Edit tour

Linux Analysis Report
kitsune.x86.elf

Overview

General Information

Sample name:	kitsune.x86.elf
Analysis ID:	1581079
MD5:	afafe44e75da13379d6c74e263213913
SHA1:	7762088cbd13d325664bd38bef5860b4dc3fc4e7
SHA256:	5e0bf4cb5e267eacdad0681934369a646db7abb39e4f32b0c6f23f88def4e890
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai, Gafgyt

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Detected Mirai

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Gafgyt

Yara detected Mirai

Machine Learning detection for sample

Opens /proc/net/* files useful for finding connected devices and routers

Detected TCP or UDP traffic on non-standard ports

Sample contains strings that are user agent strings indicative of HTTP manipulation

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581079
Start date and time:	2024-12-26 22:19:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	kitsune.x86.elf
Detection:	MAL
Classification:	mal100.spre.troj.linELF@0/0@2/0

Warnings

VT rate limit hit for: kitsune.x86.elf

Runtime Messages

Command:	/tmp/kitsune.x86.elf
PID:	5542
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

kitsune.x86.elf (PID: 5542, Parent: 5462, MD5: afafe44e75da13379d6c74e263213913) Arguments: /tmp/kitsune.x86.elf

kitsune.x86.elf New Fork (PID: 5543, Parent: 5542)

kitsune.x86.elf New Fork (PID: 5544, Parent: 5543)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
kitsune.x86.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
kitsune.x86.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
kitsune.x86.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xda40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdaa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdacc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdaf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdbbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdbd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
kitsune.x86.elf	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0x8a8:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
kitsune.x86.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x5574:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
kitsune.x86.elf	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x7ce:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
kitsune.x86.elf	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xd9ec:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
kitsune.x86.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x356e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x35d2:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x36e9:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
kitsune.x86.elf	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0xf0a:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0xfbf:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1200:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
kitsune.x86.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x8ce2:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
kitsune.x86.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x5925:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
kitsune.x86.elf	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x6f0:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
kitsune.x86.elf	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x323:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
kitsune.x86.elf	Linux_Trojan_Gafgyt_859042a0	unknown	unknown	0x332c:$a: 45 A8 48 83 C0 01 48 89 45 C0 EB 05 48 83 45 C0 01 48 8B 45 C0 0F
kitsune.x86.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x5c1b:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
kitsune.x86.elf	Linux_Trojan_Gafgyt_e4a1982b	unknown	unknown	0x317:$a: 8B 45 EC F7 D0 21 D0 33 45 FC C9 C3 55 48 89 E5 48 83 EC 30 48 89
Click to see the 11 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5542.1.0000000000400000.0000000000411000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5542.1.0000000000400000.0000000000411000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xda40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdaa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdacc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdaf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdbbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdbd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0x8a8:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x5574:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x7ce:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xd9ec:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x356e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x35d2:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x36e9:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0xf0a:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0xfbf:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1200:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x8ce2:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x5925:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x6f0:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x323:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_859042a0	unknown	unknown	0x332c:$a: 45 A8 48 83 C0 01 48 89 45 C0 EB 05 48 83 45 C0 01 48 8B 45 C0 0F
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x5c1b:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5542.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_e4a1982b	unknown	unknown	0x317:$a: 8B 45 EC F7 D0 21 D0 33 45 FC C9 C3 55 48 89 E5 48 83 EC 30 48 89
5543.1.0000000000400000.0000000000411000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5543.1.0000000000400000.0000000000411000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xda40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdaa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdacc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdaf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdbbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdbd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0x8a8:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x5574:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x7ce:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xd9ec:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x356e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x35d2:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x36e9:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0xf0a:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0xfbf:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1200:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x8ce2:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x5925:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x6f0:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x323:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_859042a0	unknown	unknown	0x332c:$a: 45 A8 48 83 C0 01 48 89 45 C0 EB 05 48 83 45 C0 01 48 8B 45 C0 0F
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x5c1b:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5543.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_e4a1982b	unknown	unknown	0x317:$a: 8B 45 EC F7 D0 21 D0 33 45 FC C9 C3 55 48 89 E5 48 83 EC 30 48 89
Process Memory Space: kitsune.x86.elf PID: 5542	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: kitsune.x86.elf PID: 5542	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x30b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x312c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x317c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x31a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x31b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x31cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x31e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x31f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x321c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3230:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3244:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: kitsune.x86.elf PID: 5542	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x3067:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x34d9:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: kitsune.x86.elf PID: 5543	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: kitsune.x86.elf PID: 5543	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x332b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x333f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3353:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3367:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x337b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x338f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x33a3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x33b7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x33cb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x33df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x33f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3407:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x341b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x342f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3443:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3457:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x346b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x347f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3493:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x34a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x34bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: kitsune.x86.elf PID: 5543	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x32de:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x3750:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 33 entries

Suricata Signatures

ETPRO MALWARE ELF/Mirai Variant CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T22:20:14.806764+0100	2843713	1	A Network Trojan was detected	192.168.2.15	58992	178.215.238.69	4258	TCP
2024-12-26T22:20:17.202231+0100	2843713	1	A Network Trojan was detected	192.168.2.15	58994	178.215.238.69	4258	TCP
2024-12-26T22:20:19.577116+0100	2843713	1	A Network Trojan was detected	192.168.2.15	58996	178.215.238.69	4258	TCP
2024-12-26T22:20:21.952245+0100	2843713	1	A Network Trojan was detected	192.168.2.15	58998	178.215.238.69	4258	TCP
2024-12-26T22:20:24.329141+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59000	178.215.238.69	4258	TCP
2024-12-26T22:20:26.702488+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59002	178.215.238.69	4258	TCP
2024-12-26T22:20:29.077830+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59004	178.215.238.69	4258	TCP
2024-12-26T22:20:31.512932+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59006	178.215.238.69	4258	TCP
2024-12-26T22:20:33.924478+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59008	178.215.238.69	4258	TCP
2024-12-26T22:20:36.312085+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59010	178.215.238.69	4258	TCP
2024-12-26T22:20:38.687679+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59012	178.215.238.69	4258	TCP
2024-12-26T22:20:41.062133+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59014	178.215.238.69	4258	TCP
2024-12-26T22:20:43.437587+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59016	178.215.238.69	4258	TCP
2024-12-26T22:20:45.813135+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59018	178.215.238.69	4258	TCP
2024-12-26T22:20:48.426343+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59020	178.215.238.69	4258	TCP
2024-12-26T22:20:50.796356+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59022	178.215.238.69	4258	TCP
2024-12-26T22:20:53.171394+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59024	178.215.238.69	4258	TCP
2024-12-26T22:20:55.703528+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59026	178.215.238.69	4258	TCP
2024-12-26T22:20:58.078014+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59028	178.215.238.69	4258	TCP
2024-12-26T22:21:00.453497+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59030	178.215.238.69	4258	TCP
2024-12-26T22:21:02.859460+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59032	178.215.238.69	4258	TCP
2024-12-26T22:21:05.234373+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59034	178.215.238.69	4258	TCP
2024-12-26T22:21:07.609764+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59036	178.215.238.69	4258	TCP
2024-12-26T22:21:09.985000+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59038	178.215.238.69	4258	TCP
2024-12-26T22:21:12.432365+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59040	178.215.238.69	4258	TCP
2024-12-26T22:21:14.844199+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59042	178.215.238.69	4258	TCP
2024-12-26T22:21:17.267711+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59044	178.215.238.69	4258	TCP
2024-12-26T22:21:19.672116+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59046	178.215.238.69	4258	TCP
2024-12-26T22:21:22.047237+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59048	178.215.238.69	4258	TCP
2024-12-26T22:21:24.421491+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59050	178.215.238.69	4258	TCP
2024-12-26T22:21:26.797469+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59052	178.215.238.69	4258	TCP
2024-12-26T22:21:29.186733+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59054	178.215.238.69	4258	TCP
2024-12-26T22:21:31.562707+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59056	178.215.238.69	4258	TCP
2024-12-26T22:21:33.985001+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59058	178.215.238.69	4258	TCP
2024-12-26T22:21:36.359748+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59060	178.215.238.69	4258	TCP
2024-12-26T22:21:38.779553+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59062	178.215.238.69	4258	TCP
2024-12-26T22:21:41.172847+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59064	178.215.238.69	4258	TCP
2024-12-26T22:21:43.563194+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59066	178.215.238.69	4258	TCP
2024-12-26T22:21:45.937736+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59068	178.215.238.69	4258	TCP
2024-12-26T22:21:48.299875+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59070	178.215.238.69	4258	TCP
2024-12-26T22:21:50.689644+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59072	178.215.238.69	4258	TCP
2024-12-26T22:21:53.063565+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59074	178.215.238.69	4258	TCP
2024-12-26T22:21:55.438514+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59076	178.215.238.69	4258	TCP
2024-12-26T22:21:57.828906+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59078	178.215.238.69	4258	TCP
2024-12-26T22:22:00.220209+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59080	178.215.238.69	4258	TCP
2024-12-26T22:22:02.595534+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59082	178.215.238.69	4258	TCP
2024-12-26T22:22:04.969883+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59084	178.215.238.69	4258	TCP
2024-12-26T22:22:07.345312+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59086	178.215.238.69	4258	TCP
2024-12-26T22:22:09.786933+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59088	178.215.238.69	4258	TCP
2024-12-26T22:22:12.157758+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59090	178.215.238.69	4258	TCP
2024-12-26T22:22:14.532718+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59092	178.215.238.69	4258	TCP
2024-12-26T22:22:16.945010+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59094	178.215.238.69	4258	TCP
2024-12-26T22:22:19.329382+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59096	178.215.238.69	4258	TCP
2024-12-26T22:22:21.704439+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59098	178.215.238.69	4258	TCP
2024-12-26T22:22:24.082345+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59100	178.215.238.69	4258	TCP
2024-12-26T22:22:26.454148+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59102	178.215.238.69	4258	TCP
2024-12-26T22:22:29.312982+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59104	178.215.238.69	4258	TCP
2024-12-26T22:22:31.673832+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59106	178.215.238.69	4258	TCP
2024-12-26T22:22:34.048941+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59108	178.215.238.69	4258	TCP
2024-12-26T22:22:36.423448+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59110	178.215.238.69	4258	TCP
2024-12-26T22:22:38.963073+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59112	178.215.238.69	4258	TCP
2024-12-26T22:22:41.329579+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59114	178.215.238.69	4258	TCP
2024-12-26T22:22:43.705460+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59116	178.215.238.69	4258	TCP
2024-12-26T22:22:46.079766+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59118	178.215.238.69	4258	TCP
2024-12-26T22:22:48.470450+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59120	178.215.238.69	4258	TCP
2024-12-26T22:22:50.845930+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59122	178.215.238.69	4258	TCP
2024-12-26T22:22:53.204929+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59124	178.215.238.69	4258	TCP
2024-12-26T22:22:55.644423+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59126	178.215.238.69	4258	TCP
2024-12-26T22:22:58.017939+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59128	178.215.238.69	4258	TCP
2024-12-26T22:23:00.392484+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59130	178.215.238.69	4258	TCP
2024-12-26T22:23:02.767727+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59132	178.215.238.69	4258	TCP
2024-12-26T22:23:05.174401+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59134	178.215.238.69	4258	TCP
2024-12-26T22:23:07.549633+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59136	178.215.238.69	4258	TCP
2024-12-26T22:23:09.956077+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59138	178.215.238.69	4258	TCP
2024-12-26T22:23:12.362325+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59140	178.215.238.69	4258	TCP
2024-12-26T22:23:14.738144+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59142	178.215.238.69	4258	TCP
2024-12-26T22:23:17.127882+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59144	178.215.238.69	4258	TCP
2024-12-26T22:23:19.519269+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59146	178.215.238.69	4258	TCP
2024-12-26T22:23:21.987304+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59148	178.215.238.69	4258	TCP
2024-12-26T22:23:24.362253+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59150	178.215.238.69	4258	TCP
2024-12-26T22:23:26.753133+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59152	178.215.238.69	4258	TCP
2024-12-26T22:23:29.144197+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59154	178.215.238.69	4258	TCP
2024-12-26T22:23:31.519376+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59156	178.215.238.69	4258	TCP
2024-12-26T22:23:33.910365+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59158	178.215.238.69	4258	TCP
2024-12-26T22:23:36.393345+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59160	178.215.238.69	4258	TCP
2024-12-26T22:23:38.769096+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59162	178.215.238.69	4258	TCP
2024-12-26T22:23:41.144173+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59164	178.215.238.69	4258	TCP
2024-12-26T22:23:43.519092+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59166	178.215.238.69	4258	TCP
2024-12-26T22:23:45.894747+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59168	178.215.238.69	4258	TCP
2024-12-26T22:23:48.284964+0100	2843713	1	A Network Trojan was detected	192.168.2.15	59170	178.215.238.69	4258	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: kitsune.x86.elf

Avira: detected

Found malware configuration

Source: kitsune.x86.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "178.215.238.69:4258"}

Multi AV Scanner detection for submitted file

Source: kitsune.x86.elf

ReversingLabs: Detection: 60%

Machine Learning detection for sample

Source: kitsune.x86.elf

Joe Sandbox ML: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/kitsune.x86.elf (PID: 5542)

Opens: /proc/net/route

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:58994 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59002 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:58992 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59030 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59042 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59052 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59010 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59040 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59018 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59058 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59022 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59076 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59092 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59100 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59026 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:58998 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59020 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59108 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59016 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59074 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59112 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59038 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59136 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59116 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59028 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59124 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59160 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59050 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59046 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59104 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59110 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59166 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:58996 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59134 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59138 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59012 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59148 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59086 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59054 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59128 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59120 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59056 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59114 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59154 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59140 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59118 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59088 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59146 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59106 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59164 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59168 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59130 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59156 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59060 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59064 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59080 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59036 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59090 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59066 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59006 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59162 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59094 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59024 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59078 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59096 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59142 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59158 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59032 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59122 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59132 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59102 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59034 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59044 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59048 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59014 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59004 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59126 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59062 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59072 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59152 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59170 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59068 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59082 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59098 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59000 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59144 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59150 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59008 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59070 -> 178.215.238.69:4258
Source: Network traffic	Suricata IDS: 2843713 - Severity 1 - ETPRO MALWARE ELF/Mirai Variant CnC Checkin : 192.168.2.15:59084 -> 178.215.238.69:4258

Source: global traffic

TCP traffic: 192.168.2.15:58992 -> 178.215.238.69:4258

Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 178.215.238.69

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: kitsune.x86.elf	String found in binary or memory: http://fast.no/support/crawler.asp)
Source: kitsune.x86.elf	String found in binary or memory: http://feedback.redkolibri.com/
Source: kitsune.x86.elf	String found in binary or memory: http://www.baidu.com/search/spider.htm)
Source: kitsune.x86.elf	String found in binary or memory: http://www.baidu.com/search/spider.html)
Source: kitsune.x86.elf	String found in binary or memory: http://www.billybobbot.com/crawler/)

System Summary

Malicious sample detected (through community Yara rule)

Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e4a1982b Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e4a1982b Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e4a1982b Author: unknown
Source: Process Memory Space: kitsune.x86.elf PID: 5542, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: kitsune.x86.elf PID: 5542, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: kitsune.x86.elf PID: 5543, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: kitsune.x86.elf PID: 5543, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: kitsune.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e4a1982b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d9f852c28433128b0fd330bee35f7bd4aada5226e9ca865fe5cd8cca52b2a622, id = e4a1982b-928a-4da5-b497-cedc1d26e845, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e4a1982b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d9f852c28433128b0fd330bee35f7bd4aada5226e9ca865fe5cd8cca52b2a622, id = e4a1982b-928a-4da5-b497-cedc1d26e845, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e4a1982b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d9f852c28433128b0fd330bee35f7bd4aada5226e9ca865fe5cd8cca52b2a622, id = e4a1982b-928a-4da5-b497-cedc1d26e845, last_modified = 2021-09-16
Source: Process Memory Space: kitsune.x86.elf PID: 5542, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: kitsune.x86.elf PID: 5542, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: kitsune.x86.elf PID: 5543, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: kitsune.x86.elf PID: 5543, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/0@2/0

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match	File source: kitsune.x86.elf, type: SAMPLE
Source: Yara match	File source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY

Yara detected Mirai

Source: Yara match	File source: kitsune.x86.elf, type: SAMPLE
Source: Yara match	File source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: kitsune.x86.elf PID: 5542, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kitsune.x86.elf PID: 5543, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60
Source: Initial sample	User agent string found: Mozilla/5.0 (iPad; U; CPU OS 5_1 like Mac OS X) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10 UCBrowser/3.4.3.532
Source: Initial sample	User agent string found: Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.4.2.12 NintendoBrowser/4.3.1.11264.US
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; cn) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

Remote Access Functionality

Detected Mirai

Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin
Source: Traffic	Suricata IDS: ETPRO MALWARE ELF/Mirai Variant CnC Checkin

Yara detected Gafgyt

Source: Yara match	File source: kitsune.x86.elf, type: SAMPLE
Source: Yara match	File source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY

Yara detected Mirai

Source: Yara match	File source: kitsune.x86.elf, type: SAMPLE
Source: Yara match	File source: 5542.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5543.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: kitsune.x86.elf PID: 5542, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kitsune.x86.elf PID: 5543, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	1 Remote System Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

Threatname: Gafgyt

{"C2 url": "178.215.238.69:4258"}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
kitsune.x86.elf	61%	ReversingLabs	Linux.Trojan.Mirai
kitsune.x86.elf	100%	Avira	EXP/ELF.Mirai.Z.A
kitsune.x86.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
178.215.238.69:4258	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.baidu.com/search/spider.html)	kitsune.x86.elf	false	high
http://www.billybobbot.com/crawler/)	kitsune.x86.elf	false	high
http://fast.no/support/crawler.asp)	kitsune.x86.elf	false	high
http://feedback.redkolibri.com/	kitsune.x86.elf	false	high
http://www.baidu.com/search/spider.htm)	kitsune.x86.elf	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
178.215.238.69	unknown	Germany		10753	LVLT-10753US	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
178.215.238.69	kitsune.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	kitsune.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	kitsune.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	kitsune.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	kitsune.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	kitsune.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	kitsune.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	ub8ehJSePAfc9FYqZIT6.spc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.spc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LVLT-10753US	kitsune.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse	178.215.238.69
	kitsune.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	178.215.238.69
	kitsune.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	178.215.238.69
	kitsune.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	178.215.238.69
	ngwa5.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	fnkea7.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	wkb86.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	wlw68k.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	njvwa4.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse	178.215.238.25

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.870957778193571
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	kitsune.x86.elf
File size:	108'630 bytes
MD5:	afafe44e75da13379d6c74e263213913
SHA1:	7762088cbd13d325664bd38bef5860b4dc3fc4e7
SHA256:	5e0bf4cb5e267eacdad0681934369a646db7abb39e4f32b0c6f23f88def4e890
SHA512:	938f2474741e445dc8fea3c3cd23b2d5c4340a3ddc454c45e3b8917bf612174e8a13520a0f21b007d631b309889e06e363ccfccf5dd5e0b072c7a3359b921e48
SSDEEP:	3072:j6dye4BmJQRphaZw/1vc45AzkSXmdRWaLHgb4:dRphaZcErmdRWaDgb4
TLSH:	40B35C07DA21807AC09B43B21BDF96219D23B4FD1772310A33E5AEE4AF095859F9D786
File Content Preview:	.ELF..............>.......@.....@........>..........@.8...@.......................@.......@...../......./......... .............0.......0.a.....0.a.....8)......8......... .....Q.td....................................................H...._........H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	81648
Section Header Size:	64
Number of Section Headers:	15
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x400100	0x100	0xbde4	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x40bee4	0xbee4	0xe	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x40bf00	0xbf00	0x4b2f	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x610a30	0x10a30	0x22fc	0x0	0x3	WA	0	0	8
.ctors	PROGBITS	0x612d30	0x12d30	0x10	0x0	0x3	WA	0	0	8
.dtors	PROGBITS	0x612d40	0x12d40	0x10	0x0	0x3	WA	0	0	8
.jcr	PROGBITS	0x612d50	0x12d50	0x8	0x0	0x3	WA	0	0	8
.data	PROGBITS	0x612d60	0x12d60	0x608	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x613380	0x13368	0x6ae8	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0x13368	0xb1c	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x13e84	0x66	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x142b0	0x4380	0x18	0x0		14	249	8
.strtab	STRTAB	0x0	0x18630	0x2226	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x10a2f	0x10a2f	6.3959	0x5	R E	0x200000	.init .text .fini .rodata
LOAD	0x10a30	0x610a30	0x610a30	0x2938	0x9438	3.5672	0x6	RW	0x200000	.eh_frame .ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000e8	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x400100	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x40bee4	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x40bf00	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x610a30	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x612d30	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x612d40	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x612d50	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x612d60	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x613380	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
C.1.3849	.symtab	0x410820	40	OBJECT	<unknown>	DEFAULT	4
C.53.5637	.symtab	0x40d620	208	OBJECT	<unknown>	DEFAULT	4
C.60.5739	.symtab	0x40e140	2256	OBJECT	<unknown>	DEFAULT	4
Q	.symtab	0x613400	16384	OBJECT	<unknown>	DEFAULT	10
Randhex	.symtab	0x401841	385	FUNC	<unknown>	DEFAULT	2
SendSTD	.symtab	0x4014b4	405	FUNC	<unknown>	DEFAULT	2
UDPRAW	.symtab	0x401745	252	FUNC	<unknown>	DEFAULT	2
_Exit	.symtab	0x403630	43	FUNC	<unknown>	DEFAULT	2
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x612d38	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x612d30	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x612f88	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x40eab0	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x613350	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x410520	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x612f98	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x40edb0	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x612d48	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x612d40	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x610a30	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x612d28	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x612f88	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_tolower	.symtab	0x613350	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_toupper	.symtab	0x612f98	8	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_b	.symtab	0x612f90	8	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_tolower	.symtab	0x613358	8	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_toupper	.symtab	0x612fa0	8	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x4038cc	6	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x4035cc	100	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x408a14	222	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x4051d4	14	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x407604	6	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x403568	100	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x405678	28	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x405694	30	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x405658	32	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x406df4	70	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x406e6f	58	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x4051e4	196	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x403630	43	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x4063bc	200	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x406860	18	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x409b34	43	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x40365c	38	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x407190	41	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x403684	41	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x407338	147	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x4078ce	43	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x4078f9	46	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x40760c	706	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x405464	43	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x619658	4	OBJECT	<unknown>	HIDDEN	10
__GI_exit	.symtab	0x4069d4	95	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x4079f8	269	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x403568	100	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x4088d0	322	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x408704	128	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x408a14	222	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x408784	116	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x408af4	116	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x407b08	10	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x4036b0	38	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x4049c8	56	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x409f04	5	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x409f0c	225	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x409b60	82	FUNC	<unknown>	HIDDEN	2
__GI_fstat64	.symtab	0x409b60	82	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x404a00	128	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x408a14	222	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x4071bc	36	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x4071e0	8	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x4071e8	8	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x4071f0	8	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x405414	10	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2	.symtab	0x405420	65	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2_r	.symtab	0x4093a4	761	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x40b5b0	802	FUNC	<unknown>	HIDDEN	2
__GI_gethostname	.symtab	0x40b8d4	94	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x4071f8	19	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x4036d8	8	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x40720c	40	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x405490	41	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x407234	8	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x61965c	4	OBJECT	<unknown>	HIDDEN	10
__GI_htonl	.symtab	0x405388	5	FUNC	<unknown>	HIDDEN	2
__GI_htons	.symtab	0x405380	8	FUNC	<unknown>	HIDDEN	2
__GI_inet_addr	.symtab	0x4053f4	29	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x40931c	135	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x4053e9	10	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x40539c	77	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x40a68f	518	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x40a3af	493	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x4067a4	185	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x4036e0	101	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x4052f4	25	FUNC	<unknown>	HIDDEN	2
__GI_isspace	.symtab	0x403898	18	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x403748	44	FUNC	<unknown>	HIDDEN	2
__GI_lseek	.symtab	0x40bdd4	45	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x40b9d8	5	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x408ce0	236	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x404b60	102	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x408dcc	702	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x408b70	90	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x40908c	233	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x404bd0	210	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x407160	48	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x409bb4	42	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x40723c	38	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x407264	38	FUNC	<unknown>	HIDDEN	2
__GI_ntohl	.symtab	0x405395	5	FUNC	<unknown>	HIDDEN	2
__GI_ntohs	.symtab	0x40538d	8	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x403774	106	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x407461	157	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x40b934	41	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x4096a0	18	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x406490	72	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x406693	90	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x40a1e4	189	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x4037e0	39	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x407574	143	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x4054f0	11	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x4054fc	45	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x40728c	74	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x403808	44	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x40552c	11	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x405538	48	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x403834	38	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x405568	53	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x4065e8	171	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x4070ed	114	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x4055d0	133	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x4072d8	47	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x406a34	142	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x4055a0	47	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x4038d4	149	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x4066ed	183	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0x40b960	79	FUNC	<unknown>	HIDDEN	2
__GI_stat64	.symtab	0x40b960	79	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x4052b8	48	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x404cb0	417	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x409178	268	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x404e54	33	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x404e54	33	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x404e80	213	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x408bd0	135	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x40b9e0	54	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x404f60	225	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x40a2a4	131	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x405044	201	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x40a158	140	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x409284	53	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x408c58	135	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x405110	193	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x4052e8	10	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x4092bc	94	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x406874	10	FUNC	<unknown>	HIDDEN	2
__GI_strtoll	.symtab	0x406874	10	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x406ba3	560	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x405310	110	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x40385c	8	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x4038ac	30	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0x40b9b0	38	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x40396c	189	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x407308	47	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x403864	7	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x407928	68	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x40797c	123	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x40796c	15	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x40386c	42	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x612d50	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x612d50	0	OBJECT	<unknown>	DEFAULT	8
__app_fini	.symtab	0x619648	8	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x613310	40	OBJECT	<unknown>	DEFAULT	9
__bss_start	.symtab	0x613368	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x406e3a	53	FUNC	<unknown>	DEFAULT	2
__close_nameservers	.symtab	0x40b510	109	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x612f90	8	OBJECT	<unknown>	DEFAULT	9
__ctype_tolower	.symtab	0x613358	8	OBJECT	<unknown>	DEFAULT	9
__ctype_toupper	.symtab	0x612fa0	8	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x619660	8	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x612d70	0	NOTYPE	<unknown>	DEFAULT	9
__decode_dotted	.symtab	0x40a898	280	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x40badc	156	FUNC	<unknown>	HIDDEN	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x40a9b0	1853	FUNC	<unknown>	HIDDEN	2
__do_global_ctors_aux	.symtab	0x40beb0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x400100	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x612d60	0	OBJECT	<unknown>	HIDDEN	9
__encode_dotted	.symtab	0x40be04	162	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x40ba18	193	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x40bb78	80	FUNC	<unknown>	HIDDEN	2
__environ	.symtab	0x619638	8	OBJECT	<unknown>	DEFAULT	10
__errno_location	.symtab	0x4038cc	6	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x619628	8	OBJECT	<unknown>	HIDDEN	10
__fcntl_nocancel	.symtab	0x4035cc	100	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x408a14	222	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x612d2c	0	NOTYPE	<unknown>	HIDDEN	5
__fini_array_start	.symtab	0x612d2c	0	NOTYPE	<unknown>	HIDDEN	5
__get_hosts_byname_r	.symtab	0x40b580	48	FUNC	<unknown>	HIDDEN	2
__getdents	.symtab	0x409de4	288	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x409de4	288	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x4071f8	19	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x4051d4	14	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x407604	6	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x612d2c	0	NOTYPE	<unknown>	HIDDEN	5
__init_array_start	.symtab	0x612d2c	0	NOTYPE	<unknown>	HIDDEN	5
__libc_close	.symtab	0x403684	41	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x405464	43	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x403568	100	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x4036b0	38	FUNC	<unknown>	DEFAULT	2
__libc_lseek	.symtab	0x40bdd4	45	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x40b9d8	5	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x407264	38	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x403774	106	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x4037e0	39	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x4054f0	11	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x4054fc	45	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x403808	44	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x40552c	11	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x405538	48	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x4070ed	114	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x619630	8	OBJECT	<unknown>	DEFAULT	10
__libc_waitpid	.symtab	0x403864	7	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x40386c	42	FUNC	<unknown>	DEFAULT	2
__local_nameserver	.symtab	0x410a10	16	OBJECT	<unknown>	HIDDEN	4
__malloc_consolidate	.symtab	0x406046	407	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x4056b4	110	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x6131d0	40	OBJECT	<unknown>	DEFAULT	9
__malloc_state	.symtab	0x619760	1752	OBJECT	<unknown>	DEFAULT	10
__malloc_trim	.symtab	0x405fb0	150	FUNC	<unknown>	DEFAULT	2
__nameserver	.symtab	0x619e58	8	OBJECT	<unknown>	HIDDEN	10
__nameservers	.symtab	0x619e60	4	OBJECT	<unknown>	HIDDEN	10
__open_etc_hosts	.symtab	0x40bbc8	10	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x40b145	968	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x619640	8	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x612d2c	0	NOTYPE	<unknown>	HIDDEN	5
__preinit_array_start	.symtab	0x612d2c	0	NOTYPE	<unknown>	HIDDEN	5
__progname	.symtab	0x613340	8	OBJECT	<unknown>	DEFAULT	9
__progname_full	.symtab	0x613348	8	OBJECT	<unknown>	DEFAULT	9
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x406dd7	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x406dd4	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x406dd4	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x406dd4	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x406dd4	3	FUNC	<unknown>	DEFAULT	2
__read_etc_hosts_r	.symtab	0x40bbd2	511	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x619e48	8	OBJECT	<unknown>	HIDDEN	10
__resolv_attempts	.symtab	0x613365	1	OBJECT	<unknown>	HIDDEN	9
__resolv_lock	.symtab	0x619670	40	OBJECT	<unknown>	DEFAULT	10
__resolv_timeout	.symtab	0x613364	1	OBJECT	<unknown>	HIDDEN	9
__restore_rt	.symtab	0x4070e4	0	NOTYPE	<unknown>	DEFAULT	2
__rtld_fini	.symtab	0x619650	8	OBJECT	<unknown>	HIDDEN	10
__searchdomain	.symtab	0x619e50	8	OBJECT	<unknown>	HIDDEN	10
__searchdomains	.symtab	0x619e64	4	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x405678	28	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x405694	30	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x405658	32	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x612fc8	8	OBJECT	<unknown>	DEFAULT	9
__stdio_READ	.symtab	0x409ff0	58	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x407b14	171	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x40a02c	131	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x407df4	259	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x403a8b	15	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.4920	.symtab	0x40f0b0	40	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x40a0b0	37	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x40a134	31	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x40a0d8	90	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x407ef8	149	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x403b24	39	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x612fd0	8	OBJECT	<unknown>	DEFAULT	9
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x406df4	70	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x406e6f	58	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x406ea9	570	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x613338	8	OBJECT	<unknown>	HIDDEN	9
__xpg_strerror_r	.symtab	0x4051e4	196	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x409c8c	172	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0x409be0	172	FUNC	<unknown>	HIDDEN	2
__xstat_conv	.symtab	0x409d38	172	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x619410	10	OBJECT	<unknown>	DEFAULT	10
_charpad	.symtab	0x403b4c	77	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x6196b0	80	OBJECT	<unknown>	HIDDEN	10
_custom_printf_handler	.symtab	0x619700	80	OBJECT	<unknown>	HIDDEN	10
_custom_printf_spec	.symtab	0x6131c0	8	OBJECT	<unknown>	HIDDEN	9
_dl_aux_init	.symtab	0x409b1c	23	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x619e38	8	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x619e40	8	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x613368	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x619e68	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x619658	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x403630	43	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x40bee4	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x617410	8192	OBJECT	<unknown>	DEFAULT	10
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x403b99	120	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x4080e4	1565	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x61965c	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x4000e8	0	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x407f90	85	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x4042c8	114	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x404562	1126	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x40433c	67	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x404380	436	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x404534	46	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x406de2	18	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x406dda	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x619750	8	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x400194	42	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x407bc0	563	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x403a2c	95	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x612fd8	8	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_add_lock	.symtab	0x612fe0	40	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_dec_use	.symtab	0x4087f8	216	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x617404	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_del_lock	.symtab	0x613010	40	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_use_count	.symtab	0x617400	4	OBJECT	<unknown>	DEFAULT	10
_stdio_streams	.symtab	0x613040	384	OBJECT	<unknown>	DEFAULT	9
_stdio_term	.symtab	0x403a9a	135	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x613038	4	OBJECT	<unknown>	DEFAULT	9
_stdlib_strto_l	.symtab	0x406880	339	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x407fe8	46	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x40f1b0	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x408018	201	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x403c11	1716	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x4063bc	200	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
atoi	.symtab	0x406860	18	FUNC	<unknown>	DEFAULT	2
atoi.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bcopy	.symtab	0x4052a8	14	FUNC	<unknown>	DEFAULT	2
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x619620	4	OBJECT	<unknown>	DEFAULT	10
bot.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk	.symtab	0x409b34	43	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x4055d0	133	FUNC	<unknown>	DEFAULT	2
buf.3312	.symtab	0x619430	16	OBJECT	<unknown>	DEFAULT	10
buf.5843	.symtab	0x619440	448	OBJECT	<unknown>	DEFAULT	10
bzero	.symtab	0x404a80	210	FUNC	<unknown>	DEFAULT	2
c	.symtab	0x612f7c	4	OBJECT	<unknown>	DEFAULT	9
calloc	.symtab	0x4096b4	248	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
chdir	.symtab	0x40365c	38	FUNC	<unknown>	DEFAULT	2
chdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x407190	41	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x403684	41	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x407338	147	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closenameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
commServer	.symtab	0x612d80	8	OBJECT	<unknown>	DEFAULT	9
completed.5156	.symtab	0x613380	1	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x405464	43	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x4010c3	582	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
currentServer	.symtab	0x612f78	4	OBJECT	<unknown>	DEFAULT	9
data_start	.symtab	0x612d70	0	NOTYPE	<unknown>	DEFAULT	9
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dns	.symtab	0x612d88	8	OBJECT	<unknown>	DEFAULT	9
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x619638	8	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x619658	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x4069d4	95	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x410870	208	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0x4079f8	269	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x403568	100	FUNC	<unknown>	DEFAULT	2
fd_to_DIR	.symtab	0x4073cc	149	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x400323	130	FUNC	<unknown>	DEFAULT	2
fdopendir	.symtab	0x4074fe	115	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x4088d0	322	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x408704	128	FUNC	<unknown>	DEFAULT	2
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x408a14	222	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x408784	116	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x408af4	116	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x410850	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x407b08	10	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x4036b0	38	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x4049c8	56	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x400150	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x4061dd	451	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x409f04	5	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x409f04	5	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x409f0c	225	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x409b60	82	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat64	.symtab	0x409b60	82	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked	.symtab	0x404a00	128	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getArch	.symtab	0x4026b9	11	FUNC	<unknown>	DEFAULT	2
getHost	.symtab	0x400e44	65	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0x4003a5	485	FUNC	<unknown>	DEFAULT	2
getRandomIP	.symtab	0x4002f4	47	FUNC	<unknown>	DEFAULT	2
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc	.symtab	0x408704	128	FUNC	<unknown>	DEFAULT	2
getc_unlocked	.symtab	0x408a14	222	FUNC	<unknown>	DEFAULT	2
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x4071bc	36	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x4071e0	8	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x4071e8	8	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x4071f0	8	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x405414	10	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2	.symtab	0x405420	65	FUNC	<unknown>	DEFAULT	2
gethostbyname2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2_r	.symtab	0x4093a4	761	FUNC	<unknown>	DEFAULT	2
gethostbyname2_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x40b5b0	802	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostname	.symtab	0x40b8d4	94	FUNC	<unknown>	DEFAULT	2
gethostname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x4071f8	19	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x4036d8	8	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x40720c	40	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit64	.symtab	0x40720c	40	FUNC	<unknown>	DEFAULT	2
getsockname	.symtab	0x405490	41	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x4054bc	50	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x407234	8	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x61965c	4	OBJECT	<unknown>	DEFAULT	10
hoste.5842	.symtab	0x619600	32	OBJECT	<unknown>	DEFAULT	10
htonl	.symtab	0x405388	5	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x405380	8	FUNC	<unknown>	DEFAULT	2
i.4975	.symtab	0x612f80	4	OBJECT	<unknown>	DEFAULT	9
index	.symtab	0x404cb0	417	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x4053f4	29	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x40931c	135	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa	.symtab	0x4053e9	10	FUNC	<unknown>	DEFAULT	2
inet_ntoa.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa_r	.symtab	0x40539c	77	FUNC	<unknown>	DEFAULT	2
inet_ntop	.symtab	0x40a68f	518	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x40a59c	243	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x40a3af	493	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x40a328	135	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0x402f38	296	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x4001c0	126	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x406532	110	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x4067a4	185	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x4036e0	101	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x4052f4	25	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isspace	.symtab	0x403898	18	FUNC	<unknown>	DEFAULT	2
isspace.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x403748	44	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
last_id.5904	.symtab	0x613360	2	OBJECT	<unknown>	DEFAULT	9
last_ns_num.5903	.symtab	0x619668	4	OBJECT	<unknown>	DEFAULT	10
listFork	.symtab	0x401309	211	FUNC	<unknown>	DEFAULT	2
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek	.symtab	0x40bdd4	45	FUNC	<unknown>	DEFAULT	2
lseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x40b9d8	5	FUNC	<unknown>	DEFAULT	2
macAddress	.symtab	0x6133f0	6	OBJECT	<unknown>	DEFAULT	10
main	.symtab	0x403060	1285	FUNC	<unknown>	DEFAULT	2
mainCommSock	.symtab	0x6133e0	4	OBJECT	<unknown>	DEFAULT	10
malloc	.symtab	0x405722	2187	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x4063a0	28	FUNC	<unknown>	DEFAULT	2
memchr	.symtab	0x408ce0	236	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x404b60	102	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x408dcc	702	FUNC	<unknown>	DEFAULT	2
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x408b70	90	FUNC	<unknown>	DEFAULT	2
memrchr	.symtab	0x40908c	233	FUNC	<unknown>	DEFAULT	2
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x404bd0	210	FUNC	<unknown>	DEFAULT	2
mmap	.symtab	0x407160	48	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mremap	.symtab	0x409bb4	42	FUNC	<unknown>	DEFAULT	2
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x40723c	38	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x613200	40	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x613230	40	OBJECT	<unknown>	DEFAULT	9
nanosleep	.symtab	0x407264	38	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1699	.symtab	0x619420	8	OBJECT	<unknown>	DEFAULT	10
nprocessors_onln	.symtab	0x406ac4	223	FUNC	<unknown>	DEFAULT	2
ntohl	.symtab	0x405395	5	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x40538d	8	FUNC	<unknown>	DEFAULT	2
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x6133e8	8	OBJECT	<unknown>	DEFAULT	10
object.5168	.symtab	0x6133a0	48	OBJECT	<unknown>	DEFAULT	10
open	.symtab	0x403774	106	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opendir	.symtab	0x407461	157	FUNC	<unknown>	DEFAULT	2
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x6196a0	4	OBJECT	<unknown>	DEFAULT	10
ovhl7	.symtab	0x4019c2	3319	FUNC	<unknown>	DEFAULT	2
p.5154	.symtab	0x612d68	0	OBJECT	<unknown>	DEFAULT	9
parse_config.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pids	.symtab	0x6196a8	8	OBJECT	<unknown>	DEFAULT	10
poll	.symtab	0x40b934	41	FUNC	<unknown>	DEFAULT	2
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.5143	.symtab	0x40f0e8	12	OBJECT	<unknown>	DEFAULT	4
print	.symtab	0x4008b3	1084	FUNC	<unknown>	DEFAULT	2
printchar	.symtab	0x400640	75	FUNC	<unknown>	DEFAULT	2
printi	.symtab	0x400772	321	FUNC	<unknown>	DEFAULT	2
prints	.symtab	0x40068b	231	FUNC	<unknown>	DEFAULT	2
processCmd	.symtab	0x4026c4	2164	FUNC	<unknown>	DEFAULT	2
program_invocation_name	.symtab	0x613348	8	OBJECT	<unknown>	DEFAULT	9
program_invocation_short_name	.symtab	0x613340	8	OBJECT	<unknown>	DEFAULT	9
qual_chars.5150	.symtab	0x40f100	20	OBJECT	<unknown>	DEFAULT	4
raise	.symtab	0x4096a0	18	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x406484	11	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_cmwc	.symtab	0x40023e	182	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x406490	72	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x40fd10	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x406693	90	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x613290	128	OBJECT	<unknown>	DEFAULT	9
rawmemchr	.symtab	0x40a1e4	189	FUNC	<unknown>	DEFAULT	2
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x4037e0	39	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir64	.symtab	0x407574	143	FUNC	<unknown>	DEFAULT	2
readdir64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x4097ac	878	FUNC	<unknown>	DEFAULT	2
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x4054f0	11	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x400e85	574	FUNC	<unknown>	DEFAULT	2
recvfrom	.symtab	0x4054fc	45	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_conf_mtime.5885	.symtab	0x619698	4	OBJECT	<unknown>	DEFAULT	10
rindex	.symtab	0x409284	53	FUNC	<unknown>	DEFAULT	2
sbrk	.symtab	0x40728c	74	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
select	.symtab	0x403808	44	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x40552c	11	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendto	.symtab	0x405538	48	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x403834	38	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x405568	53	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x4064d8	90	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x4065e8	171	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x4070ed	114	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x4055d0	133	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x4072d8	47	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
skip_and_NUL_space	.symtab	0x40b119	44	FUNC	<unknown>	DEFAULT	2
skip_nospace	.symtab	0x40b0f0	41	FUNC	<unknown>	DEFAULT	2
sleep	.symtab	0x406a34	142	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x4055a0	47	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x4013dc	216	FUNC	<unknown>	DEFAULT	2
sockprintf	.symtab	0x400cef	341	FUNC	<unknown>	DEFAULT	2
spec_and_mask.5149	.symtab	0x40f120	16	OBJECT	<unknown>	DEFAULT	4
spec_base.5142	.symtab	0x40f0f4	7	OBJECT	<unknown>	DEFAULT	4
spec_chars.5146	.symtab	0x40f180	21	OBJECT	<unknown>	DEFAULT	4
spec_flags.5145	.symtab	0x40f198	8	OBJECT	<unknown>	DEFAULT	4
spec_or_mask.5148	.symtab	0x40f130	16	OBJECT	<unknown>	DEFAULT	4
spec_ranges.5147	.symtab	0x40f140	9	OBJECT	<unknown>	DEFAULT	4
sprintf	.symtab	0x4038d4	149	FUNC	<unknown>	DEFAULT	2
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x4065a0	72	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x4065a0	72	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x4066ed	183	FUNC	<unknown>	DEFAULT	2
stat	.symtab	0x40b960	79	FUNC	<unknown>	DEFAULT	2
stat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stat64	.symtab	0x40b960	79	FUNC	<unknown>	DEFAULT	2
stderr	.symtab	0x612fc0	8	OBJECT	<unknown>	DEFAULT	9
stdin	.symtab	0x612fb0	8	OBJECT	<unknown>	DEFAULT	9
stdout	.symtab	0x612fb8	8	OBJECT	<unknown>	DEFAULT	9
strcasecmp	.symtab	0x4052b8	48	FUNC	<unknown>	DEFAULT	2
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x404cb0	417	FUNC	<unknown>	DEFAULT	2
strchrnul	.symtab	0x409178	268	FUNC	<unknown>	DEFAULT	2
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x404e54	33	FUNC	<unknown>	DEFAULT	2
strcoll	.symtab	0x404e54	33	FUNC	<unknown>	DEFAULT	2
strcpy	.symtab	0x404e80	213	FUNC	<unknown>	DEFAULT	2
strcspn	.symtab	0x408bd0	135	FUNC	<unknown>	DEFAULT	2
strdup	.symtab	0x40b9e0	54	FUNC	<unknown>	DEFAULT	2
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x4051e4	196	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x404f60	225	FUNC	<unknown>	DEFAULT	2
strncpy	.symtab	0x40a2a4	131	FUNC	<unknown>	DEFAULT	2
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x405044	201	FUNC	<unknown>	DEFAULT	2
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x40a158	140	FUNC	<unknown>	DEFAULT	2
strrchr	.symtab	0x409284	53	FUNC	<unknown>	DEFAULT	2
strrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x408c58	135	FUNC	<unknown>	DEFAULT	2
strstr	.symtab	0x405110	193	FUNC	<unknown>	DEFAULT	2
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoimax	.symtab	0x406874	10	FUNC	<unknown>	DEFAULT	2
strtok	.symtab	0x4052e8	10	FUNC	<unknown>	DEFAULT	2
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x4092bc	94	FUNC	<unknown>	DEFAULT	2
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x406874	10	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x406874	10	FUNC	<unknown>	DEFAULT	2
strtoq	.symtab	0x406874	10	FUNC	<unknown>	DEFAULT	2
sysconf	.symtab	0x406ba3	560	FUNC	<unknown>	DEFAULT	2
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcgetattr	.symtab	0x405310	110	FUNC	<unknown>	DEFAULT	2
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
time	.symtab	0x40385c	8	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x4038ac	30	FUNC	<unknown>	DEFAULT	2
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x40058a	182	FUNC	<unknown>	DEFAULT	2
type_codes	.symtab	0x40f150	24	OBJECT	<unknown>	DEFAULT	4
type_sizes	.symtab	0x40f168	12	OBJECT	<unknown>	DEFAULT	4
uname	.symtab	0x40b9b0	38	FUNC	<unknown>	DEFAULT	2
uname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
unknown.1721	.symtab	0x40f1a0	14	OBJECT	<unknown>	DEFAULT	4
unsafe_state	.symtab	0x613260	40	OBJECT	<unknown>	DEFAULT	9
useragents	.symtab	0x612da0	472	OBJECT	<unknown>	DEFAULT	9
vsnprintf	.symtab	0x40396c	189	FUNC	<unknown>	DEFAULT	2
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wait4	.symtab	0x407308	47	FUNC	<unknown>	DEFAULT	2
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x403864	7	FUNC	<unknown>	DEFAULT	2
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x407928	68	FUNC	<unknown>	DEFAULT	2
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x40797c	123	FUNC	<unknown>	DEFAULT	2
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x40796c	15	FUNC	<unknown>	DEFAULT	2
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
write	.symtab	0x40386c	42	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xdigits.3743	.symtab	0x4109a0	17	OBJECT	<unknown>	DEFAULT	4
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xtdcustom	.symtab	0x401649	252	FUNC	<unknown>	DEFAULT	2

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T22:20:14.806764+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	58992	178.215.238.69	4258	TCP
2024-12-26T22:20:17.202231+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	58994	178.215.238.69	4258	TCP
2024-12-26T22:20:19.577116+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	58996	178.215.238.69	4258	TCP
2024-12-26T22:20:21.952245+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	58998	178.215.238.69	4258	TCP
2024-12-26T22:20:24.329141+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59000	178.215.238.69	4258	TCP
2024-12-26T22:20:26.702488+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59002	178.215.238.69	4258	TCP
2024-12-26T22:20:29.077830+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59004	178.215.238.69	4258	TCP
2024-12-26T22:20:31.512932+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59006	178.215.238.69	4258	TCP
2024-12-26T22:20:33.924478+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59008	178.215.238.69	4258	TCP
2024-12-26T22:20:36.312085+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59010	178.215.238.69	4258	TCP
2024-12-26T22:20:38.687679+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59012	178.215.238.69	4258	TCP
2024-12-26T22:20:41.062133+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59014	178.215.238.69	4258	TCP
2024-12-26T22:20:43.437587+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59016	178.215.238.69	4258	TCP
2024-12-26T22:20:45.813135+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59018	178.215.238.69	4258	TCP
2024-12-26T22:20:48.426343+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59020	178.215.238.69	4258	TCP
2024-12-26T22:20:50.796356+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59022	178.215.238.69	4258	TCP
2024-12-26T22:20:53.171394+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59024	178.215.238.69	4258	TCP
2024-12-26T22:20:55.703528+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59026	178.215.238.69	4258	TCP
2024-12-26T22:20:58.078014+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59028	178.215.238.69	4258	TCP
2024-12-26T22:21:00.453497+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59030	178.215.238.69	4258	TCP
2024-12-26T22:21:02.859460+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59032	178.215.238.69	4258	TCP
2024-12-26T22:21:05.234373+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59034	178.215.238.69	4258	TCP
2024-12-26T22:21:07.609764+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59036	178.215.238.69	4258	TCP
2024-12-26T22:21:09.985000+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59038	178.215.238.69	4258	TCP
2024-12-26T22:21:12.432365+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59040	178.215.238.69	4258	TCP
2024-12-26T22:21:14.844199+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59042	178.215.238.69	4258	TCP
2024-12-26T22:21:17.267711+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59044	178.215.238.69	4258	TCP
2024-12-26T22:21:19.672116+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59046	178.215.238.69	4258	TCP
2024-12-26T22:21:22.047237+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59048	178.215.238.69	4258	TCP
2024-12-26T22:21:24.421491+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59050	178.215.238.69	4258	TCP
2024-12-26T22:21:26.797469+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59052	178.215.238.69	4258	TCP
2024-12-26T22:21:29.186733+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59054	178.215.238.69	4258	TCP
2024-12-26T22:21:31.562707+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59056	178.215.238.69	4258	TCP
2024-12-26T22:21:33.985001+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59058	178.215.238.69	4258	TCP
2024-12-26T22:21:36.359748+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59060	178.215.238.69	4258	TCP
2024-12-26T22:21:38.779553+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59062	178.215.238.69	4258	TCP
2024-12-26T22:21:41.172847+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59064	178.215.238.69	4258	TCP
2024-12-26T22:21:43.563194+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59066	178.215.238.69	4258	TCP
2024-12-26T22:21:45.937736+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59068	178.215.238.69	4258	TCP
2024-12-26T22:21:48.299875+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59070	178.215.238.69	4258	TCP
2024-12-26T22:21:50.689644+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59072	178.215.238.69	4258	TCP
2024-12-26T22:21:53.063565+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59074	178.215.238.69	4258	TCP
2024-12-26T22:21:55.438514+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59076	178.215.238.69	4258	TCP
2024-12-26T22:21:57.828906+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59078	178.215.238.69	4258	TCP
2024-12-26T22:22:00.220209+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59080	178.215.238.69	4258	TCP
2024-12-26T22:22:02.595534+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59082	178.215.238.69	4258	TCP
2024-12-26T22:22:04.969883+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59084	178.215.238.69	4258	TCP
2024-12-26T22:22:07.345312+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59086	178.215.238.69	4258	TCP
2024-12-26T22:22:09.786933+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59088	178.215.238.69	4258	TCP
2024-12-26T22:22:12.157758+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59090	178.215.238.69	4258	TCP
2024-12-26T22:22:14.532718+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59092	178.215.238.69	4258	TCP
2024-12-26T22:22:16.945010+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59094	178.215.238.69	4258	TCP
2024-12-26T22:22:19.329382+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59096	178.215.238.69	4258	TCP
2024-12-26T22:22:21.704439+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59098	178.215.238.69	4258	TCP
2024-12-26T22:22:24.082345+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59100	178.215.238.69	4258	TCP
2024-12-26T22:22:26.454148+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59102	178.215.238.69	4258	TCP
2024-12-26T22:22:29.312982+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59104	178.215.238.69	4258	TCP
2024-12-26T22:22:31.673832+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59106	178.215.238.69	4258	TCP
2024-12-26T22:22:34.048941+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59108	178.215.238.69	4258	TCP
2024-12-26T22:22:36.423448+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59110	178.215.238.69	4258	TCP
2024-12-26T22:22:38.963073+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59112	178.215.238.69	4258	TCP
2024-12-26T22:22:41.329579+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59114	178.215.238.69	4258	TCP
2024-12-26T22:22:43.705460+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59116	178.215.238.69	4258	TCP
2024-12-26T22:22:46.079766+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59118	178.215.238.69	4258	TCP
2024-12-26T22:22:48.470450+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59120	178.215.238.69	4258	TCP
2024-12-26T22:22:50.845930+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59122	178.215.238.69	4258	TCP
2024-12-26T22:22:53.204929+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59124	178.215.238.69	4258	TCP
2024-12-26T22:22:55.644423+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59126	178.215.238.69	4258	TCP
2024-12-26T22:22:58.017939+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59128	178.215.238.69	4258	TCP
2024-12-26T22:23:00.392484+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59130	178.215.238.69	4258	TCP
2024-12-26T22:23:02.767727+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59132	178.215.238.69	4258	TCP
2024-12-26T22:23:05.174401+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59134	178.215.238.69	4258	TCP
2024-12-26T22:23:07.549633+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59136	178.215.238.69	4258	TCP
2024-12-26T22:23:09.956077+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59138	178.215.238.69	4258	TCP
2024-12-26T22:23:12.362325+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59140	178.215.238.69	4258	TCP
2024-12-26T22:23:14.738144+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59142	178.215.238.69	4258	TCP
2024-12-26T22:23:17.127882+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59144	178.215.238.69	4258	TCP
2024-12-26T22:23:19.519269+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59146	178.215.238.69	4258	TCP
2024-12-26T22:23:21.987304+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59148	178.215.238.69	4258	TCP
2024-12-26T22:23:24.362253+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59150	178.215.238.69	4258	TCP
2024-12-26T22:23:26.753133+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59152	178.215.238.69	4258	TCP
2024-12-26T22:23:29.144197+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59154	178.215.238.69	4258	TCP
2024-12-26T22:23:31.519376+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59156	178.215.238.69	4258	TCP
2024-12-26T22:23:33.910365+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59158	178.215.238.69	4258	TCP
2024-12-26T22:23:36.393345+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59160	178.215.238.69	4258	TCP
2024-12-26T22:23:38.769096+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59162	178.215.238.69	4258	TCP
2024-12-26T22:23:41.144173+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59164	178.215.238.69	4258	TCP
2024-12-26T22:23:43.519092+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59166	178.215.238.69	4258	TCP
2024-12-26T22:23:45.894747+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59168	178.215.238.69	4258	TCP
2024-12-26T22:23:48.284964+0100	2843713	ETPRO MALWARE ELF/Mirai Variant CnC Checkin	1	192.168.2.15	59170	178.215.238.69	4258	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 22:20:14.687041044 CET	58992	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:14.806642056 CET	4258	58992	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:14.806735039 CET	58992	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:14.806763887 CET	58992	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:14.926292896 CET	4258	58992	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:17.081938028 CET	4258	58992	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:17.082129955 CET	58992	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:17.082613945 CET	58994	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:17.201631069 CET	4258	58992	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:17.202090979 CET	4258	58994	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:17.202230930 CET	58994	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:17.202230930 CET	58994	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:17.321856976 CET	4258	58994	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:19.456587076 CET	4258	58994	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:19.456799984 CET	58994	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:19.457437992 CET	58996	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:19.576615095 CET	4258	58994	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:19.576968908 CET	4258	58996	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:19.577095032 CET	58996	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:19.577116013 CET	58996	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:19.696605921 CET	4258	58996	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:21.831774950 CET	4258	58996	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:21.832082987 CET	58996	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:21.832564116 CET	58998	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:21.951682091 CET	4258	58996	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:21.952142954 CET	4258	58998	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:21.952219009 CET	58998	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:21.952244997 CET	58998	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:22.071886063 CET	4258	58998	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:24.208686113 CET	4258	58998	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:24.208895922 CET	58998	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:24.209464073 CET	59000	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:24.328603029 CET	4258	58998	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:24.328964949 CET	4258	59000	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:24.329102039 CET	59000	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:24.329140902 CET	59000	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:24.448695898 CET	4258	59000	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:26.581608057 CET	4258	59000	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:26.581969976 CET	59000	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:26.582763910 CET	59002	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:26.701612949 CET	4258	59000	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:26.702265024 CET	4258	59002	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:26.702487946 CET	59002	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:26.702487946 CET	59002	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:26.822045088 CET	4258	59002	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:28.957345009 CET	4258	59002	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:28.957564116 CET	59002	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:28.958189964 CET	59004	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:29.077094078 CET	4258	59002	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:29.077650070 CET	4258	59004	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:29.077830076 CET	59004	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:29.077830076 CET	59004	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:29.197419882 CET	4258	59004	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:31.391506910 CET	4258	59004	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:31.391818047 CET	59004	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:31.393266916 CET	59006	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:31.511424065 CET	4258	59004	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:31.512774944 CET	4258	59006	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:31.512871981 CET	59006	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:31.512932062 CET	59006	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:31.633487940 CET	4258	59006	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:33.800702095 CET	4258	59006	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:33.800990105 CET	59006	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:33.801763058 CET	59008	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:33.921736956 CET	4258	59006	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:33.922348976 CET	4258	59008	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:33.922769070 CET	59008	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:33.924478054 CET	59008	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:34.044101000 CET	4258	59008	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:36.191346884 CET	4258	59008	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:36.191565037 CET	59008	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:36.192193985 CET	59010	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:36.311105013 CET	4258	59008	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:36.311678886 CET	4258	59010	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:36.311913967 CET	59010	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:36.312084913 CET	59010	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:36.431519985 CET	4258	59010	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:38.566709995 CET	4258	59010	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:38.567184925 CET	59010	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:38.568003893 CET	59012	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:38.686820984 CET	4258	59010	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:38.687463045 CET	4258	59012	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:38.687598944 CET	59012	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:38.687679052 CET	59012	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:38.807328939 CET	4258	59012	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:40.941309929 CET	4258	59012	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:40.941581964 CET	59012	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:40.942471027 CET	59014	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:41.061229944 CET	4258	59012	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:41.061969042 CET	4258	59014	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:41.062089920 CET	59014	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:41.062133074 CET	59014	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:41.181680918 CET	4258	59014	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:43.316776991 CET	4258	59014	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:43.316970110 CET	59014	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:43.317569971 CET	59016	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:43.436585903 CET	4258	59014	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:43.437202930 CET	4258	59016	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:43.437587023 CET	59016	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:43.437587023 CET	59016	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:43.557244062 CET	4258	59016	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:45.691673040 CET	4258	59016	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:45.691920996 CET	59016	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:45.692529917 CET	59018	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:45.812546968 CET	4258	59016	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:45.812980890 CET	4258	59018	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:45.813134909 CET	59018	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:45.813134909 CET	59018	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:45.932706118 CET	4258	59018	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:48.066792965 CET	4258	59018	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:48.067020893 CET	59018	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:48.067719936 CET	59020	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:48.426206112 CET	4258	59018	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:48.426223040 CET	4258	59020	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:48.426311970 CET	59020	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:48.426342964 CET	59020	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:48.545993090 CET	4258	59020	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:50.676095009 CET	4258	59020	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:50.676261902 CET	59020	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:50.676744938 CET	59022	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:50.795831919 CET	4258	59020	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:50.796217918 CET	4258	59022	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:50.796298981 CET	59022	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:50.796355963 CET	59022	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:50.916292906 CET	4258	59022	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:53.050616026 CET	4258	59022	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:53.050851107 CET	59022	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:53.051668882 CET	59024	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:53.170533895 CET	4258	59022	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:53.171133995 CET	4258	59024	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:53.171377897 CET	59024	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:53.171394110 CET	59024	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:53.290950060 CET	4258	59024	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:55.582758904 CET	4258	59024	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:55.583138943 CET	59024	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:55.583687067 CET	59026	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:55.702779055 CET	4258	59024	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:55.703299999 CET	4258	59026	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:55.703399897 CET	59026	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:55.703527927 CET	59026	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:55.823373079 CET	4258	59026	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:57.957335949 CET	4258	59026	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:57.957547903 CET	59026	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:57.958421946 CET	59028	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:58.077091932 CET	4258	59026	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:58.077863932 CET	4258	59028	178.215.238.69	192.168.2.15
Dec 26, 2024 22:20:58.077992916 CET	59028	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:58.078013897 CET	59028	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:20:58.197454929 CET	4258	59028	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:00.332948923 CET	4258	59028	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:00.333277941 CET	59028	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:00.333851099 CET	59030	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:00.452830076 CET	4258	59028	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:00.453334093 CET	4258	59030	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:00.453464985 CET	59030	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:00.453496933 CET	59030	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:00.573043108 CET	4258	59030	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:02.738683939 CET	4258	59030	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:02.738970995 CET	59030	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:02.739661932 CET	59032	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:02.858520031 CET	4258	59030	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:02.859343052 CET	4258	59032	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:02.859460115 CET	59032	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:02.859460115 CET	59032	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:02.979057074 CET	4258	59032	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:05.114018917 CET	4258	59032	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:05.114245892 CET	59032	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:05.114763021 CET	59034	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:05.233912945 CET	4258	59032	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:05.234277010 CET	4258	59034	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:05.234373093 CET	59034	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:05.234373093 CET	59034	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:05.354059935 CET	4258	59034	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:07.488765955 CET	4258	59034	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:07.489089012 CET	59034	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:07.489911079 CET	59036	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:07.608737946 CET	4258	59034	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:07.609523058 CET	4258	59036	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:07.609678984 CET	59036	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:07.609764099 CET	59036	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:07.729250908 CET	4258	59036	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:09.864485979 CET	4258	59036	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:09.864769936 CET	59036	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:09.865370035 CET	59038	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:09.984288931 CET	4258	59036	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:09.984889984 CET	4258	59038	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:09.984956026 CET	59038	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:09.984999895 CET	59038	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:10.104691982 CET	4258	59038	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:12.312174082 CET	4258	59038	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:12.312359095 CET	59038	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:12.312858105 CET	59040	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:12.431914091 CET	4258	59038	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:12.432286978 CET	4258	59040	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:12.432337999 CET	59040	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:12.432364941 CET	59040	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:12.552083969 CET	4258	59040	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:14.723587990 CET	4258	59040	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:14.723927021 CET	59040	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:14.724489927 CET	59042	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:14.843477964 CET	4258	59040	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:14.844027042 CET	4258	59042	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:14.844197989 CET	59042	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:14.844198942 CET	59042	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:14.964775085 CET	4258	59042	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:17.147098064 CET	4258	59042	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:17.147402048 CET	59042	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:17.148026943 CET	59044	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:17.267066002 CET	4258	59042	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:17.267570019 CET	4258	59044	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:17.267689943 CET	59044	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:17.267710924 CET	59044	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:17.387214899 CET	4258	59044	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:19.551753998 CET	4258	59044	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:19.552035093 CET	59044	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:19.552480936 CET	59046	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:19.671703100 CET	4258	59044	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:19.672000885 CET	4258	59046	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:19.672090054 CET	59046	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:19.672116041 CET	59046	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:19.791881084 CET	4258	59046	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:21.926724911 CET	4258	59046	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:21.926955938 CET	59046	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:21.927596092 CET	59048	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:22.046516895 CET	4258	59046	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:22.047105074 CET	4258	59048	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:22.047178984 CET	59048	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:22.047236919 CET	59048	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:22.166815042 CET	4258	59048	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:24.301434994 CET	4258	59048	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:24.301573038 CET	59048	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:24.301963091 CET	59050	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:24.421114922 CET	4258	59048	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:24.421430111 CET	4258	59050	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:24.421489954 CET	59050	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:24.421490908 CET	59050	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:24.541238070 CET	4258	59050	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:26.676894903 CET	4258	59050	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:26.677098989 CET	59050	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:26.677683115 CET	59052	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:26.796818018 CET	4258	59050	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:26.797358990 CET	4258	59052	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:26.797445059 CET	59052	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:26.797468901 CET	59052	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:26.916985035 CET	4258	59052	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:29.066358089 CET	4258	59052	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:29.066592932 CET	59052	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:29.067153931 CET	59054	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:29.186310053 CET	4258	59052	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:29.186640978 CET	4258	59054	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:29.186733007 CET	59054	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:29.186733007 CET	59054	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:29.306353092 CET	4258	59054	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:31.442378998 CET	4258	59054	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:31.442590952 CET	59054	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:31.443128109 CET	59056	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:31.562186003 CET	4258	59054	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:31.562585115 CET	4258	59056	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:31.562706947 CET	59056	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:31.562706947 CET	59056	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:31.682229042 CET	4258	59056	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:33.864533901 CET	4258	59056	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:33.864695072 CET	59056	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:33.865313053 CET	59058	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:33.984266043 CET	4258	59056	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:33.984925985 CET	4258	59058	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:33.984986067 CET	59058	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:33.985001087 CET	59058	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:34.104614973 CET	4258	59058	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:36.239255905 CET	4258	59058	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:36.239402056 CET	59058	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:36.240123987 CET	59060	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:36.359004021 CET	4258	59058	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:36.359672070 CET	4258	59060	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:36.359747887 CET	59060	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:36.359747887 CET	59060	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:36.479286909 CET	4258	59060	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:38.658982038 CET	4258	59060	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:38.659195900 CET	59060	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:38.659740925 CET	59062	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:38.778845072 CET	4258	59060	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:38.779452085 CET	4258	59062	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:38.779552937 CET	59062	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:38.779552937 CET	59062	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:38.899297953 CET	4258	59062	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:41.051728010 CET	4258	59062	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:41.051928997 CET	59062	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:41.052424908 CET	59064	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:41.172673941 CET	4258	59062	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:41.172687054 CET	4258	59064	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:41.172846079 CET	59064	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:41.172847033 CET	59064	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:41.292838097 CET	4258	59064	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:43.442799091 CET	4258	59064	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:43.443047047 CET	59064	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:43.443574905 CET	59066	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:43.562757969 CET	4258	59064	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:43.563038111 CET	4258	59066	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:43.563121080 CET	59066	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:43.563194036 CET	59066	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:43.682698965 CET	4258	59066	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:45.817332029 CET	4258	59066	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:45.817507029 CET	59066	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:45.817914009 CET	59068	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:45.937207937 CET	4258	59066	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:45.937575102 CET	4258	59068	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:45.937638044 CET	59068	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:45.937736034 CET	59068	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:46.057207108 CET	4258	59068	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:48.178186893 CET	4258	59068	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:48.178412914 CET	59068	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:48.179183960 CET	59070	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:48.298991919 CET	4258	59068	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:48.299721956 CET	4258	59070	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:48.299803019 CET	59070	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:48.299875021 CET	59070	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:48.419403076 CET	4258	59070	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:50.569107056 CET	4258	59070	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:50.569284916 CET	59070	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:50.569976091 CET	59072	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:50.688957930 CET	4258	59070	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:50.689522028 CET	4258	59072	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:50.689630985 CET	59072	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:50.689644098 CET	59072	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:50.809216022 CET	4258	59072	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:52.943039894 CET	4258	59072	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:52.943263054 CET	59072	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:52.943881989 CET	59074	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:53.062841892 CET	4258	59072	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:53.063463926 CET	4258	59074	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:53.063532114 CET	59074	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:53.063565016 CET	59074	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:53.183265924 CET	4258	59074	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:55.318104029 CET	4258	59074	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:55.318299055 CET	59074	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:55.318830013 CET	59076	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:55.437860966 CET	4258	59074	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:55.438397884 CET	4258	59076	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:55.438482046 CET	59076	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:55.438513994 CET	59076	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:55.558059931 CET	4258	59076	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:57.708455086 CET	4258	59076	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:57.708769083 CET	59076	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:57.709331036 CET	59078	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:57.828279972 CET	4258	59076	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:57.828752041 CET	4258	59078	178.215.238.69	192.168.2.15
Dec 26, 2024 22:21:57.828855038 CET	59078	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:57.828906059 CET	59078	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:21:57.948484898 CET	4258	59078	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:00.099498987 CET	4258	59078	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:00.099788904 CET	59078	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:00.100444078 CET	59080	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:00.219317913 CET	4258	59078	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:00.220007896 CET	4258	59080	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:00.220149994 CET	59080	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:00.220208883 CET	59080	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:00.342395067 CET	4258	59080	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:02.474930048 CET	4258	59080	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:02.475215912 CET	59080	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:02.475915909 CET	59082	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:02.594783068 CET	4258	59080	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:02.595395088 CET	4258	59082	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:02.595479012 CET	59082	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:02.595534086 CET	59082	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:02.715092897 CET	4258	59082	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:04.849339962 CET	4258	59082	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:04.849462032 CET	59082	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:04.849936962 CET	59084	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:04.969039917 CET	4258	59082	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:04.969710112 CET	4258	59084	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:04.969816923 CET	59084	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:04.969882965 CET	59084	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:05.089366913 CET	4258	59084	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:07.224384069 CET	4258	59084	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:07.224658012 CET	59084	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:07.225526094 CET	59086	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:07.344227076 CET	4258	59084	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:07.345012903 CET	4258	59086	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:07.345120907 CET	59086	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:07.345312119 CET	59086	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:07.464850903 CET	4258	59086	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:09.666093111 CET	4258	59086	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:09.666496038 CET	59086	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:09.667190075 CET	59088	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:09.786113977 CET	4258	59086	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:09.786711931 CET	4258	59088	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:09.786932945 CET	59088	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:09.786932945 CET	59088	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:09.906507015 CET	4258	59088	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:12.036710024 CET	4258	59088	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:12.036990881 CET	59088	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:12.037888050 CET	59090	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:12.156685114 CET	4258	59088	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:12.157468081 CET	4258	59090	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:12.157665014 CET	59090	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:12.157757998 CET	59090	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:12.277544975 CET	4258	59090	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:14.411920071 CET	4258	59090	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:14.412244081 CET	59090	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:14.413139105 CET	59092	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:14.531853914 CET	4258	59090	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:14.532650948 CET	4258	59092	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:14.532704115 CET	59092	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:14.532717943 CET	59092	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:14.652326107 CET	4258	59092	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:16.824825048 CET	4258	59092	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:16.824944973 CET	59092	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:16.825427055 CET	59094	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:16.944550991 CET	4258	59092	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:16.944916964 CET	4258	59094	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:16.944981098 CET	59094	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:16.945009947 CET	59094	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:17.064527988 CET	4258	59094	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:19.209028959 CET	4258	59094	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:19.209161997 CET	59094	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:19.209764957 CET	59096	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:19.328704119 CET	4258	59094	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:19.329294920 CET	4258	59096	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:19.329355955 CET	59096	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:19.329381943 CET	59096	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:19.448847055 CET	4258	59096	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:21.584072113 CET	4258	59096	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:21.584186077 CET	59096	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:21.584738016 CET	59098	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:21.703841925 CET	4258	59096	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:21.704369068 CET	4258	59098	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:21.704438925 CET	59098	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:21.704438925 CET	59098	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:21.824079037 CET	4258	59098	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:23.961782932 CET	4258	59098	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:23.961932898 CET	59098	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:23.962426901 CET	59100	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:24.081703901 CET	4258	59098	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:24.082259893 CET	4258	59100	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:24.082345009 CET	59100	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:24.082345009 CET	59100	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:24.201961040 CET	4258	59100	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:26.334047079 CET	4258	59100	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:26.334187031 CET	59100	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:26.334583998 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:26.453751087 CET	4258	59100	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:26.454042912 CET	4258	59102	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:26.454099894 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:26.454148054 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:26.573604107 CET	4258	59102	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:28.709126949 CET	4258	59102	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:28.709275007 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:28.709846973 CET	59104	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:29.084877014 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:29.312726021 CET	4258	59102	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:29.312838078 CET	4258	59102	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:29.312844992 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:29.312849998 CET	4258	59104	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:29.312869072 CET	4258	59102	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:29.312912941 CET	59104	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:29.312938929 CET	59102	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:29.312982082 CET	59104	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:29.432570934 CET	4258	59104	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:31.552967072 CET	4258	59104	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:31.553348064 CET	59104	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:31.554151058 CET	59106	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:31.672842979 CET	4258	59104	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:31.673614979 CET	4258	59106	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:31.673736095 CET	59106	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:31.673831940 CET	59106	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:31.793514967 CET	4258	59106	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:33.928287029 CET	4258	59106	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:33.928523064 CET	59106	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:33.929199934 CET	59108	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:34.048197985 CET	4258	59106	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:34.048727036 CET	4258	59108	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:34.048873901 CET	59108	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:34.048940897 CET	59108	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:34.168479919 CET	4258	59108	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:36.302898884 CET	4258	59108	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:36.303219080 CET	59108	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:36.303868055 CET	59110	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:36.422795057 CET	4258	59108	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:36.423304081 CET	4258	59110	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:36.423414946 CET	59110	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:36.423448086 CET	59110	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:36.543159008 CET	4258	59110	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:38.842669010 CET	4258	59110	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:38.842927933 CET	59110	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:38.843547106 CET	59112	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:38.962454081 CET	4258	59110	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:38.962980986 CET	4258	59112	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:38.963054895 CET	59112	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:38.963073015 CET	59112	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:39.082592964 CET	4258	59112	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:41.209475994 CET	4258	59112	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:41.209614992 CET	59112	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:41.210099936 CET	59114	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:41.329138994 CET	4258	59112	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:41.329509020 CET	4258	59114	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:41.329559088 CET	59114	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:41.329579115 CET	59114	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:41.449060917 CET	4258	59114	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:43.584606886 CET	4258	59114	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:43.584897041 CET	59114	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:43.585766077 CET	59116	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:43.704385996 CET	4258	59114	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:43.705269098 CET	4258	59116	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:43.705375910 CET	59116	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:43.705460072 CET	59116	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:43.825192928 CET	4258	59116	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:45.959592104 CET	4258	59116	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:45.959731102 CET	59116	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:45.960186005 CET	59118	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:46.079330921 CET	4258	59116	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:46.079648018 CET	4258	59118	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:46.079711914 CET	59118	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:46.079766035 CET	59118	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:46.199418068 CET	4258	59118	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:48.350265026 CET	4258	59118	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:48.350406885 CET	59118	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:48.350903988 CET	59120	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:48.469904900 CET	4258	59118	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:48.470372915 CET	4258	59120	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:48.470432043 CET	59120	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:48.470449924 CET	59120	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:48.589905024 CET	4258	59120	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:50.725006104 CET	4258	59120	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:50.725145102 CET	59120	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:50.725893021 CET	59122	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:50.845035076 CET	4258	59120	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:50.845860958 CET	4258	59122	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:50.845907927 CET	59122	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:50.845930099 CET	59122	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:50.965478897 CET	4258	59122	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:53.084480047 CET	4258	59122	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:53.084650993 CET	59122	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:53.085238934 CET	59124	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:53.204503059 CET	4258	59122	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:53.204818964 CET	4258	59124	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:53.204904079 CET	59124	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:53.204929113 CET	59124	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:53.324635029 CET	4258	59124	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:55.523643017 CET	4258	59124	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:55.523895025 CET	59124	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:55.524781942 CET	59126	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:55.643466949 CET	4258	59124	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:55.644256115 CET	4258	59126	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:55.644345045 CET	59126	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:55.644423008 CET	59126	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:55.763912916 CET	4258	59126	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:57.897578955 CET	4258	59126	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:57.897731066 CET	59126	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:57.898312092 CET	59128	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:58.017450094 CET	4258	59126	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:58.017870903 CET	4258	59128	178.215.238.69	192.168.2.15
Dec 26, 2024 22:22:58.017939091 CET	59128	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:58.017939091 CET	59128	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:22:58.137679100 CET	4258	59128	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:00.272344112 CET	4258	59128	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:00.272439957 CET	59128	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:00.272947073 CET	59130	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:00.392064095 CET	4258	59128	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:00.392409086 CET	4258	59130	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:00.392483950 CET	59130	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:00.392483950 CET	59130	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:00.512026072 CET	4258	59130	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:02.647134066 CET	4258	59130	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:02.647299051 CET	59130	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:02.647855043 CET	59132	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:02.766932011 CET	4258	59130	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:02.767534971 CET	4258	59132	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:02.767674923 CET	59132	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:02.767726898 CET	59132	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:02.887248993 CET	4258	59132	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:05.053528070 CET	4258	59132	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:05.053817034 CET	59132	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:05.054596901 CET	59134	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:05.173537970 CET	4258	59132	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:05.174252033 CET	4258	59134	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:05.174401045 CET	59134	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:05.174401045 CET	59134	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:05.293987989 CET	4258	59134	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:07.429006100 CET	4258	59134	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:07.429313898 CET	59134	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:07.429869890 CET	59136	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:07.549200058 CET	4258	59134	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:07.549483061 CET	4258	59136	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:07.549633026 CET	59136	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:07.549633026 CET	59136	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:07.669339895 CET	4258	59136	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:09.834934950 CET	4258	59136	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:09.835222960 CET	59136	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:09.835768938 CET	59138	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:09.955364943 CET	4258	59136	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:09.955921888 CET	4258	59138	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:09.956077099 CET	59138	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:09.956077099 CET	59138	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:10.075742006 CET	4258	59138	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:12.241756916 CET	4258	59138	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:12.241996050 CET	59138	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:12.242733955 CET	59140	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:12.361594915 CET	4258	59138	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:12.362191916 CET	4258	59140	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:12.362323999 CET	59140	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:12.362324953 CET	59140	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:12.481952906 CET	4258	59140	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:14.616451025 CET	4258	59140	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:14.616702080 CET	59140	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:14.617319107 CET	59142	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:14.737338066 CET	4258	59140	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:14.738013029 CET	4258	59142	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:14.738128901 CET	59142	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:14.738143921 CET	59142	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:14.859056950 CET	4258	59142	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:17.007303953 CET	4258	59142	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:17.007529974 CET	59142	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:17.008172035 CET	59144	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:17.127218962 CET	4258	59142	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:17.127737999 CET	4258	59144	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:17.127882004 CET	59144	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:17.127882004 CET	59144	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:17.247615099 CET	4258	59144	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:19.398310900 CET	4258	59144	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:19.398706913 CET	59144	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:19.399561882 CET	59146	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:19.518248081 CET	4258	59144	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:19.519000053 CET	4258	59146	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:19.519150019 CET	59146	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:19.519268990 CET	59146	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:19.638889074 CET	4258	59146	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:21.866339922 CET	4258	59146	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:21.866657972 CET	59146	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:21.867559910 CET	59148	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:21.986253977 CET	4258	59146	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:21.987122059 CET	4258	59148	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:21.987225056 CET	59148	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:21.987303972 CET	59148	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:22.107162952 CET	4258	59148	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:24.241552114 CET	4258	59148	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:24.241741896 CET	59148	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:24.242451906 CET	59150	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:24.361424923 CET	4258	59148	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:24.362008095 CET	4258	59150	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:24.362173080 CET	59150	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:24.362252951 CET	59150	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:24.484286070 CET	4258	59150	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:26.632555962 CET	4258	59150	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:26.632781982 CET	59150	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:26.633358002 CET	59152	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:26.752470016 CET	4258	59150	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:26.752830029 CET	4258	59152	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:26.753133059 CET	59152	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:26.753133059 CET	59152	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:26.872826099 CET	4258	59152	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:29.023581028 CET	4258	59152	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:29.023848057 CET	59152	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:29.024513960 CET	59154	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:29.143779039 CET	4258	59152	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:29.144033909 CET	4258	59154	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:29.144196033 CET	59154	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:29.144196987 CET	59154	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:29.263909101 CET	4258	59154	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:31.398125887 CET	4258	59154	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:31.398545027 CET	59154	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:31.399723053 CET	59156	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:31.518266916 CET	4258	59154	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:31.519229889 CET	4258	59156	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:31.519376040 CET	59156	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:31.519376040 CET	59156	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:31.639067888 CET	4258	59156	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:33.788590908 CET	4258	59156	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:33.788882017 CET	59156	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:33.789541006 CET	59158	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:33.909796953 CET	4258	59156	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:33.910049915 CET	4258	59158	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:33.910213947 CET	59158	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:33.910365105 CET	59158	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:34.029835939 CET	4258	59158	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:36.272110939 CET	4258	59158	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:36.272466898 CET	59158	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:36.273313046 CET	59160	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:36.392172098 CET	4258	59158	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:36.393054962 CET	4258	59160	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:36.393191099 CET	59160	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:36.393345118 CET	59160	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:36.512887001 CET	4258	59160	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:38.648338079 CET	4258	59160	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:38.648672104 CET	59160	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:38.649369001 CET	59162	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:38.768249989 CET	4258	59160	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:38.768898964 CET	4258	59162	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:38.769095898 CET	59162	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:38.769095898 CET	59162	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:38.888653994 CET	4258	59162	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:41.023029089 CET	4258	59162	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:41.023370981 CET	59162	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:41.024090052 CET	59164	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:41.143387079 CET	4258	59162	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:41.143861055 CET	4258	59164	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:41.144172907 CET	59164	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:41.144172907 CET	59164	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:41.263761997 CET	4258	59164	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:43.398304939 CET	4258	59164	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:43.398605108 CET	59164	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:43.399390936 CET	59166	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:43.518336058 CET	4258	59164	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:43.518802881 CET	4258	59166	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:43.518908024 CET	59166	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:43.519092083 CET	59166	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:43.638722897 CET	4258	59166	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:45.773402929 CET	4258	59166	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:45.773782015 CET	59166	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:45.774849892 CET	59168	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:45.893471956 CET	4258	59166	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:45.894509077 CET	4258	59168	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:45.894747019 CET	59168	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:45.894747019 CET	59168	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:46.014303923 CET	4258	59168	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:48.163904905 CET	4258	59168	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:48.164226055 CET	59168	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:48.165290117 CET	59170	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:48.283911943 CET	4258	59168	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:48.284744024 CET	4258	59170	178.215.238.69	192.168.2.15
Dec 26, 2024 22:23:48.284964085 CET	59170	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:48.284964085 CET	59170	4258	192.168.2.15	178.215.238.69
Dec 26, 2024 22:23:48.404690981 CET	4258	59170	178.215.238.69	192.168.2.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 22:22:59.576716900 CET	43001	53	192.168.2.15	8.8.8.8
Dec 26, 2024 22:22:59.576755047 CET	33164	53	192.168.2.15	8.8.8.8
Dec 26, 2024 22:22:59.699228048 CET	53	43001	8.8.8.8	192.168.2.15
Dec 26, 2024 22:22:59.699249029 CET	53	33164	8.8.8.8	192.168.2.15

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 22:22:59.576716900 CET	192.168.2.15	8.8.8.8	0xdae5	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 22:22:59.576755047 CET	192.168.2.15	8.8.8.8	0x70ed	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 22:22:59.699228048 CET	8.8.8.8	192.168.2.15	0xdae5	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Dec 26, 2024 22:22:59.699228048 CET	8.8.8.8	192.168.2.15	0xdae5	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: kitsune.x86.elf PID: 5542, Parent PID: 5462

General

Start time (UTC):	21:20:13
Start date (UTC):	26/12/2024
Path:	/tmp/kitsune.x86.elf
Arguments:	/tmp/kitsune.x86.elf
File size:	108630 bytes
MD5 hash:	afafe44e75da13379d6c74e263213913

Chronological Activities

Analysis Process: kitsune.x86.elf PID: 5543, Parent PID: 5542

General

Start time (UTC):	21:20:13
Start date (UTC):	26/12/2024
Path:	/tmp/kitsune.x86.elf
Arguments:	-
File size:	108630 bytes
MD5 hash:	afafe44e75da13379d6c74e263213913

Chronological Activities

Analysis Process: kitsune.x86.elf PID: 5544, Parent PID: 5543

General

Start time (UTC):	21:20:13
Start date (UTC):	26/12/2024
Path:	/tmp/kitsune.x86.elf
Arguments:	-
File size:	108630 bytes
MD5 hash:	afafe44e75da13379d6c74e263213913

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net .
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report kitsune.x86.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: Gafgyt

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: kitsune.x86.elf PID: 5542, Parent PID: 5462

General

Chronological Activities

Analysis Process: kitsune.x86.elf PID: 5543, Parent PID: 5542

General

Chronological Activities

Analysis Process: kitsune.x86.elf PID: 5544, Parent PID: 5543

General

Chronological Activities

Linux Analysis Report
kitsune.x86.elf