:35.362987995 CET3470847925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:35.485285044 CET4792534708154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:44.764305115 CET3471047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:44.884390116 CET4792534710154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:44.884609938 CET3471047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:44.884609938 CET3471047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:45.005592108 CET4792534710154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:45.935369015 CET4792534710154.213.187.106192.168.2.15
                                  Dec 18, 2024 18:05:45.935487986 CET3471047925192.168.2.15154.213.187.106
                                  Dec 18, 2024 18:05:46.057241917 CET4792534710154.213.187.106192.168.2.15
                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 18, 2024 18:03:44.942320108 CET5638553192.168.2.158.8.8.8
                                  Dec 18, 2024 18:03:45.338525057 CET53563858.8.8.8192.168.2.15
                                  Dec 18, 2024 18:03:47.587301016 CET5929353192.168.2.158.8.8.8
                                  Dec 18, 2024 18:03:48.034787893 CET53592938.8.8.8192.168.2.15
                                  Dec 18, 2024 18:03:52.211724997 CET4081253192.168.2.158.8.8.8
                                  Dec 18, 2024 18:03:52.460738897 CET53408128.8.8.8192.168.2.15
                                  Dec 18, 2024 18:03:59.641921997 CET3342853192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:00.042804003 CET53334288.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:04.223138094 CET5349153192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:04.470705032 CET53534918.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:08.647075891 CET4474153192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:08.887929916 CET53447418.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:12.073268890 CET4080253192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:12.462820053 CET53408028.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:14.636735916 CET5119953192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:14.888638020 CET53511998.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:19.064536095 CET4723953192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:19.313174009 CET53472398.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:25.517288923 CET4165253192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:25.905946970 CET53416528.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:30.115348101 CET4824853192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:30.520101070 CET53482488.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:34.789747953 CET3614953192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:35.187598944 CET53361498.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:42.374345064 CET5520053192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:42.816375017 CET53552008.8.8.8192.168.2.15
                                  Dec 18, 2024 18:04:52.006311893 CET3573753192.168.2.158.8.8.8
                                  Dec 18, 2024 18:04:52.246917963 CET53357378.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:00.437937975 CET4025353192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:00.690076113 CET53402538.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:04.880234957 CET5420253192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:05.324738979 CET53542028.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:10.522768974 CET5815953192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:10.917524099 CET53581598.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:16.094908953 CET4204853192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:16.492508888 CET53420488.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:20.680314064 CET4133853192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:20.920964003 CET53413388.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:31.149137974 CET3459053192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:31.601955891 CET53345908.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:33.788935900 CET3510653192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:34.183373928 CET53351068.8.8.8192.168.2.15
                                  Dec 18, 2024 18:05:44.364762068 CET3579753192.168.2.158.8.8.8
                                  Dec 18, 2024 18:05:44.764094114 CET53357978.8.8.8192.168.2.15
                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Dec 18, 2024 18:03:44.942320108 CET192.168.2.158.8.8.80x595fStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:03:47.587301016 CET192.168.2.158.8.8.80xfa6eStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:03:52.211724997 CET192.168.2.158.8.8.80x87a8Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:03:59.641921997 CET192.168.2.158.8.8.80x46e4Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:04.223138094 CET192.168.2.158.8.8.80x9cbdStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:08.647075891 CET192.168.2.158.8.8.80x78a8Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:12.073268890 CET192.168.2.158.8.8.80x6d75Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:14.636735916 CET192.168.2.158.8.8.80xc97fStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:19.064536095 CET192.168.2.158.8.8.80x7eaeStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:25.517288923 CET192.168.2.158.8.8.80x227bStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:30.115348101 CET192.168.2.158.8.8.80x94bStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:34.789747953 CET192.168.2.158.8.8.80xe2f3Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:42.374345064 CET192.168.2.158.8.8.80x7f92Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:52.006311893 CET192.168.2.158.8.8.80x5a30Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:00.437937975 CET192.168.2.158.8.8.80xe6efStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:04.880234957 CET192.168.2.158.8.8.80x6682Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:10.522768974 CET192.168.2.158.8.8.80xff54Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:16.094908953 CET192.168.2.158.8.8.80xcd8cStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:20.680314064 CET192.168.2.158.8.8.80xf4f9Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:31.149137974 CET192.168.2.158.8.8.80x9a4cStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:33.788935900 CET192.168.2.158.8.8.80x646dStandard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:44.364762068 CET192.168.2.158.8.8.80xff37Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 18, 2024 18:03:45.338525057 CET8.8.8.8192.168.2.150x595fNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:03:48.034787893 CET8.8.8.8192.168.2.150xfa6eNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:03:52.460738897 CET8.8.8.8192.168.2.150x87a8No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:00.042804003 CET8.8.8.8192.168.2.150x46e4No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:04.470705032 CET8.8.8.8192.168.2.150x9cbdNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:08.887929916 CET8.8.8.8192.168.2.150x78a8No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:12.462820053 CET8.8.8.8192.168.2.150x6d75No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:14.888638020 CET8.8.8.8192.168.2.150xc97fNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:19.313174009 CET8.8.8.8192.168.2.150x7eaeNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:25.905946970 CET8.8.8.8192.168.2.150x227bNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:30.520101070 CET8.8.8.8192.168.2.150x94bNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:35.187598944 CET8.8.8.8192.168.2.150xe2f3No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:42.816375017 CET8.8.8.8192.168.2.150x7f92No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:04:52.246917963 CET8.8.8.8192.168.2.150x5a30No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:00.690076113 CET8.8.8.8192.168.2.150xe6efNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:05.324738979 CET8.8.8.8192.168.2.150x6682No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:10.917524099 CET8.8.8.8192.168.2.150xff54No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:16.492508888 CET8.8.8.8192.168.2.150xcd8cNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:20.920964003 CET8.8.8.8192.168.2.150xf4f9No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:31.601955891 CET8.8.8.8192.168.2.150x9a4cNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:34.183373928 CET8.8.8.8192.168.2.150x646dNo error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false
                                  Dec 18, 2024 18:05:44.764094114 CET8.8.8.8192.168.2.150xff37No error (0)botnet.sharkcdn.net154.213.187.106A (IP address)IN (0x0001)false

                                  System Behavior

                                  Start time (UTC):17:03:44
                                  Start date (UTC):18/12/2024
                                  Path:/tmp/bot.x86.elf
                                  Arguments:/tmp/bot.x86.elf
                                  File size:93768 bytes
                                  MD5 hash:7b53bc149e9ce32ab19be4b00dd3bb41

                                  Start time (UTC):17:03:44
                                  Start date (UTC):18/12/2024
                                  Path:/tmp/bot.x86.elf
                                  Arguments:-
                                  File size:93768 bytes
                                  MD5 hash:7b53bc149e9ce32ab19be4b00dd3bb41

                                  Start time (UTC):17:03:44
                                  Start date (UTC):18/12/2024
                                  Path:/tmp/bot.x86.elf
                                  Arguments:-
                                  File size:93768 bytes
                                  MD5 hash:7b53bc149e9ce32ab19be4b00dd3bb41