Edit tour
Linux
Analysis Report
bot.x86.elf
Overview
General Information
Sample name: | bot.x86.elf |
Analysis ID: | 1577748 |
MD5: | 7b53bc149e9ce32ab19be4b00dd3bb41 |
SHA1: | 94623818b19e6946af3ba975b85a87390a3e084b |
SHA256: | 02f9aeaaa4ec18245b4e3e160be8f7a5413cd1f9569e1dc0a47c3e5af0a58e62 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Mirai, Okiru
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Mirai
Yara detected Okiru
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1577748 |
Start date and time: | 2024-12-18 18:02:38 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | bot.x86.elf |
Detection: | MAL |
Classification: | mal100.troj.linELF@0/0@22/0 |
- VT rate limit hit for: bot.x86.elf
Command: | /tmp/bot.x86.elf |
PID: | 5817 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | done. |
Standard Error: |
- system is lnxubuntu20
- bot.x86.elf New Fork (PID: 5818, Parent: 5817)
- bot.x86.elf New Fork (PID: 5819, Parent: 5818)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
Click to see the 7 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
Click to see the 12 entries |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-18T18:03:45.460441+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34668 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:03:48.154951+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34670 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:03:52.582628+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34672 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:00.163423+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34674 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:04.590920+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34676 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:09.008285+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34678 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:12.583398+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34680 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:15.012373+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34682 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:19.433425+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34684 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:26.033515+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34686 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:30.647188+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34688 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:35.308207+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34690 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:42.937223+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34692 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:52.371942+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34694 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:00.810339+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34696 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:05.446458+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34698 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:11.037982+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34700 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:16.616674+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34702 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:21.040978+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34704 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:31.728358+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34706 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:34.304043+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34708 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:44.884610+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 34710 | 154.213.187.106 | 47925 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | Direct Volume Access | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | ReversingLabs | Linux.Backdoor.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
botnet.sharkcdn.net | 154.213.187.106 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.213.187.106 | botnet.sharkcdn.net | Seychelles | 22769 | DDOSING-BGP-NETWORKUS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
154.213.187.106 | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
botnet.sharkcdn.net | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| |
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DDOSING-BGP-NETWORKUS | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| |
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.772744051174123 |
TrID: |
|
File name: | bot.x86.elf |
File size: | 93'768 bytes |
MD5: | 7b53bc149e9ce32ab19be4b00dd3bb41 |
SHA1: | 94623818b19e6946af3ba975b85a87390a3e084b |
SHA256: | 02f9aeaaa4ec18245b4e3e160be8f7a5413cd1f9569e1dc0a47c3e5af0a58e62 |
SHA512: | b226d26ec13ae03477bafa7a1a8219ab314ad01bc77af46043582572d9122aed7b6e6daf956cf8985a2724e7d3b36b03de4d8f20ae1fa7a732e3e694458e8ba3 |
SSDEEP: | 1536:oFd1IRgCXUzx7t0fMqlIgcEiyhcgSnyy72wPZnWhZS5xtY+z:oFdmR9XUzxh0fMgIgcEim8yHAdew5bz |
TLSH: | 1C936CC4F243E5F1EC9709B16137EB374B32F0BA111AEA43C7699972DCA2541DA06B9C |
File Content Preview: | .ELF....................d...4....l......4. ...(......................$...$...............$...........G..8...........Q.td............................U..S.......o4...h....c...[]...$.............U......=.....t..5....$......$.......u........t....h............ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 93368 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8048094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80480b0 | 0xb0 | 0xfe86 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x8057f36 | 0xff36 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x8057f60 | 0xff60 | 0x2590 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x805b4f4 | 0x124f4 | 0xc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x805b500 | 0x12500 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x805b520 | 0x12520 | 0x4758 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x805fc80 | 0x16c78 | 0x49ac | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x16c78 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8048000 | 0x8048000 | 0x124f0 | 0x124f0 | 6.6056 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0x124f4 | 0x805b4f4 | 0x805b4f4 | 0x4784 | 0x9138 | 0.3642 | 0x6 | RW | 0x1000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-18T18:03:45.460441+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34668 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:03:48.154951+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34670 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:03:52.582628+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34672 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:00.163423+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34674 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:04.590920+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34676 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:09.008285+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34678 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:12.583398+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34680 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:15.012373+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34682 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:19.433425+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34684 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:26.033515+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34686 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:30.647188+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34688 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:35.308207+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34690 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:42.937223+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34692 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:04:52.371942+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34694 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:00.810339+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34696 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:05.446458+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34698 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:11.037982+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34700 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:16.616674+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34702 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:21.040978+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34704 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:31.728358+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34706 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:34.304043+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34708 | 154.213.187.106 | 47925 | TCP |
2024-12-18T18:05:44.884610+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 34710 | 154.213.187.106 | 47925 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 18, 2024 18:03:45.338666916 CET | 34668 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:45.460310936 CET | 47925 | 34668 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:45.460380077 CET | 34668 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:45.460441113 CET | 34668 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:45.580265999 CET | 47925 | 34668 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:46.580851078 CET | 47925 | 34668 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:46.580990076 CET | 34668 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:46.707412004 CET | 47925 | 34668 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:48.034904957 CET | 34670 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:48.154863119 CET | 47925 | 34670 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:48.154917955 CET | 34670 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:48.154951096 CET | 34670 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:48.275098085 CET | 47925 | 34670 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:49.208950996 CET | 47925 | 34670 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:49.209055901 CET | 34670 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:49.328825951 CET | 47925 | 34670 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:52.460863113 CET | 34672 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:52.582514048 CET | 47925 | 34672 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:52.582627058 CET | 34672 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:52.582628012 CET | 34672 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:52.702238083 CET | 47925 | 34672 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:53.640126944 CET | 47925 | 34672 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:03:53.640223026 CET | 34672 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:03:53.759964943 CET | 47925 | 34672 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:00.043114901 CET | 34674 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:00.163073063 CET | 47925 | 34674 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:00.163423061 CET | 34674 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:00.163423061 CET | 34674 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:00.283205986 CET | 47925 | 34674 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:01.220969915 CET | 47925 | 34674 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:01.221271992 CET | 34674 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:01.341036081 CET | 47925 | 34674 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:04.470902920 CET | 34676 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:04.590572119 CET | 47925 | 34676 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:04.590919971 CET | 34676 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:04.590919971 CET | 34676 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:04.710798979 CET | 47925 | 34676 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:05.644633055 CET | 47925 | 34676 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:05.645056009 CET | 34676 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:05.764775038 CET | 47925 | 34676 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:08.888111115 CET | 34678 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:09.008141994 CET | 47925 | 34678 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:09.008260965 CET | 34678 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:09.008285046 CET | 34678 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:09.133464098 CET | 47925 | 34678 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:10.071149111 CET | 47925 | 34678 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:10.071368933 CET | 34678 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:10.191108942 CET | 47925 | 34678 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:12.463134050 CET | 34680 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:12.583122969 CET | 47925 | 34680 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:12.583290100 CET | 34680 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:12.583398104 CET | 34680 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:12.707180977 CET | 47925 | 34680 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:13.634881020 CET | 47925 | 34680 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:13.634980917 CET | 34680 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:13.755247116 CET | 47925 | 34680 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:14.888797998 CET | 34682 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:15.012161970 CET | 47925 | 34682 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:15.012331963 CET | 34682 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:15.012372971 CET | 34682 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:15.132754087 CET | 47925 | 34682 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:16.062000036 CET | 47925 | 34682 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:16.062293053 CET | 34682 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:16.182032108 CET | 47925 | 34682 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:19.313433886 CET | 34684 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:19.433135986 CET | 47925 | 34684 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:19.433336020 CET | 34684 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:19.433424950 CET | 34684 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:19.553126097 CET | 47925 | 34684 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:20.514267921 CET | 47925 | 34684 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:20.514513969 CET | 34684 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:20.638232946 CET | 47925 | 34684 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:25.906287909 CET | 34686 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:26.033355951 CET | 47925 | 34686 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:26.033468008 CET | 34686 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:26.033514977 CET | 34686 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:26.157977104 CET | 47925 | 34686 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:27.112534046 CET | 47925 | 34686 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:27.112946987 CET | 34686 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:27.233249903 CET | 47925 | 34686 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:30.520494938 CET | 34688 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:30.646845102 CET | 47925 | 34688 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:30.647103071 CET | 34688 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:30.647187948 CET | 34688 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:30.773575068 CET | 47925 | 34688 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:31.787390947 CET | 47925 | 34688 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:31.787595987 CET | 34688 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:31.907411098 CET | 47925 | 34688 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:35.187799931 CET | 34690 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:35.307924032 CET | 47925 | 34690 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:35.308132887 CET | 34690 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:35.308207035 CET | 34690 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:35.433682919 CET | 47925 | 34690 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:36.370861053 CET | 47925 | 34690 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:36.371030092 CET | 34690 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:36.491050959 CET | 47925 | 34690 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:42.816580057 CET | 34692 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:42.936850071 CET | 47925 | 34692 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:42.937222958 CET | 34692 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:42.937222958 CET | 34692 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:43.058017015 CET | 47925 | 34692 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:44.003561974 CET | 47925 | 34692 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:44.003937960 CET | 34692 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:44.124577045 CET | 47925 | 34692 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:52.247209072 CET | 34694 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:52.371565104 CET | 47925 | 34694 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:52.371942043 CET | 34694 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:52.371942043 CET | 34694 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:52.498183012 CET | 47925 | 34694 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:53.435774088 CET | 47925 | 34694 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:04:53.435956001 CET | 34694 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:04:53.562033892 CET | 47925 | 34694 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:00.690351963 CET | 34696 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:00.810055017 CET | 47925 | 34696 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:00.810242891 CET | 34696 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:00.810338974 CET | 34696 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:00.930330038 CET | 47925 | 34696 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:01.875924110 CET | 47925 | 34696 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:01.876203060 CET | 34696 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:01.995857000 CET | 47925 | 34696 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:05.325074911 CET | 34698 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:05.446233034 CET | 47925 | 34698 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:05.446379900 CET | 34698 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:05.446458101 CET | 34698 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:05.566183090 CET | 47925 | 34698 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:06.520035982 CET | 47925 | 34698 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:06.520241022 CET | 34698 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:06.641614914 CET | 47925 | 34698 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:10.917840958 CET | 34700 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:11.037714005 CET | 47925 | 34700 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:11.037852049 CET | 34700 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:11.037981987 CET | 34700 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:11.158560991 CET | 47925 | 34700 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:12.092808008 CET | 47925 | 34700 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:12.093039036 CET | 34700 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:12.213151932 CET | 47925 | 34700 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:16.492872953 CET | 34702 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:16.616277933 CET | 47925 | 34702 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:16.616672993 CET | 34702 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:16.616673946 CET | 34702 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:16.740864038 CET | 47925 | 34702 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:17.677920103 CET | 47925 | 34702 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:17.678344011 CET | 34702 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:17.798562050 CET | 47925 | 34702 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:20.921127081 CET | 34704 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:21.040759087 CET | 47925 | 34704 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:21.040977955 CET | 34704 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:21.040977955 CET | 34704 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:21.162231922 CET | 47925 | 34704 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:22.146976948 CET | 47925 | 34704 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:22.147175074 CET | 34704 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:22.267148972 CET | 47925 | 34704 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:31.602660894 CET | 34706 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:31.728044033 CET | 47925 | 34706 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:31.728358030 CET | 34706 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:31.728358030 CET | 34706 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:31.856014967 CET | 47925 | 34706 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:32.787226915 CET | 47925 | 34706 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:32.787442923 CET | 34706 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:32.907983065 CET | 47925 | 34706 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:34.183841944 CET | 34708 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:34.303803921 CET | 47925 | 34708 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:34.304043055 CET | 34708 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:34.304043055 CET | 34708 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:34.424607992 CET | 47925 | 34708 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:35.362854004 CET | 47925 | 34708 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:35.362987995 CET | 34708 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:35.485285044 CET | 47925 | 34708 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:44.764305115 CET | 34710 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:44.884390116 CET | 47925 | 34710 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:44.884609938 CET | 34710 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:44.884609938 CET | 34710 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:45.005592108 CET | 47925 | 34710 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:45.935369015 CET | 47925 | 34710 | 154.213.187.106 | 192.168.2.15 |
Dec 18, 2024 18:05:45.935487986 CET | 34710 | 47925 | 192.168.2.15 | 154.213.187.106 |
Dec 18, 2024 18:05:46.057241917 CET | 47925 | 34710 | 154.213.187.106 | 192.168.2.15 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 18, 2024 18:03:44.942320108 CET | 56385 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:03:45.338525057 CET | 53 | 56385 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:03:47.587301016 CET | 59293 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:03:48.034787893 CET | 53 | 59293 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:03:52.211724997 CET | 40812 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:03:52.460738897 CET | 53 | 40812 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:03:59.641921997 CET | 33428 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:00.042804003 CET | 53 | 33428 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:04.223138094 CET | 53491 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:04.470705032 CET | 53 | 53491 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:08.647075891 CET | 44741 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:08.887929916 CET | 53 | 44741 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:12.073268890 CET | 40802 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:12.462820053 CET | 53 | 40802 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:14.636735916 CET | 51199 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:14.888638020 CET | 53 | 51199 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:19.064536095 CET | 47239 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:19.313174009 CET | 53 | 47239 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:25.517288923 CET | 41652 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:25.905946970 CET | 53 | 41652 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:30.115348101 CET | 48248 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:30.520101070 CET | 53 | 48248 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:34.789747953 CET | 36149 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:35.187598944 CET | 53 | 36149 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:42.374345064 CET | 55200 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:42.816375017 CET | 53 | 55200 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:04:52.006311893 CET | 35737 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:04:52.246917963 CET | 53 | 35737 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:00.437937975 CET | 40253 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:00.690076113 CET | 53 | 40253 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:04.880234957 CET | 54202 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:05.324738979 CET | 53 | 54202 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:10.522768974 CET | 58159 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:10.917524099 CET | 53 | 58159 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:16.094908953 CET | 42048 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:16.492508888 CET | 53 | 42048 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:20.680314064 CET | 41338 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:20.920964003 CET | 53 | 41338 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:31.149137974 CET | 34590 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:31.601955891 CET | 53 | 34590 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:33.788935900 CET | 35106 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:34.183373928 CET | 53 | 35106 | 8.8.8.8 | 192.168.2.15 |
Dec 18, 2024 18:05:44.364762068 CET | 35797 | 53 | 192.168.2.15 | 8.8.8.8 |
Dec 18, 2024 18:05:44.764094114 CET | 53 | 35797 | 8.8.8.8 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 18, 2024 18:03:44.942320108 CET | 192.168.2.15 | 8.8.8.8 | 0x595f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:03:47.587301016 CET | 192.168.2.15 | 8.8.8.8 | 0xfa6e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:03:52.211724997 CET | 192.168.2.15 | 8.8.8.8 | 0x87a8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:03:59.641921997 CET | 192.168.2.15 | 8.8.8.8 | 0x46e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:04.223138094 CET | 192.168.2.15 | 8.8.8.8 | 0x9cbd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:08.647075891 CET | 192.168.2.15 | 8.8.8.8 | 0x78a8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:12.073268890 CET | 192.168.2.15 | 8.8.8.8 | 0x6d75 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:14.636735916 CET | 192.168.2.15 | 8.8.8.8 | 0xc97f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:19.064536095 CET | 192.168.2.15 | 8.8.8.8 | 0x7eae | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:25.517288923 CET | 192.168.2.15 | 8.8.8.8 | 0x227b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:30.115348101 CET | 192.168.2.15 | 8.8.8.8 | 0x94b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:34.789747953 CET | 192.168.2.15 | 8.8.8.8 | 0xe2f3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:42.374345064 CET | 192.168.2.15 | 8.8.8.8 | 0x7f92 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:04:52.006311893 CET | 192.168.2.15 | 8.8.8.8 | 0x5a30 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:00.437937975 CET | 192.168.2.15 | 8.8.8.8 | 0xe6ef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:04.880234957 CET | 192.168.2.15 | 8.8.8.8 | 0x6682 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:10.522768974 CET | 192.168.2.15 | 8.8.8.8 | 0xff54 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:16.094908953 CET | 192.168.2.15 | 8.8.8.8 | 0xcd8c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:20.680314064 CET | 192.168.2.15 | 8.8.8.8 | 0xf4f9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:31.149137974 CET | 192.168.2.15 | 8.8.8.8 | 0x9a4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:33.788935900 CET | 192.168.2.15 | 8.8.8.8 | 0x646d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:05:44.364762068 CET | 192.168.2.15 | 8.8.8.8 | 0xff37 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 18, 2024 18:03:45.338525057 CET | 8.8.8.8 | 192.168.2.15 | 0x595f | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:03:48.034787893 CET | 8.8.8.8 | 192.168.2.15 | 0xfa6e | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:03:52.460738897 CET | 8.8.8.8 | 192.168.2.15 | 0x87a8 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:00.042804003 CET | 8.8.8.8 | 192.168.2.15 | 0x46e4 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:04.470705032 CET | 8.8.8.8 | 192.168.2.15 | 0x9cbd | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:08.887929916 CET | 8.8.8.8 | 192.168.2.15 | 0x78a8 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:12.462820053 CET | 8.8.8.8 | 192.168.2.15 | 0x6d75 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:14.888638020 CET | 8.8.8.8 | 192.168.2.15 | 0xc97f | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:19.313174009 CET | 8.8.8.8 | 192.168.2.15 | 0x7eae | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:25.905946970 CET | 8.8.8.8 | 192.168.2.15 | 0x227b | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:30.520101070 CET | 8.8.8.8 | 192.168.2.15 | 0x94b | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:35.187598944 CET | 8.8.8.8 | 192.168.2.15 | 0xe2f3 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:42.816375017 CET | 8.8.8.8 | 192.168.2.15 | 0x7f92 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:04:52.246917963 CET | 8.8.8.8 | 192.168.2.15 | 0x5a30 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:00.690076113 CET | 8.8.8.8 | 192.168.2.15 | 0xe6ef | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:05.324738979 CET | 8.8.8.8 | 192.168.2.15 | 0x6682 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:10.917524099 CET | 8.8.8.8 | 192.168.2.15 | 0xff54 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:16.492508888 CET | 8.8.8.8 | 192.168.2.15 | 0xcd8c | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:20.920964003 CET | 8.8.8.8 | 192.168.2.15 | 0xf4f9 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:31.601955891 CET | 8.8.8.8 | 192.168.2.15 | 0x9a4c | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:34.183373928 CET | 8.8.8.8 | 192.168.2.15 | 0x646d | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:05:44.764094114 CET | 8.8.8.8 | 192.168.2.15 | 0xff37 | No error (0) | 154.213.187.106 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 17:03:44 |
Start date (UTC): | 18/12/2024 |
Path: | /tmp/bot.x86.elf |
Arguments: | /tmp/bot.x86.elf |
File size: | 93768 bytes |
MD5 hash: | 7b53bc149e9ce32ab19be4b00dd3bb41 |
Start time (UTC): | 17:03:44 |
Start date (UTC): | 18/12/2024 |
Path: | /tmp/bot.x86.elf |
Arguments: | - |
File size: | 93768 bytes |
MD5 hash: | 7b53bc149e9ce32ab19be4b00dd3bb41 |
Start time (UTC): | 17:03:44 |
Start date (UTC): | 18/12/2024 |
Path: | /tmp/bot.x86.elf |
Arguments: | - |
File size: | 93768 bytes |
MD5 hash: | 7b53bc149e9ce32ab19be4b00dd3bb41 |