Edit tour

Linux Analysis Report
wkb86.elf

Overview

General Information

Sample name:	wkb86.elf
Analysis ID:	1580764
MD5:	31d0d4b79753adc437547f277479f4f8
SHA1:	4e230307e3a8b0bc13471f0d1de9491d3bafb005
SHA256:	4e87eab796dccd9afac67edda8469ada7267c4fafecf174378168d351de38add
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	84
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Machine Learning detection for sample

Sample deletes itself

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580764
Start date and time:	2024-12-26 04:57:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	wkb86.elf
Detection:	MAL
Classification:	mal84.troj.evad.linELF@0/0@76/0

Runtime Messages

Command:	/tmp/wkb86.elf
PID:	6219
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

wkb86.elf (PID: 6219, Parent: 6137, MD5: 31d0d4b79753adc437547f277479f4f8) Arguments: /tmp/wkb86.elf

wkb86.elf New Fork (PID: 6220, Parent: 6219)

wkb86.elf New Fork (PID: 6221, Parent: 6220)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
wkb86.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
wkb86.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x12878:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1288c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12904:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12918:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1292c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12940:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12954:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12968:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1297c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12990:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12a08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
wkb86.elf	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x6160:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
wkb86.elf	Linux_Trojan_Mirai_5f7b67b8	unknown	unknown	0xb5d4:$a: 89 38 83 CF FF 89 F8 5A 59 5F C3 57 56 83 EC 04 8B 7C 24 10 8B 4C
wkb86.elf	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x7fb2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
wkb86.elf	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
wkb86.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xe67a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
wkb86.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xce74:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
wkb86.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x7f82:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Click to see the 4 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6219.1.0000000008048000.000000000805d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x12878:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1288c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12904:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12918:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1292c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12940:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12954:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12968:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1297c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12990:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12a08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x6160:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_5f7b67b8	unknown	unknown	0xb5d4:$a: 89 38 83 CF FF 89 F8 5A 59 5F C3 57 56 83 EC 04 8B 7C 24 10 8B 4C
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x7fb2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xe67a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xce74:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6219.1.0000000008048000.000000000805d000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x7f82:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Process Memory Space: wkb86.elf PID: 6219	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: wkb86.elf PID: 6219	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x8b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x902:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x916:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x93e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x952:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x966:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x97a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x98e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa06:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa1a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa2e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa42:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 6 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: wkb86.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: wkb86.elf

ReversingLabs: Detection: 42%

Machine Learning detection for sample

Source: wkb86.elf

Joe Sandbox ML: detected

Networking

Sends malformed DNS queries

Source: global traffic

DNS traffic detected: malformed DNS query: raw.cardiacpure.ru. [malformed]

Source: global traffic

TCP traffic: 192.168.2.23:38184 -> 178.215.238.25:33966

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43

Source: global traffic	DNS traffic detected: DNS query: raw.cardiacpure.ru
Source: global traffic	DNS traffic detected: DNS query: raw.cardiacpure.ru. [malformed]

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: Process Memory Space: wkb86.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: /proc/opendir/proc/%d/exe/proc/%d/maps/bin/busybox/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/telnetsshwatchdogsshd/usr/compress/bin//compress/bin/compress/usr/bashmain_x86main_x86_64main_mipsmain_mipselmain_armmain_arm5main_arm6main_arm7main_ppcmain_m68kmain_sh4main_spchttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt//tmp/var/mnt/boot/home/dev/..//root(deleted)(condi/exe) Killed process: %s, PID: %d

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/wkb86.elf (PID: 6221)

SIGKILL sent: pid: 2, result: successful

Jump to behavior

Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: wkb86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: Process Memory Space: wkb86.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal84.troj.evad.linELF@0/0@76/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/wkb86.elf (PID: 6220)

File: /tmp/wkb86.elf

Jump to behavior

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: wkb86.elf, type: SAMPLE
Source: Yara match	File source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wkb86.elf PID: 6219, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: wkb86.elf, type: SAMPLE
Source: Yara match	File source: 6219.1.0000000008048000.000000000805d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wkb86.elf PID: 6219, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
wkb86.elf	42%	ReversingLabs	Linux.Backdoor.Mirai
wkb86.elf	100%	Avira	EXP/ELF.Mirai.Z.A
wkb86.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
raw.cardiacpure.ru	178.215.238.25	true	false		high
raw.cardiacpure.ru. [malformed]	unknown	unknown	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
178.215.238.25	raw.cardiacpure.ru	Germany	10753	LVLT-10753US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
178.215.238.25	wlw68k.elf	Get hash	malicious	Mirai	Browse
	njvwa4.elf	Get hash	malicious	Mirai	Browse
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	ngwa5.elf	Get hash	malicious	Mirai	Browse
	kqibeps.elf	Get hash	malicious	Mirai	Browse
	fnkea7.elf	Get hash	malicious	Mirai	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	wiewa64.elf	Get hash	malicious	Mirai	Browse
	wkb86.elf	Get hash	malicious	Mirai	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	woega6.elf	Get hash	malicious	Mirai	Browse
	njvwa4.elf	Get hash	malicious	Mirai	Browse
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	bin.sh.elf	Get hash	malicious	Unknown	Browse
	main_x86_64.elf	Get hash	malicious	Mirai	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.cardiacpure.ru	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	kqibeps.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	wiewa64.elf	Get hash	malicious	Mirai	Browse	178.215.238.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	woega6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wlw68k.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	njvwa4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	bin.sh.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	main_arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
CANONICAL-ASGB	woega6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wlw68k.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	njvwa4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	bin.sh.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	main_arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
LVLT-10753US	wlw68k.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	njvwa4.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	armv6l.elf	Get hash	malicious	Mirai	Browse	217.22.7.57
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	94.154.174.150
	nshmpsl.elf	Get hash	malicious	Mirai	Browse	45.129.149.6
	sh4.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	147.207.230.32
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
	boatnet.i686.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
INIT7CH	woega6.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	njvwa4.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	bin.sh.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	main_arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.838091512131536
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	wkb86.elf
File size:	103'048 bytes
MD5:	31d0d4b79753adc437547f277479f4f8
SHA1:	4e230307e3a8b0bc13471f0d1de9491d3bafb005
SHA256:	4e87eab796dccd9afac67edda8469ada7267c4fafecf174378168d351de38add
SHA512:	62d946ab8695571783798f2bb1346c71982e701a2361e602049a4d67753a8119068a337dff218e450648958c27359c27a06b20a7883d8c36f985814fb2534883
SSDEEP:	3072:5BZPRgmCvADuJk3c2yJ6WnaZXtSOOzVK:zZZgVoKJkVJlOzV
TLSH:	7BA36CC4F247D8F6E85201703177FB339B32E1B91129DA83D7B99E369CA2941DA06A5C
File Content Preview:	.ELF....................d...4...........4. ...(......................H...H...............H...........H.. ...........Q.td............................U..S.......'X...h....# ..[]...$.............U......=. ...t..5...................u........t....h............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	102648
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0x12046	0x0	0x6	AX	16
.fini	PROGBITS	0x805a0f6	0x120f6	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x805a120	0x12120	0x2788	0x0	0x2	A	32
.ctors	PROGBITS	0x805d8ac	0x148ac	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x805d8b8	0x148b8	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805d8e0	0x148e0	0x47d8	0x0	0x3	WA	32
.bss	NOBITS	0x80620c0	0x190b8	0x490c	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x190b8	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x148a8	0x148a8	6.5822	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x148ac	0x805d8ac	0x805d8ac	0x480c	0x9120	0.4335	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 04:57:45.990478039 CET	38184	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:46.110204935 CET	33966	38184	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:46.110280991 CET	38184	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:46.110320091 CET	38184	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:46.229841948 CET	33966	38184	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:46.229887962 CET	38184	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:46.349421978 CET	33966	38184	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:47.244935036 CET	43928	443	192.168.2.23	91.189.91.42
Dec 26, 2024 04:57:47.374743938 CET	33966	38184	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:47.374813080 CET	38184	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:47.374871969 CET	38184	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:48.600158930 CET	38186	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:48.719871998 CET	33966	38186	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:48.719921112 CET	38186	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:48.719958067 CET	38186	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:48.839560986 CET	33966	38186	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:48.839751959 CET	38186	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:57:48.959444046 CET	33966	38186	178.215.238.25	192.168.2.23
Dec 26, 2024 04:57:52.618700981 CET	42836	443	192.168.2.23	91.189.91.43
Dec 26, 2024 04:57:54.154448032 CET	42516	80	192.168.2.23	109.202.202.202
Dec 26, 2024 04:58:08.488480091 CET	43928	443	192.168.2.23	91.189.91.42
Dec 26, 2024 04:58:18.727005005 CET	42836	443	192.168.2.23	91.189.91.43
Dec 26, 2024 04:58:24.870184898 CET	42516	80	192.168.2.23	109.202.202.202
Dec 26, 2024 04:58:31.652987957 CET	33966	38186	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:31.653256893 CET	38186	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:31.772814989 CET	33966	38186	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:33.881465912 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:34.001056910 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:34.001292944 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:34.001292944 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:34.121164083 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:34.121551037 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:34.241055012 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:35.267498970 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:35.267915010 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:35.267915964 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:36.495459080 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:36.615041018 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:36.615192890 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:36.615426064 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:36.734945059 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:36.735122919 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:36.854736090 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:37.879290104 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:37.879648924 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:37.879726887 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:39.108160019 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:39.227850914 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:39.228322029 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:39.228446007 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:39.348048925 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:39.348236084 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:39.467901945 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:40.494712114 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:40.494802952 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:40.494802952 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:41.722310066 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:41.841897964 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:41.842016935 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:41.842113018 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:41.961584091 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:41.961682081 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:42.081298113 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:43.106430054 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:43.106611013 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:43.106611013 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:44.333316088 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:44.452852011 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:44.453166962 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:44.453264952 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:44.573055983 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:44.573393106 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:44.693268061 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:45.718444109 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:45.718714952 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:45.718914986 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:46.946182966 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:47.065742970 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:47.065988064 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:47.066091061 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:47.185775995 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:47.186186075 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:47.305684090 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:48.331243038 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:48.331356049 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:48.331527948 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:49.442713022 CET	43928	443	192.168.2.23	91.189.91.42
Dec 26, 2024 04:58:49.559946060 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:49.679429054 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:49.679493904 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:49.679531097 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:49.799108028 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:49.799407005 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:49.918927908 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:50.943969011 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:50.944133997 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:50.944164991 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:52.172106981 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:52.291665077 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:52.291812897 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:52.291892052 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:52.411473989 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:52.411731005 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:52.531568050 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:53.557205915 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:53.557493925 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:53.557563066 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:54.783540010 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:54.903126955 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:54.903215885 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:54.903292894 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:55.022731066 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:55.022908926 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:55.142378092 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:56.168713093 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:56.168876886 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:56.168898106 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:57.394854069 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:57.514504910 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:57.514674902 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:57.514674902 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:57.634218931 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:57.634260893 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:57.753777027 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:58.781986952 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 04:58:58.782201052 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:58:58.782231092 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:00.010543108 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:00.130249977 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:00.130516052 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:00.130516052 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:00.250247002 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:00.250380039 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:00.370016098 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:01.396739006 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:01.396989107 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:01.397082090 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:02.626223087 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:02.745798111 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:02.746010065 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:02.746089935 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:02.865760088 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:02.866103888 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:02.985707998 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:04.012038946 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:04.012310028 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:04.012408972 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:05.240830898 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:05.360532045 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:05.360635042 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:05.360894918 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:05.480487108 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:05.480756998 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:05.600466967 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:09.919962883 CET	42836	443	192.168.2.23	91.189.91.43
Dec 26, 2024 04:59:35.386538982 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:35.506280899 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 04:59:45.395167112 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 04:59:45.515199900 CET	33966	38212	178.215.238.25	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 04:57:45.137545109 CET	51701	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:45.377134085 CET	53	51701	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:45.377336979 CET	59748	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:45.499596119 CET	53	59748	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:45.499906063 CET	53181	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:45.622143984 CET	53	53181	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:45.622574091 CET	34989	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:45.745057106 CET	53	34989	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:45.745146036 CET	45728	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:45.867722034 CET	53	45728	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:45.867830992 CET	38492	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:45.990252018 CET	53	38492	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:47.374886036 CET	39636	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:47.497342110 CET	53	39636	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:47.497453928 CET	51876	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:47.619997025 CET	53	51876	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:47.620080948 CET	60115	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:47.742418051 CET	53	60115	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:47.742611885 CET	51842	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:47.864810944 CET	53	51842	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:47.865103006 CET	58621	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:47.987586975 CET	53	58621	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:47.987675905 CET	45649	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:48.110261917 CET	53	45649	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:48.110342979 CET	60101	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:48.232534885 CET	53	60101	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:48.232601881 CET	38079	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:48.354934931 CET	53	38079	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:48.355149031 CET	44172	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:48.477518082 CET	53	44172	8.8.8.8	192.168.2.23
Dec 26, 2024 04:57:48.477699995 CET	48146	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:57:48.600085974 CET	53	48146	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:32.654176950 CET	41601	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:32.776508093 CET	53	41601	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:32.776891947 CET	50460	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:32.899194956 CET	53	50460	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:32.899544001 CET	59016	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.021785021 CET	53	59016	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.022073984 CET	58488	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.144747972 CET	53	58488	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.146239042 CET	43016	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.268505096 CET	53	43016	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.268709898 CET	38836	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.390995026 CET	53	38836	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.391238928 CET	38171	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.513472080 CET	53	38171	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.513822079 CET	55368	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.636013985 CET	53	55368	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.636404991 CET	45053	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.758605003 CET	53	45053	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:33.758723021 CET	35783	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:33.880949974 CET	53	35783	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:35.268006086 CET	58214	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:35.390295982 CET	53	58214	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:35.390897989 CET	56215	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:35.513449907 CET	53	56215	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:35.513731003 CET	43711	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:35.636012077 CET	53	43711	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:35.636435986 CET	35612	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:35.758654118 CET	53	35612	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:35.758830070 CET	60096	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:35.881100893 CET	53	60096	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:35.881597042 CET	49328	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:36.003916979 CET	53	49328	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:36.004199982 CET	45430	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:36.126857042 CET	53	45430	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:36.127305984 CET	38019	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:36.249543905 CET	53	38019	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:36.250037909 CET	53604	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:36.372195959 CET	53	53604	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:36.372678995 CET	52612	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:36.494986057 CET	53	52612	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:37.879777908 CET	52265	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.002079964 CET	53	52265	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.002649069 CET	50733	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.125118971 CET	53	50733	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.125634909 CET	33379	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.247997046 CET	53	33379	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.248292923 CET	60807	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.370579958 CET	53	60807	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.370718002 CET	46958	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.492964029 CET	53	46958	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.493277073 CET	33237	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.615808010 CET	53	33237	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.616295099 CET	38834	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.738827944 CET	53	38834	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.739459991 CET	33403	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.861815929 CET	53	33403	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.862138987 CET	38461	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:38.984518051 CET	53	38461	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:38.984831095 CET	50105	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:39.107383966 CET	53	50105	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:40.494863033 CET	34465	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:40.617440939 CET	53	34465	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:40.617645025 CET	55736	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:40.740011930 CET	53	55736	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:40.740616083 CET	56994	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:40.862976074 CET	53	56994	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:40.863241911 CET	50329	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:40.985723972 CET	53	50329	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:40.986183882 CET	57036	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:41.108745098 CET	53	57036	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:41.108994961 CET	42038	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:41.231431961 CET	53	42038	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:41.231831074 CET	54197	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:41.354249954 CET	53	54197	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:41.354772091 CET	55696	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:41.476972103 CET	53	55696	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:41.477392912 CET	34008	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:41.599839926 CET	53	34008	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:41.599986076 CET	41368	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:41.722136021 CET	53	41368	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.106663942 CET	56771	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.229038954 CET	53	56771	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.229321957 CET	55264	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.351689100 CET	53	55264	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.351890087 CET	47455	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.474304914 CET	53	47455	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.474461079 CET	34456	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.596745014 CET	53	34456	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.596973896 CET	58778	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.719217062 CET	53	58778	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.719635963 CET	48985	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.842142105 CET	53	48985	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.842330933 CET	52291	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:43.964627028 CET	53	52291	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:43.965102911 CET	46196	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:44.087521076 CET	53	46196	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:44.087842941 CET	42667	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:44.210107088 CET	53	42667	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:44.210589886 CET	45567	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:44.332879066 CET	53	45567	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:45.718939066 CET	48744	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:45.841269016 CET	53	48744	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:45.842000961 CET	57192	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:45.964493036 CET	53	57192	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:45.964711905 CET	40428	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.087054014 CET	53	40428	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.087471008 CET	45447	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.209899902 CET	53	45447	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.210294962 CET	40870	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.332478046 CET	53	40870	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.332921028 CET	55570	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.455080032 CET	53	55570	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.455589056 CET	60694	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.577836037 CET	53	60694	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.578195095 CET	47587	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.700397015 CET	53	47587	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.700886011 CET	59838	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.823271990 CET	53	59838	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:46.823631048 CET	49582	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:46.945962906 CET	53	49582	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:48.331541061 CET	53220	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:48.453999996 CET	53	53220	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:48.454299927 CET	47415	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:48.577020884 CET	53	47415	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:48.577632904 CET	39114	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:48.700095892 CET	53	39114	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:48.700695992 CET	47087	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:48.823169947 CET	53	47087	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:48.823610067 CET	56996	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:48.945863008 CET	53	56996	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:48.946261883 CET	56094	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:49.068732023 CET	53	56094	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:49.068922043 CET	36954	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:49.191242933 CET	53	36954	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:49.191718102 CET	47566	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:49.314116955 CET	53	47566	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:49.314578056 CET	50360	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:49.437154055 CET	53	50360	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:49.437321901 CET	47968	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:49.559490919 CET	53	47968	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:50.944199085 CET	44307	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.066477060 CET	53	44307	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.066720963 CET	33702	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.189359903 CET	53	33702	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.189708948 CET	48557	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.312011003 CET	53	48557	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.312284946 CET	42888	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.434567928 CET	53	42888	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.434798002 CET	60673	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.557152033 CET	53	60673	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.557399035 CET	51978	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.679888964 CET	53	51978	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.680469036 CET	34417	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.803117990 CET	53	34417	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.803581953 CET	51094	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:51.926059008 CET	53	51094	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:51.926486015 CET	60043	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:52.048929930 CET	53	60043	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:52.049418926 CET	44579	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:52.171830893 CET	53	44579	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:53.557689905 CET	37939	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:53.680672884 CET	53	37939	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:53.680800915 CET	54863	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:53.803061962 CET	53	54863	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:53.803303957 CET	53718	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:53.925532103 CET	53	53718	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:53.925679922 CET	53506	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.048120975 CET	53	53506	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:54.048381090 CET	49235	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.170902967 CET	53	49235	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:54.171106100 CET	52819	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.293414116 CET	53	52819	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:54.293509007 CET	40886	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.415649891 CET	53	40886	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:54.415868998 CET	34042	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.538240910 CET	53	34042	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:54.538542032 CET	54416	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.660821915 CET	53	54416	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:54.660938978 CET	55719	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:54.783207893 CET	53	55719	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.168950081 CET	57775	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:56.291380882 CET	53	57775	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.291696072 CET	51750	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:56.414088964 CET	53	51750	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.414262056 CET	48821	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:56.536595106 CET	53	48821	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.536796093 CET	52177	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:56.659111977 CET	53	52177	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.659393072 CET	60728	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:56.781718016 CET	53	60728	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.781912088 CET	47066	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:56.904151917 CET	53	47066	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:56.904510975 CET	49848	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:57.026905060 CET	53	49848	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:57.027026892 CET	47640	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:57.149257898 CET	53	47640	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:57.149408102 CET	53761	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:57.271645069 CET	53	53761	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:57.272051096 CET	54324	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:57.394341946 CET	53	54324	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:58.782283068 CET	48608	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:58.906570911 CET	53	48608	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:58.906687975 CET	40996	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.028973103 CET	53	40996	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.029234886 CET	60305	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.151622057 CET	53	60305	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.151803017 CET	52697	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.274035931 CET	53	52697	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.274344921 CET	36150	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.396637917 CET	53	36150	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.396984100 CET	39198	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.519356966 CET	53	39198	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.519742966 CET	34776	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.641964912 CET	53	34776	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.642191887 CET	38390	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.764348984 CET	53	38390	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.764542103 CET	60614	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:58:59.886864901 CET	53	60614	8.8.8.8	192.168.2.23
Dec 26, 2024 04:58:59.887173891 CET	41428	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:00.010231018 CET	53	41428	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:01.397121906 CET	40329	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:01.519371033 CET	53	40329	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:01.519680977 CET	45778	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:01.642139912 CET	53	45778	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:01.642570972 CET	49894	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:01.764919043 CET	53	49894	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:01.765165091 CET	40460	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:01.887444019 CET	53	40460	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:01.887763023 CET	57300	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:02.010102034 CET	53	57300	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:02.010605097 CET	48369	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:02.135082960 CET	53	48369	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:02.135426998 CET	54912	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:02.257754087 CET	53	54912	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:02.258019924 CET	50291	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:02.380310059 CET	53	50291	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:02.380740881 CET	43862	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:02.503030062 CET	53	43862	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:02.503344059 CET	34678	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:02.625818968 CET	53	34678	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.012458086 CET	33560	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.134866953 CET	53	33560	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.135126114 CET	42003	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.257450104 CET	53	42003	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.257723093 CET	59520	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.380053043 CET	53	59520	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.380393028 CET	56336	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.502854109 CET	53	56336	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.503272057 CET	43974	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.625613928 CET	53	43974	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.626079082 CET	39110	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.748390913 CET	53	39110	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.748999119 CET	41207	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.871444941 CET	53	41207	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.871865988 CET	46006	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:04.994383097 CET	53	46006	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:04.994748116 CET	50679	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:05.117409945 CET	53	50679	8.8.8.8	192.168.2.23
Dec 26, 2024 04:59:05.117765903 CET	35717	53	192.168.2.23	8.8.8.8
Dec 26, 2024 04:59:05.240361929 CET	53	35717	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 04:57:45.137545109 CET	192.168.2.23	8.8.8.8	0x6ad8	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 04:57:45.377336979 CET	192.168.2.23	8.8.8.8	0x6d36	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	313	false
Dec 26, 2024 04:57:45.499906063 CET	192.168.2.23	8.8.8.8	0x6d36	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	313	false
Dec 26, 2024 04:57:45.622574091 CET	192.168.2.23	8.8.8.8	0x6d36	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	313	false
Dec 26, 2024 04:57:45.745146036 CET	192.168.2.23	8.8.8.8	0x6d36	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	313	false
Dec 26, 2024 04:57:45.867830992 CET	192.168.2.23	8.8.8.8	0x6d36	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	313	false
Dec 26, 2024 04:57:47.987675905 CET	192.168.2.23	8.8.8.8	0xf9ee	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	316	false
Dec 26, 2024 04:57:48.110342979 CET	192.168.2.23	8.8.8.8	0xf9ee	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	316	false
Dec 26, 2024 04:57:48.232601881 CET	192.168.2.23	8.8.8.8	0xf9ee	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	316	false
Dec 26, 2024 04:57:48.355149031 CET	192.168.2.23	8.8.8.8	0xf9ee	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	316	false
Dec 26, 2024 04:57:48.477699995 CET	192.168.2.23	8.8.8.8	0xf9ee	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	316	false
Dec 26, 2024 04:58:33.268709898 CET	192.168.2.23	8.8.8.8	0x858f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	361	false
Dec 26, 2024 04:58:33.391238928 CET	192.168.2.23	8.8.8.8	0x858f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	361	false
Dec 26, 2024 04:58:33.513822079 CET	192.168.2.23	8.8.8.8	0x858f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	361	false
Dec 26, 2024 04:58:33.636404991 CET	192.168.2.23	8.8.8.8	0x858f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	361	false
Dec 26, 2024 04:58:33.758723021 CET	192.168.2.23	8.8.8.8	0x858f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	361	false
Dec 26, 2024 04:58:35.881597042 CET	192.168.2.23	8.8.8.8	0x2c95	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	364	false
Dec 26, 2024 04:58:36.004199982 CET	192.168.2.23	8.8.8.8	0x2c95	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	364	false
Dec 26, 2024 04:58:36.127305984 CET	192.168.2.23	8.8.8.8	0x2c95	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	364	false
Dec 26, 2024 04:58:36.250037909 CET	192.168.2.23	8.8.8.8	0x2c95	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	364	false
Dec 26, 2024 04:58:36.372678995 CET	192.168.2.23	8.8.8.8	0x2c95	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	364	false
Dec 26, 2024 04:58:38.493277073 CET	192.168.2.23	8.8.8.8	0x97c4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	366	false
Dec 26, 2024 04:58:38.616295099 CET	192.168.2.23	8.8.8.8	0x97c4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	366	false
Dec 26, 2024 04:58:38.739459991 CET	192.168.2.23	8.8.8.8	0x97c4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	366	false
Dec 26, 2024 04:58:38.862138987 CET	192.168.2.23	8.8.8.8	0x97c4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	366	false
Dec 26, 2024 04:58:38.984831095 CET	192.168.2.23	8.8.8.8	0x97c4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	367	false
Dec 26, 2024 04:58:41.108994961 CET	192.168.2.23	8.8.8.8	0x2c3c	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	369	false
Dec 26, 2024 04:58:41.231831074 CET	192.168.2.23	8.8.8.8	0x2c3c	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	369	false
Dec 26, 2024 04:58:41.354772091 CET	192.168.2.23	8.8.8.8	0x2c3c	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	369	false
Dec 26, 2024 04:58:41.477392912 CET	192.168.2.23	8.8.8.8	0x2c3c	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	369	false
Dec 26, 2024 04:58:41.599986076 CET	192.168.2.23	8.8.8.8	0x2c3c	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	369	false
Dec 26, 2024 04:58:43.719635963 CET	192.168.2.23	8.8.8.8	0x7a4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	371	false
Dec 26, 2024 04:58:43.842330933 CET	192.168.2.23	8.8.8.8	0x7a4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	371	false
Dec 26, 2024 04:58:43.965102911 CET	192.168.2.23	8.8.8.8	0x7a4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	372	false
Dec 26, 2024 04:58:44.087842941 CET	192.168.2.23	8.8.8.8	0x7a4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	372	false
Dec 26, 2024 04:58:44.210589886 CET	192.168.2.23	8.8.8.8	0x7a4	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	372	false
Dec 26, 2024 04:58:46.332921028 CET	192.168.2.23	8.8.8.8	0x3279	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	374	false
Dec 26, 2024 04:58:46.455589056 CET	192.168.2.23	8.8.8.8	0x3279	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	374	false
Dec 26, 2024 04:58:46.578195095 CET	192.168.2.23	8.8.8.8	0x3279	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	374	false
Dec 26, 2024 04:58:46.700886011 CET	192.168.2.23	8.8.8.8	0x3279	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	374	false
Dec 26, 2024 04:58:46.823631048 CET	192.168.2.23	8.8.8.8	0x3279	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	374	false
Dec 26, 2024 04:58:48.946261883 CET	192.168.2.23	8.8.8.8	0x803f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	377	false
Dec 26, 2024 04:58:49.068922043 CET	192.168.2.23	8.8.8.8	0x803f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	377	false
Dec 26, 2024 04:58:49.191718102 CET	192.168.2.23	8.8.8.8	0x803f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	377	false
Dec 26, 2024 04:58:49.314578056 CET	192.168.2.23	8.8.8.8	0x803f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	377	false
Dec 26, 2024 04:58:49.437321901 CET	192.168.2.23	8.8.8.8	0x803f	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	377	false
Dec 26, 2024 04:58:51.557399035 CET	192.168.2.23	8.8.8.8	0xb6fc	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	379	false
Dec 26, 2024 04:58:51.680469036 CET	192.168.2.23	8.8.8.8	0xb6fc	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	379	false
Dec 26, 2024 04:58:51.803581953 CET	192.168.2.23	8.8.8.8	0xb6fc	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	379	false
Dec 26, 2024 04:58:51.926486015 CET	192.168.2.23	8.8.8.8	0xb6fc	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	380	false
Dec 26, 2024 04:58:52.049418926 CET	192.168.2.23	8.8.8.8	0xb6fc	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	380	false
Dec 26, 2024 04:58:54.171106100 CET	192.168.2.23	8.8.8.8	0xac71	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	382	false
Dec 26, 2024 04:58:54.293509007 CET	192.168.2.23	8.8.8.8	0xac71	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	382	false
Dec 26, 2024 04:58:54.415868998 CET	192.168.2.23	8.8.8.8	0xac71	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	382	false
Dec 26, 2024 04:58:54.538542032 CET	192.168.2.23	8.8.8.8	0xac71	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	382	false
Dec 26, 2024 04:58:54.660938978 CET	192.168.2.23	8.8.8.8	0xac71	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	382	false
Dec 26, 2024 04:58:56.781912088 CET	192.168.2.23	8.8.8.8	0xb993	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	384	false
Dec 26, 2024 04:58:56.904510975 CET	192.168.2.23	8.8.8.8	0xb993	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	385	false
Dec 26, 2024 04:58:57.027026892 CET	192.168.2.23	8.8.8.8	0xb993	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	385	false
Dec 26, 2024 04:58:57.149408102 CET	192.168.2.23	8.8.8.8	0xb993	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	385	false
Dec 26, 2024 04:58:57.272051096 CET	192.168.2.23	8.8.8.8	0xb993	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	385	false
Dec 26, 2024 04:58:59.396984100 CET	192.168.2.23	8.8.8.8	0x1952	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	387	false
Dec 26, 2024 04:58:59.519742966 CET	192.168.2.23	8.8.8.8	0x1952	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	387	false
Dec 26, 2024 04:58:59.642191887 CET	192.168.2.23	8.8.8.8	0x1952	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	387	false
Dec 26, 2024 04:58:59.764542103 CET	192.168.2.23	8.8.8.8	0x1952	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	387	false
Dec 26, 2024 04:58:59.887173891 CET	192.168.2.23	8.8.8.8	0x1952	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	388	false
Dec 26, 2024 04:59:02.010605097 CET	192.168.2.23	8.8.8.8	0x3ca2	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	390	false
Dec 26, 2024 04:59:02.135426998 CET	192.168.2.23	8.8.8.8	0x3ca2	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	390	false
Dec 26, 2024 04:59:02.258019924 CET	192.168.2.23	8.8.8.8	0x3ca2	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	390	false
Dec 26, 2024 04:59:02.380740881 CET	192.168.2.23	8.8.8.8	0x3ca2	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	390	false
Dec 26, 2024 04:59:02.503344059 CET	192.168.2.23	8.8.8.8	0x3ca2	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	390	false
Dec 26, 2024 04:59:04.626079082 CET	192.168.2.23	8.8.8.8	0xf502	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	392	false
Dec 26, 2024 04:59:04.748999119 CET	192.168.2.23	8.8.8.8	0xf502	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	392	false
Dec 26, 2024 04:59:04.871865988 CET	192.168.2.23	8.8.8.8	0xf502	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	392	false
Dec 26, 2024 04:59:04.994748116 CET	192.168.2.23	8.8.8.8	0xf502	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	393	false
Dec 26, 2024 04:59:05.117765903 CET	192.168.2.23	8.8.8.8	0xf502	Standard query (0)	raw.cardiacpure.ru. [malformed]	256	393	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 04:57:45.377134085 CET	8.8.8.8	192.168.2.23	0x6ad8	No error (0)	raw.cardiacpure.ru		178.215.238.25	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: wkb86.elf PID: 6219, Parent PID: 6137

General

Start time (UTC):	03:57:44
Start date (UTC):	26/12/2024
Path:	/tmp/wkb86.elf
Arguments:	/tmp/wkb86.elf
File size:	103048 bytes
MD5 hash:	31d0d4b79753adc437547f277479f4f8

Chronological Activities

Analysis Process: wkb86.elf PID: 6220, Parent PID: 6219

General

Start time (UTC):	03:57:44
Start date (UTC):	26/12/2024
Path:	/tmp/wkb86.elf
Arguments:	-
File size:	103048 bytes
MD5 hash:	31d0d4b79753adc437547f277479f4f8

Chronological Activities

Analysis Process: wkb86.elf PID: 6221, Parent PID: 6220

General

Start time (UTC):	03:57:44
Start date (UTC):	26/12/2024
Path:	/tmp/wkb86.elf
Arguments:	-
File size:	103048 bytes
MD5 hash:	31d0d4b79753adc437547f277479f4f8

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report wkb86.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: wkb86.elf PID: 6219, Parent PID: 6137

General

Chronological Activities

Analysis Process: wkb86.elf PID: 6220, Parent PID: 6219

General

Chronological Activities

Analysis Process: wkb86.elf PID: 6221, Parent PID: 6220

General

Chronological Activities

Linux Analysis Report
wkb86.elf