Edit tour

Linux Analysis Report
Kloki.m68k.elf

Overview

General Information

Sample name:	Kloki.m68k.elf
Analysis ID:	1594504
MD5:	bf454dc9a0f3d7b0584d124c0f12afe6
SHA1:	a9a36cb8937958a661b1ea7f1adff9a9c30199f9
SHA256:	fffaeb9914819e087339e1dab864af51cbd9f609df26f651ce51ef19fd8d879e
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Sample tries to kill multiple processes (SIGKILL)

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Suricata IDS alerts with low severity for network traffic

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1594504
Start date and time:	2025-01-19 03:47:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Kloki.m68k.elf
Detection:	MAL
Classification:	mal52.spre.linELF@0/0@1/0

Runtime Messages

Command:	/tmp/Kloki.m68k.elf
PID:	5487
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	suka
Standard Error:

Process Tree

system is lnxubuntu20

Kloki.m68k.elf (PID: 5487, Parent: 5412, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/Kloki.m68k.elf

Kloki.m68k.elf New Fork (PID: 5489, Parent: 5487)

Kloki.m68k.elf New Fork (PID: 5492, Parent: 5487)

Kloki.m68k.elf New Fork (PID: 5494, Parent: 5492)

gnome-session-binary New Fork (PID: 5496, Parent: 1383)

sh (PID: 5496, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gnome-session-binary New Fork (PID: 5521, Parent: 1383)

sh (PID: 5521, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 5521, Parent: 1383, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gnome-session-binary New Fork (PID: 5522, Parent: 1383)

sh (PID: 5522, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gnome-session-binary New Fork (PID: 5523, Parent: 1383)

gdm3 New Fork (PID: 5524, Parent: 1289)

Default (PID: 5524, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5529, Parent: 1289)

Default (PID: 5529, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5535, Parent: 1)

systemd-user-runtime-dir (PID: 5535, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127

cleanup

Suricata Signatures

ET COMPROMISED Known Compromised or Hostile Host Traffic group 18

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-19T03:48:03.127135+0100	2500034	2	Misc Attack	83.222.191.90	13566	192.168.2.14	56540	TCP

Joe Sandbox Signatures

• AV Detection
• Spreading
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Kloki.m68k.elf

Virustotal: Detection: 30%

Perma Link

Source: Kloki.m68k.elf

String: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffsystemctltelinitcatgrepbashzshcshkshdashfish

Source: global traffic	TCP traffic: 192.168.2.14:37376 -> 83.222.38.239:13566
Source: global traffic	TCP traffic: 192.168.2.14:40052 -> 83.222.235.14:13566
Source: global traffic	TCP traffic: 192.168.2.14:47918 -> 83.222.213.79:13566
Source: global traffic	TCP traffic: 192.168.2.14:48682 -> 83.222.49.198:13566
Source: global traffic	TCP traffic: 192.168.2.14:38160 -> 83.222.92.197:13566
Source: global traffic	TCP traffic: 192.168.2.14:59376 -> 83.222.173.121:13566
Source: global traffic	TCP traffic: 192.168.2.14:33166 -> 83.222.126.66:13566
Source: global traffic	TCP traffic: 192.168.2.14:53526 -> 83.222.120.103:13566
Source: global traffic	TCP traffic: 192.168.2.14:56376 -> 83.222.152.50:13566
Source: global traffic	TCP traffic: 192.168.2.14:42548 -> 83.222.167.50:13566
Source: global traffic	TCP traffic: 192.168.2.14:52654 -> 83.222.163.80:13566
Source: global traffic	TCP traffic: 192.168.2.14:55960 -> 83.222.168.98:13566
Source: global traffic	TCP traffic: 192.168.2.14:35342 -> 83.222.168.31:13566
Source: global traffic	TCP traffic: 192.168.2.14:47176 -> 83.222.34.172:13566
Source: global traffic	TCP traffic: 192.168.2.14:56414 -> 83.222.184.42:13566
Source: global traffic	TCP traffic: 192.168.2.14:33636 -> 83.222.91.222:13566
Source: global traffic	TCP traffic: 192.168.2.14:52876 -> 83.222.25.70:13566
Source: global traffic	TCP traffic: 192.168.2.14:32860 -> 83.222.237.238:13566
Source: global traffic	TCP traffic: 192.168.2.14:33140 -> 83.222.150.30:13566
Source: global traffic	TCP traffic: 192.168.2.14:58216 -> 83.222.180.242:13566
Source: global traffic	TCP traffic: 192.168.2.14:43894 -> 83.222.228.97:13566
Source: global traffic	TCP traffic: 192.168.2.14:45962 -> 83.222.108.98:13566
Source: global traffic	TCP traffic: 192.168.2.14:57274 -> 83.222.163.228:13566
Source: global traffic	TCP traffic: 192.168.2.14:56184 -> 83.222.201.60:13566
Source: global traffic	TCP traffic: 192.168.2.14:51746 -> 83.222.23.112:13566
Source: global traffic	TCP traffic: 192.168.2.14:43992 -> 83.222.110.186:13566
Source: global traffic	TCP traffic: 192.168.2.14:57750 -> 83.222.192.22:13566
Source: global traffic	TCP traffic: 192.168.2.14:35270 -> 83.222.28.104:13566
Source: global traffic	TCP traffic: 192.168.2.14:47706 -> 83.222.53.62:13566
Source: global traffic	TCP traffic: 192.168.2.14:50562 -> 83.222.20.238:13566
Source: global traffic	TCP traffic: 192.168.2.14:60584 -> 83.222.104.112:13566
Source: global traffic	TCP traffic: 192.168.2.14:58714 -> 83.222.204.129:13566
Source: global traffic	TCP traffic: 192.168.2.14:40572 -> 83.222.182.185:13566
Source: global traffic	TCP traffic: 192.168.2.14:42128 -> 83.222.111.76:13566
Source: global traffic	TCP traffic: 192.168.2.14:42080 -> 83.222.216.35:13566
Source: global traffic	TCP traffic: 192.168.2.14:60196 -> 83.222.63.188:13566
Source: global traffic	TCP traffic: 192.168.2.14:39038 -> 83.222.132.171:13566
Source: global traffic	TCP traffic: 192.168.2.14:52470 -> 83.222.30.40:13566
Source: global traffic	TCP traffic: 192.168.2.14:39674 -> 83.222.143.231:13566
Source: global traffic	TCP traffic: 192.168.2.14:58456 -> 83.222.100.166:13566
Source: global traffic	TCP traffic: 192.168.2.14:38340 -> 83.222.88.210:13566
Source: global traffic	TCP traffic: 192.168.2.14:48246 -> 83.222.96.24:13566
Source: global traffic	TCP traffic: 192.168.2.14:59208 -> 83.222.232.124:13566
Source: global traffic	TCP traffic: 192.168.2.14:36742 -> 83.222.129.29:13566
Source: global traffic	TCP traffic: 192.168.2.14:34570 -> 83.222.186.149:13566
Source: global traffic	TCP traffic: 192.168.2.14:60898 -> 83.222.11.34:13566
Source: global traffic	TCP traffic: 192.168.2.14:37622 -> 83.222.5.216:13566
Source: global traffic	TCP traffic: 192.168.2.14:56130 -> 83.222.163.188:13566
Source: global traffic	TCP traffic: 192.168.2.14:54526 -> 83.222.145.18:13566
Source: global traffic	TCP traffic: 192.168.2.14:51736 -> 83.222.8.105:13566
Source: global traffic	TCP traffic: 192.168.2.14:52026 -> 83.222.53.71:13566
Source: global traffic	TCP traffic: 192.168.2.14:37738 -> 83.222.37.186:13566
Source: global traffic	TCP traffic: 192.168.2.14:57406 -> 83.222.242.67:13566
Source: global traffic	TCP traffic: 192.168.2.14:38902 -> 83.222.226.130:13566
Source: global traffic	TCP traffic: 192.168.2.14:53886 -> 83.222.43.70:13566
Source: global traffic	TCP traffic: 192.168.2.14:52396 -> 83.222.40.131:13566
Source: global traffic	TCP traffic: 192.168.2.14:56966 -> 83.222.24.137:13566
Source: global traffic	TCP traffic: 192.168.2.14:45558 -> 83.222.155.0:13566
Source: global traffic	TCP traffic: 192.168.2.14:58906 -> 83.222.5.28:13566
Source: global traffic	TCP traffic: 192.168.2.14:56866 -> 83.222.29.192:13566
Source: global traffic	TCP traffic: 192.168.2.14:53950 -> 83.222.178.41:13566
Source: global traffic	TCP traffic: 192.168.2.14:45930 -> 83.222.226.183:13566
Source: global traffic	TCP traffic: 192.168.2.14:50742 -> 83.222.1.134:13566
Source: global traffic	TCP traffic: 192.168.2.14:40090 -> 83.222.115.146:13566
Source: global traffic	TCP traffic: 192.168.2.14:43030 -> 83.222.152.124:13566
Source: global traffic	TCP traffic: 192.168.2.14:57026 -> 83.222.252.206:13566
Source: global traffic	TCP traffic: 192.168.2.14:50592 -> 83.222.195.33:13566
Source: global traffic	TCP traffic: 192.168.2.14:51544 -> 83.222.136.182:13566
Source: global traffic	TCP traffic: 192.168.2.14:57446 -> 83.222.101.106:13566
Source: global traffic	TCP traffic: 192.168.2.14:42592 -> 83.222.56.144:13566
Source: global traffic	TCP traffic: 192.168.2.14:42752 -> 83.222.176.96:13566
Source: global traffic	TCP traffic: 192.168.2.14:53506 -> 83.222.19.200:13566
Source: global traffic	TCP traffic: 192.168.2.14:45816 -> 83.222.233.174:13566
Source: global traffic	TCP traffic: 192.168.2.14:33962 -> 83.222.200.239:13566
Source: global traffic	TCP traffic: 192.168.2.14:45668 -> 83.222.203.229:13566
Source: global traffic	TCP traffic: 192.168.2.14:47870 -> 83.222.175.125:13566
Source: global traffic	TCP traffic: 192.168.2.14:54742 -> 83.222.14.145:13566
Source: global traffic	TCP traffic: 192.168.2.14:52166 -> 83.222.52.15:13566
Source: global traffic	TCP traffic: 192.168.2.14:36798 -> 83.222.23.168:13566
Source: global traffic	TCP traffic: 192.168.2.14:44866 -> 83.222.162.176:13566
Source: global traffic	TCP traffic: 192.168.2.14:40294 -> 83.222.36.158:13566
Source: global traffic	TCP traffic: 192.168.2.14:45606 -> 83.222.126.231:13566
Source: global traffic	TCP traffic: 192.168.2.14:58972 -> 83.222.191.6:13566
Source: global traffic	TCP traffic: 192.168.2.14:38108 -> 83.222.157.36:13566
Source: global traffic	TCP traffic: 192.168.2.14:57816 -> 83.222.112.213:13566
Source: global traffic	TCP traffic: 192.168.2.14:44496 -> 83.222.180.32:13566
Source: global traffic	TCP traffic: 192.168.2.14:47882 -> 83.222.54.199:13566
Source: global traffic	TCP traffic: 192.168.2.14:38748 -> 83.222.232.31:13566
Source: global traffic	TCP traffic: 192.168.2.14:40784 -> 83.222.118.176:13566
Source: global traffic	TCP traffic: 192.168.2.14:40596 -> 83.222.14.65:13566
Source: global traffic	TCP traffic: 192.168.2.14:46720 -> 83.222.149.189:13566
Source: global traffic	TCP traffic: 192.168.2.14:42912 -> 83.222.190.164:13566
Source: global traffic	TCP traffic: 192.168.2.14:52900 -> 83.222.79.242:13566
Source: global traffic	TCP traffic: 192.168.2.14:32918 -> 83.222.179.102:13566
Source: global traffic	TCP traffic: 192.168.2.14:44368 -> 83.222.154.85:13566
Source: global traffic	TCP traffic: 192.168.2.14:54202 -> 83.222.22.190:13566
Source: global traffic	TCP traffic: 192.168.2.14:32824 -> 83.222.243.148:13566
Source: global traffic	TCP traffic: 192.168.2.14:38542 -> 83.222.166.179:13566
Source: global traffic	TCP traffic: 192.168.2.14:47758 -> 83.222.154.67:13566
Source: global traffic	TCP traffic: 192.168.2.14:56540 -> 83.222.191.90:13566

Source: /tmp/Kloki.m68k.elf (PID: 5487)

Socket: 127.0.0.1:14435

Jump to behavior

Source: Network traffic

Suricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.14:56540

Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.38.239
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.38.239
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.38.239
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.38.239
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.235.14
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.235.14
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.235.14
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.213.79
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.235.14
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.213.79
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.213.79
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.213.79
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.49.198
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.49.198
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.49.198
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.49.198
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.92.197
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.92.197
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.173.121
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.173.121
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.126.66
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.126.66
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.126.66
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.120.103
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.120.103
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.152.50
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.152.50
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.167.50
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.126.66
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.167.50
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.163.80
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.163.80
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.98
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.98
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.31
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.31
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.31
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.34.172
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.31
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.34.172
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.184.42
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.184.42
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.184.42
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.91.222
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.184.42
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.25.70
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.91.222
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.25.70
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.237.238
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.237.238

Source: global traffic

DNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 917, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 928, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 940, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1444, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1610, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 3094, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 3268, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 3420, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5471, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5496, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5521, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5522, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5523, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5529, result: successful	Jump to behavior

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffsystemctltelinitcatgrepbashzshcshkshdashfish

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 917, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 928, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 940, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1444, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1610, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 3094, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 3268, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 3420, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5471, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5496, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5521, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5522, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5523, result: successful	Jump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5494)	SIGKILL sent: pid: 5529, result: successful	Jump to behavior

Source: classification engine

Classification label: mal52.spre.linELF@0/0@1/0

Source: /tmp/Kloki.m68k.elf (PID: 5487)

Queries kernel information via 'uname':

Jump to behavior

Source: Kloki.m68k.elf, 5487.1.00007ffe7ae2e000.00007ffe7ae4f000.rw-.sdmp, Kloki.m68k.elf, 5489.1.00007ffe7ae2e000.00007ffe7ae4f000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: Kloki.m68k.elf, 5487.1.0000561685b85000.0000561685c0f000.rw-.sdmp, Kloki.m68k.elf, 5489.1.0000561685b85000.0000561685be9000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: Kloki.m68k.elf, 5487.1.00007ffe7ae2e000.00007ffe7ae4f000.rw-.sdmp, Kloki.m68k.elf, 5489.1.00007ffe7ae2e000.00007ffe7ae4f000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/Kloki.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.m68k.elf
Source: Kloki.m68k.elf, 5487.1.0000561685b85000.0000561685c0f000.rw-.sdmp, Kloki.m68k.elf, 5489.1.0000561685b85000.0000561685be9000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/m68k

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Kloki.m68k.elf	30%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
secure-network-rebirthltd.ru	83.222.191.90	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
83.222.166.179	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.5.216	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.54.199	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.14.65	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.173.121	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.108.98	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.43.70	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.34.172	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.91.222	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.190.164	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.182.185	unknown	Bulgaria	205872	EXTRANET-ASBG	false
83.222.30.40	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.168.31	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.28.104	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.96.24	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.180.32	unknown	Bulgaria	205872	EXTRANET-ASBG	false
83.222.19.200	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.143.231	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.243.148	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.163.228	unknown	Bulgaria	31037	WAVENETLB	false
83.222.38.239	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.120.103	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.157.36	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.79.242	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.226.183	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.163.188	unknown	Bulgaria	31037	WAVENETLB	false
83.222.195.33	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.167.50	unknown	Bulgaria	49040	KIG-UNISAT-TVBG	false
83.222.228.97	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.92.197	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.56.144	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.232.124	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.191.6	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.226.130	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.49.198	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.23.112	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.163.80	unknown	Bulgaria	31037	WAVENETLB	false
83.222.136.182	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.201.60	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.104.112	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.191.90	secure-network-rebirthltd.ru	Bulgaria	43561	NET1-ASBG	false
83.222.110.186	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.175.125	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.168.98	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.112.213	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.149.189	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.179.102	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.25.70	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.5.28	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.216.35	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.24.137	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.8.105	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.40.131	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.180.242	unknown	Bulgaria	205872	EXTRANET-ASBG	false
83.222.52.15	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.29.192	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.184.42	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.36.158	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.53.71	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.200.239	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.186.149	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.178.41	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.150.30	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.152.50	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.129.29	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.204.129	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.237.238	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.101.106	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.111.76	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.63.188	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.118.176	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.53.62	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.14.145	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.145.18	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.252.206	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.176.96	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.115.146	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.126.231	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.23.168	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.154.85	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.233.174	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.126.66	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.232.31	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.162.176	unknown	Bulgaria	31037	WAVENETLB	false
83.222.100.166	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.1.134	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.213.79	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.88.210	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.155.0	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.152.124	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.235.14	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.37.186	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.132.171	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.203.229	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.22.190	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.242.67	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.11.34	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.20.238	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.154.67	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.192.22	unknown	Russian Federation	6854	SYNTERRA-ASRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
83.222.163.228	Kloki.x86_64.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
secure-network-rebirthltd.ru	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.191.90

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LOL-ASluLU	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.33.113
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.33.113
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.46.188
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.45.23
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.41.144
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.39.173
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.39.107
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.59.20
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.55.216
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.48.106
GCN-ASGCNAD-SofiaBulgariaBG	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.177.55
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.177.55
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.174.216
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.175.167
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.176.33
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.177.157
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.173.11
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.166.158
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.169.136
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.166.153
MASTERHOST-ASMoscowRussiaRU	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.23.89
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.23.89
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.31.69
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.9.65
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.28.56
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.9.29
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.15.96
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.17.204
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.5.145
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.19.56

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.233868976547386
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Kloki.m68k.elf
File size:	67'480 bytes
MD5:	bf454dc9a0f3d7b0584d124c0f12afe6
SHA1:	a9a36cb8937958a661b1ea7f1adff9a9c30199f9
SHA256:	fffaeb9914819e087339e1dab864af51cbd9f609df26f651ce51ef19fd8d879e
SHA512:	f9e8513c27ee3ab84f3bd91bb6f292a4cc46a5ebdf6e53699ff98858b310fa94ec215d8830b58290dd2f76ef426a6c6b7eb1ba579ae0d5b95cc47c2a8feabe6a
SSDEEP:	1536:SO0r8VrULqRZ40CEUEA8u4Wny+56PfkAGuUjjvxFb1mJA:Sjr89VT40DUEPWF4fLG3v8JA
TLSH:	DA6329DAB811DD7DF80FE77F8463050AB571A39101830F36A79FB963BD721A44962E82
File Content Preview:	.ELF.......................D...4.........4. ...(.......................<...<...... ........@.."@.."@......4....... .dt.Q............................NV..a....da.....N^NuNV..J9..%.f>"y.."X QJ.g.X.#..."XN."y.."X QJ.f.A.....J.g.Hy...<N.X.......%.N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	67080
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xeece	0x0	0x6	AX	4
.fini	PROGBITS	0x8000ef76	0xef76	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000ef84	0xef84	0x12b8	0x0	0x2	A	2
.ctors	PROGBITS	0x80012240	0x10240	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80012248	0x10248	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x80012254	0x10254	0x374	0x0	0x3	WA	4
.bss	NOBITS	0x800125c8	0x105c8	0x3170	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x105c8	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x1023c	0x1023c	6.2714	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x10240	0x80012240	0x80012240	0x388	0x34f8	2.9633	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-19T03:48:03.127135+0100	2500034	ET COMPROMISED Known Compromised or Hostile Host Traffic group 18	2	83.222.191.90	13566	192.168.2.14	56540	TCP

Network Port Distribution

Total Packets: 245
• 13566 undefined
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2025 03:48:02.203350067 CET	37376	13566	192.168.2.14	83.222.38.239
Jan 19, 2025 03:48:02.208798885 CET	13566	37376	83.222.38.239	192.168.2.14
Jan 19, 2025 03:48:02.208870888 CET	37376	13566	192.168.2.14	83.222.38.239
Jan 19, 2025 03:48:02.239681959 CET	37376	13566	192.168.2.14	83.222.38.239
Jan 19, 2025 03:48:02.245748997 CET	13566	37376	83.222.38.239	192.168.2.14
Jan 19, 2025 03:48:02.245826006 CET	37376	13566	192.168.2.14	83.222.38.239
Jan 19, 2025 03:48:02.257994890 CET	40052	13566	192.168.2.14	83.222.235.14
Jan 19, 2025 03:48:02.264076948 CET	13566	40052	83.222.235.14	192.168.2.14
Jan 19, 2025 03:48:02.264146090 CET	40052	13566	192.168.2.14	83.222.235.14
Jan 19, 2025 03:48:02.268589020 CET	40052	13566	192.168.2.14	83.222.235.14
Jan 19, 2025 03:48:02.273039103 CET	47918	13566	192.168.2.14	83.222.213.79
Jan 19, 2025 03:48:02.274580956 CET	13566	40052	83.222.235.14	192.168.2.14
Jan 19, 2025 03:48:02.274714947 CET	40052	13566	192.168.2.14	83.222.235.14
Jan 19, 2025 03:48:02.278100014 CET	13566	47918	83.222.213.79	192.168.2.14
Jan 19, 2025 03:48:02.278170109 CET	47918	13566	192.168.2.14	83.222.213.79
Jan 19, 2025 03:48:02.278266907 CET	47918	13566	192.168.2.14	83.222.213.79
Jan 19, 2025 03:48:02.283237934 CET	13566	47918	83.222.213.79	192.168.2.14
Jan 19, 2025 03:48:02.283422947 CET	47918	13566	192.168.2.14	83.222.213.79
Jan 19, 2025 03:48:02.298496962 CET	48682	13566	192.168.2.14	83.222.49.198
Jan 19, 2025 03:48:02.303783894 CET	13566	48682	83.222.49.198	192.168.2.14
Jan 19, 2025 03:48:02.303967953 CET	48682	13566	192.168.2.14	83.222.49.198
Jan 19, 2025 03:48:02.312752962 CET	48682	13566	192.168.2.14	83.222.49.198
Jan 19, 2025 03:48:02.317904949 CET	13566	48682	83.222.49.198	192.168.2.14
Jan 19, 2025 03:48:02.317996979 CET	48682	13566	192.168.2.14	83.222.49.198
Jan 19, 2025 03:48:02.344280005 CET	38160	13566	192.168.2.14	83.222.92.197
Jan 19, 2025 03:48:02.349580050 CET	13566	38160	83.222.92.197	192.168.2.14
Jan 19, 2025 03:48:02.349669933 CET	38160	13566	192.168.2.14	83.222.92.197
Jan 19, 2025 03:48:02.350029945 CET	59376	13566	192.168.2.14	83.222.173.121
Jan 19, 2025 03:48:02.355953932 CET	13566	59376	83.222.173.121	192.168.2.14
Jan 19, 2025 03:48:02.356021881 CET	59376	13566	192.168.2.14	83.222.173.121
Jan 19, 2025 03:48:02.356998920 CET	33166	13566	192.168.2.14	83.222.126.66
Jan 19, 2025 03:48:02.363027096 CET	13566	33166	83.222.126.66	192.168.2.14
Jan 19, 2025 03:48:02.363342047 CET	33166	13566	192.168.2.14	83.222.126.66
Jan 19, 2025 03:48:02.363454103 CET	33166	13566	192.168.2.14	83.222.126.66
Jan 19, 2025 03:48:02.365772009 CET	53526	13566	192.168.2.14	83.222.120.103
Jan 19, 2025 03:48:02.370436907 CET	13566	33166	83.222.126.66	192.168.2.14
Jan 19, 2025 03:48:02.370892048 CET	13566	53526	83.222.120.103	192.168.2.14
Jan 19, 2025 03:48:02.370951891 CET	53526	13566	192.168.2.14	83.222.120.103
Jan 19, 2025 03:48:02.372222900 CET	56376	13566	192.168.2.14	83.222.152.50
Jan 19, 2025 03:48:02.377136946 CET	13566	56376	83.222.152.50	192.168.2.14
Jan 19, 2025 03:48:02.377337933 CET	56376	13566	192.168.2.14	83.222.152.50
Jan 19, 2025 03:48:02.377367020 CET	42548	13566	192.168.2.14	83.222.167.50
Jan 19, 2025 03:48:02.378163099 CET	13566	33166	83.222.126.66	192.168.2.14
Jan 19, 2025 03:48:02.378259897 CET	33166	13566	192.168.2.14	83.222.126.66
Jan 19, 2025 03:48:02.382405996 CET	13566	42548	83.222.167.50	192.168.2.14
Jan 19, 2025 03:48:02.382472038 CET	42548	13566	192.168.2.14	83.222.167.50
Jan 19, 2025 03:48:02.383496046 CET	52654	13566	192.168.2.14	83.222.163.80
Jan 19, 2025 03:48:02.388680935 CET	13566	52654	83.222.163.80	192.168.2.14
Jan 19, 2025 03:48:02.388755083 CET	52654	13566	192.168.2.14	83.222.163.80
Jan 19, 2025 03:48:02.389446020 CET	55960	13566	192.168.2.14	83.222.168.98
Jan 19, 2025 03:48:02.394730091 CET	13566	55960	83.222.168.98	192.168.2.14
Jan 19, 2025 03:48:02.394783020 CET	55960	13566	192.168.2.14	83.222.168.98
Jan 19, 2025 03:48:02.397507906 CET	35342	13566	192.168.2.14	83.222.168.31
Jan 19, 2025 03:48:02.402362108 CET	13566	35342	83.222.168.31	192.168.2.14
Jan 19, 2025 03:48:02.402952909 CET	35342	13566	192.168.2.14	83.222.168.31
Jan 19, 2025 03:48:02.403273106 CET	35342	13566	192.168.2.14	83.222.168.31
Jan 19, 2025 03:48:02.407938957 CET	47176	13566	192.168.2.14	83.222.34.172
Jan 19, 2025 03:48:02.408267975 CET	13566	35342	83.222.168.31	192.168.2.14
Jan 19, 2025 03:48:02.408334017 CET	35342	13566	192.168.2.14	83.222.168.31
Jan 19, 2025 03:48:02.412957907 CET	13566	47176	83.222.34.172	192.168.2.14
Jan 19, 2025 03:48:02.413079023 CET	47176	13566	192.168.2.14	83.222.34.172
Jan 19, 2025 03:48:02.446540117 CET	56414	13566	192.168.2.14	83.222.184.42
Jan 19, 2025 03:48:02.452563047 CET	13566	56414	83.222.184.42	192.168.2.14
Jan 19, 2025 03:48:02.452637911 CET	56414	13566	192.168.2.14	83.222.184.42
Jan 19, 2025 03:48:02.469052076 CET	56414	13566	192.168.2.14	83.222.184.42
Jan 19, 2025 03:48:02.474381924 CET	13566	56414	83.222.184.42	192.168.2.14
Jan 19, 2025 03:48:02.474433899 CET	33636	13566	192.168.2.14	83.222.91.222
Jan 19, 2025 03:48:02.474482059 CET	56414	13566	192.168.2.14	83.222.184.42
Jan 19, 2025 03:48:02.479561090 CET	13566	33636	83.222.91.222	192.168.2.14
Jan 19, 2025 03:48:02.479594946 CET	52876	13566	192.168.2.14	83.222.25.70
Jan 19, 2025 03:48:02.479695082 CET	33636	13566	192.168.2.14	83.222.91.222
Jan 19, 2025 03:48:02.484685898 CET	13566	52876	83.222.25.70	192.168.2.14
Jan 19, 2025 03:48:02.485033035 CET	52876	13566	192.168.2.14	83.222.25.70
Jan 19, 2025 03:48:02.498516083 CET	32860	13566	192.168.2.14	83.222.237.238
Jan 19, 2025 03:48:02.503746033 CET	13566	32860	83.222.237.238	192.168.2.14
Jan 19, 2025 03:48:02.503819942 CET	32860	13566	192.168.2.14	83.222.237.238
Jan 19, 2025 03:48:02.507162094 CET	33140	13566	192.168.2.14	83.222.150.30
Jan 19, 2025 03:48:02.512051105 CET	13566	33140	83.222.150.30	192.168.2.14
Jan 19, 2025 03:48:02.512182951 CET	33140	13566	192.168.2.14	83.222.150.30
Jan 19, 2025 03:48:02.521080017 CET	33140	13566	192.168.2.14	83.222.150.30
Jan 19, 2025 03:48:02.522236109 CET	58216	13566	192.168.2.14	83.222.180.242
Jan 19, 2025 03:48:02.526062965 CET	43894	13566	192.168.2.14	83.222.228.97
Jan 19, 2025 03:48:02.526576042 CET	13566	33140	83.222.150.30	192.168.2.14
Jan 19, 2025 03:48:02.526621103 CET	13566	33140	83.222.150.30	192.168.2.14
Jan 19, 2025 03:48:02.528068066 CET	33140	13566	192.168.2.14	83.222.150.30
Jan 19, 2025 03:48:02.528193951 CET	13566	58216	83.222.180.242	192.168.2.14
Jan 19, 2025 03:48:02.528248072 CET	58216	13566	192.168.2.14	83.222.180.242
Jan 19, 2025 03:48:02.530769110 CET	45962	13566	192.168.2.14	83.222.108.98
Jan 19, 2025 03:48:02.531196117 CET	13566	43894	83.222.228.97	192.168.2.14
Jan 19, 2025 03:48:02.531258106 CET	43894	13566	192.168.2.14	83.222.228.97
Jan 19, 2025 03:48:02.533770084 CET	57274	13566	192.168.2.14	83.222.163.228
Jan 19, 2025 03:48:02.536891937 CET	13566	45962	83.222.108.98	192.168.2.14
Jan 19, 2025 03:48:02.537086964 CET	45962	13566	192.168.2.14	83.222.108.98
Jan 19, 2025 03:48:02.537487030 CET	56184	13566	192.168.2.14	83.222.201.60
Jan 19, 2025 03:48:02.539380074 CET	13566	57274	83.222.163.228	192.168.2.14
Jan 19, 2025 03:48:02.539438009 CET	57274	13566	192.168.2.14	83.222.163.228
Jan 19, 2025 03:48:02.541208982 CET	51746	13566	192.168.2.14	83.222.23.112
Jan 19, 2025 03:48:02.542882919 CET	13566	56184	83.222.201.60	192.168.2.14
Jan 19, 2025 03:48:02.546273947 CET	56184	13566	192.168.2.14	83.222.201.60
Jan 19, 2025 03:48:02.546454906 CET	13566	51746	83.222.23.112	192.168.2.14
Jan 19, 2025 03:48:02.550065994 CET	51746	13566	192.168.2.14	83.222.23.112
Jan 19, 2025 03:48:02.554887056 CET	51746	13566	192.168.2.14	83.222.23.112
Jan 19, 2025 03:48:02.557262897 CET	43992	13566	192.168.2.14	83.222.110.186
Jan 19, 2025 03:48:02.560233116 CET	13566	51746	83.222.23.112	192.168.2.14
Jan 19, 2025 03:48:02.560308933 CET	51746	13566	192.168.2.14	83.222.23.112
Jan 19, 2025 03:48:02.562357903 CET	13566	43992	83.222.110.186	192.168.2.14
Jan 19, 2025 03:48:02.562419891 CET	43992	13566	192.168.2.14	83.222.110.186
Jan 19, 2025 03:48:02.600500107 CET	43992	13566	192.168.2.14	83.222.110.186
Jan 19, 2025 03:48:02.605767012 CET	13566	43992	83.222.110.186	192.168.2.14
Jan 19, 2025 03:48:02.605880976 CET	43992	13566	192.168.2.14	83.222.110.186
Jan 19, 2025 03:48:02.607280016 CET	57750	13566	192.168.2.14	83.222.192.22
Jan 19, 2025 03:48:02.613477945 CET	13566	57750	83.222.192.22	192.168.2.14
Jan 19, 2025 03:48:02.613662958 CET	57750	13566	192.168.2.14	83.222.192.22
Jan 19, 2025 03:48:02.614088058 CET	57750	13566	192.168.2.14	83.222.192.22
Jan 19, 2025 03:48:02.619590044 CET	35270	13566	192.168.2.14	83.222.28.104
Jan 19, 2025 03:48:02.619950056 CET	13566	57750	83.222.192.22	192.168.2.14
Jan 19, 2025 03:48:02.620034933 CET	57750	13566	192.168.2.14	83.222.192.22
Jan 19, 2025 03:48:02.625144005 CET	13566	35270	83.222.28.104	192.168.2.14
Jan 19, 2025 03:48:02.625216961 CET	35270	13566	192.168.2.14	83.222.28.104
Jan 19, 2025 03:48:02.627159119 CET	47706	13566	192.168.2.14	83.222.53.62
Jan 19, 2025 03:48:02.632714033 CET	13566	47706	83.222.53.62	192.168.2.14
Jan 19, 2025 03:48:02.632781982 CET	47706	13566	192.168.2.14	83.222.53.62
Jan 19, 2025 03:48:02.642895937 CET	47706	13566	192.168.2.14	83.222.53.62
Jan 19, 2025 03:48:02.648175001 CET	13566	47706	83.222.53.62	192.168.2.14
Jan 19, 2025 03:48:02.648355961 CET	47706	13566	192.168.2.14	83.222.53.62
Jan 19, 2025 03:48:02.649674892 CET	50562	13566	192.168.2.14	83.222.20.238
Jan 19, 2025 03:48:02.654741049 CET	13566	50562	83.222.20.238	192.168.2.14
Jan 19, 2025 03:48:02.655030966 CET	50562	13566	192.168.2.14	83.222.20.238
Jan 19, 2025 03:48:02.657926083 CET	50562	13566	192.168.2.14	83.222.20.238
Jan 19, 2025 03:48:02.662194014 CET	60584	13566	192.168.2.14	83.222.104.112
Jan 19, 2025 03:48:02.663012981 CET	13566	50562	83.222.20.238	192.168.2.14
Jan 19, 2025 03:48:02.663068056 CET	50562	13566	192.168.2.14	83.222.20.238
Jan 19, 2025 03:48:02.665581942 CET	58714	13566	192.168.2.14	83.222.204.129
Jan 19, 2025 03:48:02.667273998 CET	13566	60584	83.222.104.112	192.168.2.14
Jan 19, 2025 03:48:02.667411089 CET	60584	13566	192.168.2.14	83.222.104.112
Jan 19, 2025 03:48:02.670425892 CET	13566	58714	83.222.204.129	192.168.2.14
Jan 19, 2025 03:48:02.670923948 CET	58714	13566	192.168.2.14	83.222.204.129
Jan 19, 2025 03:48:02.670924902 CET	58714	13566	192.168.2.14	83.222.204.129
Jan 19, 2025 03:48:02.673357964 CET	40572	13566	192.168.2.14	83.222.182.185
Jan 19, 2025 03:48:02.676002026 CET	13566	58714	83.222.204.129	192.168.2.14
Jan 19, 2025 03:48:02.676103115 CET	58714	13566	192.168.2.14	83.222.204.129
Jan 19, 2025 03:48:02.678312063 CET	13566	40572	83.222.182.185	192.168.2.14
Jan 19, 2025 03:48:02.678379059 CET	40572	13566	192.168.2.14	83.222.182.185
Jan 19, 2025 03:48:02.678797007 CET	42128	13566	192.168.2.14	83.222.111.76
Jan 19, 2025 03:48:02.683734894 CET	13566	42128	83.222.111.76	192.168.2.14
Jan 19, 2025 03:48:02.683917999 CET	42128	13566	192.168.2.14	83.222.111.76
Jan 19, 2025 03:48:02.686213017 CET	42080	13566	192.168.2.14	83.222.216.35
Jan 19, 2025 03:48:02.691150904 CET	13566	42080	83.222.216.35	192.168.2.14
Jan 19, 2025 03:48:02.691793919 CET	42080	13566	192.168.2.14	83.222.216.35
Jan 19, 2025 03:48:02.693820953 CET	60196	13566	192.168.2.14	83.222.63.188
Jan 19, 2025 03:48:02.697820902 CET	39038	13566	192.168.2.14	83.222.132.171
Jan 19, 2025 03:48:02.698921919 CET	13566	60196	83.222.63.188	192.168.2.14
Jan 19, 2025 03:48:02.699007988 CET	60196	13566	192.168.2.14	83.222.63.188
Jan 19, 2025 03:48:02.702069998 CET	52470	13566	192.168.2.14	83.222.30.40
Jan 19, 2025 03:48:02.703406096 CET	13566	39038	83.222.132.171	192.168.2.14
Jan 19, 2025 03:48:02.703463078 CET	39038	13566	192.168.2.14	83.222.132.171
Jan 19, 2025 03:48:02.705565929 CET	39674	13566	192.168.2.14	83.222.143.231
Jan 19, 2025 03:48:02.706942081 CET	13566	52470	83.222.30.40	192.168.2.14
Jan 19, 2025 03:48:02.706989050 CET	52470	13566	192.168.2.14	83.222.30.40
Jan 19, 2025 03:48:02.708790064 CET	58456	13566	192.168.2.14	83.222.100.166
Jan 19, 2025 03:48:02.711221933 CET	13566	39674	83.222.143.231	192.168.2.14
Jan 19, 2025 03:48:02.711334944 CET	39674	13566	192.168.2.14	83.222.143.231
Jan 19, 2025 03:48:02.711975098 CET	38340	13566	192.168.2.14	83.222.88.210
Jan 19, 2025 03:48:02.714184999 CET	13566	58456	83.222.100.166	192.168.2.14
Jan 19, 2025 03:48:02.714235067 CET	58456	13566	192.168.2.14	83.222.100.166
Jan 19, 2025 03:48:02.715156078 CET	48246	13566	192.168.2.14	83.222.96.24
Jan 19, 2025 03:48:02.717104912 CET	13566	38340	83.222.88.210	192.168.2.14
Jan 19, 2025 03:48:02.717183113 CET	38340	13566	192.168.2.14	83.222.88.210
Jan 19, 2025 03:48:02.718467951 CET	59208	13566	192.168.2.14	83.222.232.124
Jan 19, 2025 03:48:02.721276045 CET	13566	48246	83.222.96.24	192.168.2.14
Jan 19, 2025 03:48:02.721370935 CET	48246	13566	192.168.2.14	83.222.96.24
Jan 19, 2025 03:48:02.722143888 CET	36742	13566	192.168.2.14	83.222.129.29
Jan 19, 2025 03:48:02.723834038 CET	13566	59208	83.222.232.124	192.168.2.14
Jan 19, 2025 03:48:02.723892927 CET	59208	13566	192.168.2.14	83.222.232.124
Jan 19, 2025 03:48:02.727943897 CET	34570	13566	192.168.2.14	83.222.186.149
Jan 19, 2025 03:48:02.728193998 CET	13566	36742	83.222.129.29	192.168.2.14
Jan 19, 2025 03:48:02.728290081 CET	36742	13566	192.168.2.14	83.222.129.29
Jan 19, 2025 03:48:02.732708931 CET	60898	13566	192.168.2.14	83.222.11.34
Jan 19, 2025 03:48:02.733390093 CET	13566	34570	83.222.186.149	192.168.2.14
Jan 19, 2025 03:48:02.733442068 CET	34570	13566	192.168.2.14	83.222.186.149
Jan 19, 2025 03:48:02.737615108 CET	37622	13566	192.168.2.14	83.222.5.216
Jan 19, 2025 03:48:02.737735033 CET	13566	60898	83.222.11.34	192.168.2.14
Jan 19, 2025 03:48:02.737788916 CET	60898	13566	192.168.2.14	83.222.11.34
Jan 19, 2025 03:48:02.742516994 CET	13566	37622	83.222.5.216	192.168.2.14
Jan 19, 2025 03:48:02.742589951 CET	37622	13566	192.168.2.14	83.222.5.216
Jan 19, 2025 03:48:02.743141890 CET	56130	13566	192.168.2.14	83.222.163.188
Jan 19, 2025 03:48:02.748038054 CET	13566	56130	83.222.163.188	192.168.2.14
Jan 19, 2025 03:48:02.748087883 CET	56130	13566	192.168.2.14	83.222.163.188
Jan 19, 2025 03:48:02.748467922 CET	54526	13566	192.168.2.14	83.222.145.18
Jan 19, 2025 03:48:02.753768921 CET	51736	13566	192.168.2.14	83.222.8.105
Jan 19, 2025 03:48:02.753890038 CET	13566	54526	83.222.145.18	192.168.2.14
Jan 19, 2025 03:48:02.753938913 CET	54526	13566	192.168.2.14	83.222.145.18
Jan 19, 2025 03:48:02.758249044 CET	52026	13566	192.168.2.14	83.222.53.71
Jan 19, 2025 03:48:02.758691072 CET	13566	51736	83.222.8.105	192.168.2.14
Jan 19, 2025 03:48:02.758750916 CET	51736	13566	192.168.2.14	83.222.8.105
Jan 19, 2025 03:48:02.762011051 CET	37738	13566	192.168.2.14	83.222.37.186
Jan 19, 2025 03:48:02.763134003 CET	13566	52026	83.222.53.71	192.168.2.14
Jan 19, 2025 03:48:02.763284922 CET	52026	13566	192.168.2.14	83.222.53.71
Jan 19, 2025 03:48:02.766931057 CET	13566	37738	83.222.37.186	192.168.2.14
Jan 19, 2025 03:48:02.766980886 CET	37738	13566	192.168.2.14	83.222.37.186
Jan 19, 2025 03:48:02.767257929 CET	57406	13566	192.168.2.14	83.222.242.67
Jan 19, 2025 03:48:02.772176981 CET	38902	13566	192.168.2.14	83.222.226.130
Jan 19, 2025 03:48:02.772320986 CET	13566	57406	83.222.242.67	192.168.2.14
Jan 19, 2025 03:48:02.772389889 CET	57406	13566	192.168.2.14	83.222.242.67
Jan 19, 2025 03:48:02.776107073 CET	53886	13566	192.168.2.14	83.222.43.70
Jan 19, 2025 03:48:02.777420044 CET	13566	38902	83.222.226.130	192.168.2.14
Jan 19, 2025 03:48:02.777590990 CET	38902	13566	192.168.2.14	83.222.226.130
Jan 19, 2025 03:48:02.781080961 CET	13566	53886	83.222.43.70	192.168.2.14
Jan 19, 2025 03:48:02.781153917 CET	53886	13566	192.168.2.14	83.222.43.70
Jan 19, 2025 03:48:02.781790972 CET	52396	13566	192.168.2.14	83.222.40.131
Jan 19, 2025 03:48:02.786695957 CET	13566	52396	83.222.40.131	192.168.2.14
Jan 19, 2025 03:48:02.786735058 CET	52396	13566	192.168.2.14	83.222.40.131
Jan 19, 2025 03:48:02.789103031 CET	56966	13566	192.168.2.14	83.222.24.137
Jan 19, 2025 03:48:02.793936968 CET	13566	56966	83.222.24.137	192.168.2.14
Jan 19, 2025 03:48:02.793984890 CET	56966	13566	192.168.2.14	83.222.24.137
Jan 19, 2025 03:48:02.794437885 CET	45558	13566	192.168.2.14	83.222.155.0
Jan 19, 2025 03:48:02.799866915 CET	13566	45558	83.222.155.0	192.168.2.14
Jan 19, 2025 03:48:02.799938917 CET	45558	13566	192.168.2.14	83.222.155.0
Jan 19, 2025 03:48:02.800688028 CET	45558	13566	192.168.2.14	83.222.155.0
Jan 19, 2025 03:48:02.803749084 CET	58906	13566	192.168.2.14	83.222.5.28
Jan 19, 2025 03:48:02.806804895 CET	13566	45558	83.222.155.0	192.168.2.14
Jan 19, 2025 03:48:02.806849003 CET	45558	13566	192.168.2.14	83.222.155.0
Jan 19, 2025 03:48:02.808806896 CET	13566	58906	83.222.5.28	192.168.2.14
Jan 19, 2025 03:48:02.808861017 CET	58906	13566	192.168.2.14	83.222.5.28
Jan 19, 2025 03:48:02.812172890 CET	56866	13566	192.168.2.14	83.222.29.192
Jan 19, 2025 03:48:02.817733049 CET	53950	13566	192.168.2.14	83.222.178.41
Jan 19, 2025 03:48:02.818020105 CET	13566	56866	83.222.29.192	192.168.2.14
Jan 19, 2025 03:48:02.818094969 CET	56866	13566	192.168.2.14	83.222.29.192
Jan 19, 2025 03:48:02.823406935 CET	45930	13566	192.168.2.14	83.222.226.183
Jan 19, 2025 03:48:02.824300051 CET	13566	53950	83.222.178.41	192.168.2.14
Jan 19, 2025 03:48:02.824350119 CET	53950	13566	192.168.2.14	83.222.178.41
Jan 19, 2025 03:48:02.828314066 CET	50742	13566	192.168.2.14	83.222.1.134
Jan 19, 2025 03:48:02.828318119 CET	13566	45930	83.222.226.183	192.168.2.14
Jan 19, 2025 03:48:02.828371048 CET	45930	13566	192.168.2.14	83.222.226.183
Jan 19, 2025 03:48:02.833231926 CET	13566	50742	83.222.1.134	192.168.2.14
Jan 19, 2025 03:48:02.833314896 CET	50742	13566	192.168.2.14	83.222.1.134
Jan 19, 2025 03:48:02.834142923 CET	40090	13566	192.168.2.14	83.222.115.146
Jan 19, 2025 03:48:02.838783026 CET	43030	13566	192.168.2.14	83.222.152.124
Jan 19, 2025 03:48:02.838951111 CET	13566	40090	83.222.115.146	192.168.2.14
Jan 19, 2025 03:48:02.839008093 CET	40090	13566	192.168.2.14	83.222.115.146
Jan 19, 2025 03:48:02.843724012 CET	13566	43030	83.222.152.124	192.168.2.14
Jan 19, 2025 03:48:02.843787909 CET	43030	13566	192.168.2.14	83.222.152.124
Jan 19, 2025 03:48:02.844630957 CET	57026	13566	192.168.2.14	83.222.252.206
Jan 19, 2025 03:48:02.849266052 CET	50592	13566	192.168.2.14	83.222.195.33
Jan 19, 2025 03:48:02.849585056 CET	13566	57026	83.222.252.206	192.168.2.14
Jan 19, 2025 03:48:02.849643946 CET	57026	13566	192.168.2.14	83.222.252.206
Jan 19, 2025 03:48:02.854199886 CET	13566	50592	83.222.195.33	192.168.2.14
Jan 19, 2025 03:48:02.854264975 CET	50592	13566	192.168.2.14	83.222.195.33
Jan 19, 2025 03:48:02.855186939 CET	51544	13566	192.168.2.14	83.222.136.182
Jan 19, 2025 03:48:02.860055923 CET	13566	51544	83.222.136.182	192.168.2.14
Jan 19, 2025 03:48:02.860223055 CET	51544	13566	192.168.2.14	83.222.136.182
Jan 19, 2025 03:48:02.860835075 CET	57446	13566	192.168.2.14	83.222.101.106
Jan 19, 2025 03:48:02.865699053 CET	13566	57446	83.222.101.106	192.168.2.14
Jan 19, 2025 03:48:02.865771055 CET	57446	13566	192.168.2.14	83.222.101.106
Jan 19, 2025 03:48:02.866522074 CET	42592	13566	192.168.2.14	83.222.56.144
Jan 19, 2025 03:48:02.870625973 CET	42752	13566	192.168.2.14	83.222.176.96
Jan 19, 2025 03:48:02.871373892 CET	13566	42592	83.222.56.144	192.168.2.14
Jan 19, 2025 03:48:02.871582985 CET	42592	13566	192.168.2.14	83.222.56.144
Jan 19, 2025 03:48:02.874345064 CET	53506	13566	192.168.2.14	83.222.19.200
Jan 19, 2025 03:48:02.875483036 CET	13566	42752	83.222.176.96	192.168.2.14
Jan 19, 2025 03:48:02.875528097 CET	42752	13566	192.168.2.14	83.222.176.96
Jan 19, 2025 03:48:02.877947092 CET	45816	13566	192.168.2.14	83.222.233.174
Jan 19, 2025 03:48:02.879241943 CET	13566	53506	83.222.19.200	192.168.2.14
Jan 19, 2025 03:48:02.879297018 CET	53506	13566	192.168.2.14	83.222.19.200
Jan 19, 2025 03:48:02.882786989 CET	13566	45816	83.222.233.174	192.168.2.14
Jan 19, 2025 03:48:02.882857084 CET	45816	13566	192.168.2.14	83.222.233.174
Jan 19, 2025 03:48:02.898417950 CET	33962	13566	192.168.2.14	83.222.200.239
Jan 19, 2025 03:48:02.903968096 CET	13566	33962	83.222.200.239	192.168.2.14
Jan 19, 2025 03:48:02.904038906 CET	33962	13566	192.168.2.14	83.222.200.239
Jan 19, 2025 03:48:02.908576012 CET	33962	13566	192.168.2.14	83.222.200.239
Jan 19, 2025 03:48:02.914414883 CET	13566	33962	83.222.200.239	192.168.2.14
Jan 19, 2025 03:48:02.914474010 CET	33962	13566	192.168.2.14	83.222.200.239
Jan 19, 2025 03:48:02.915879965 CET	45668	13566	192.168.2.14	83.222.203.229
Jan 19, 2025 03:48:02.917032957 CET	47870	13566	192.168.2.14	83.222.175.125
Jan 19, 2025 03:48:02.919724941 CET	54742	13566	192.168.2.14	83.222.14.145
Jan 19, 2025 03:48:02.920806885 CET	13566	45668	83.222.203.229	192.168.2.14
Jan 19, 2025 03:48:02.920994997 CET	45668	13566	192.168.2.14	83.222.203.229
Jan 19, 2025 03:48:02.921063900 CET	52166	13566	192.168.2.14	83.222.52.15
Jan 19, 2025 03:48:02.921958923 CET	13566	47870	83.222.175.125	192.168.2.14
Jan 19, 2025 03:48:02.922007084 CET	47870	13566	192.168.2.14	83.222.175.125
Jan 19, 2025 03:48:02.922259092 CET	36798	13566	192.168.2.14	83.222.23.168
Jan 19, 2025 03:48:02.924547911 CET	13566	54742	83.222.14.145	192.168.2.14
Jan 19, 2025 03:48:02.924604893 CET	54742	13566	192.168.2.14	83.222.14.145
Jan 19, 2025 03:48:02.924853086 CET	44866	13566	192.168.2.14	83.222.162.176
Jan 19, 2025 03:48:02.925826073 CET	13566	52166	83.222.52.15	192.168.2.14
Jan 19, 2025 03:48:02.925877094 CET	52166	13566	192.168.2.14	83.222.52.15
Jan 19, 2025 03:48:02.926026106 CET	40294	13566	192.168.2.14	83.222.36.158
Jan 19, 2025 03:48:02.927158117 CET	13566	36798	83.222.23.168	192.168.2.14
Jan 19, 2025 03:48:02.927198887 CET	45606	13566	192.168.2.14	83.222.126.231
Jan 19, 2025 03:48:02.927202940 CET	36798	13566	192.168.2.14	83.222.23.168
Jan 19, 2025 03:48:02.928529978 CET	58972	13566	192.168.2.14	83.222.191.6
Jan 19, 2025 03:48:02.929723024 CET	13566	44866	83.222.162.176	192.168.2.14
Jan 19, 2025 03:48:02.929775953 CET	38108	13566	192.168.2.14	83.222.157.36
Jan 19, 2025 03:48:02.929775953 CET	44866	13566	192.168.2.14	83.222.162.176
Jan 19, 2025 03:48:02.930896997 CET	13566	40294	83.222.36.158	192.168.2.14
Jan 19, 2025 03:48:02.930994987 CET	40294	13566	192.168.2.14	83.222.36.158
Jan 19, 2025 03:48:02.931149960 CET	57816	13566	192.168.2.14	83.222.112.213
Jan 19, 2025 03:48:02.932029963 CET	13566	45606	83.222.126.231	192.168.2.14
Jan 19, 2025 03:48:02.932082891 CET	45606	13566	192.168.2.14	83.222.126.231
Jan 19, 2025 03:48:02.932308912 CET	44496	13566	192.168.2.14	83.222.180.32
Jan 19, 2025 03:48:02.933362961 CET	13566	58972	83.222.191.6	192.168.2.14
Jan 19, 2025 03:48:02.933413029 CET	58972	13566	192.168.2.14	83.222.191.6
Jan 19, 2025 03:48:02.933474064 CET	47882	13566	192.168.2.14	83.222.54.199
Jan 19, 2025 03:48:02.934637070 CET	13566	38108	83.222.157.36	192.168.2.14
Jan 19, 2025 03:48:02.935605049 CET	38108	13566	192.168.2.14	83.222.157.36
Jan 19, 2025 03:48:02.935976028 CET	13566	57816	83.222.112.213	192.168.2.14
Jan 19, 2025 03:48:02.936050892 CET	57816	13566	192.168.2.14	83.222.112.213
Jan 19, 2025 03:48:02.936217070 CET	38748	13566	192.168.2.14	83.222.232.31
Jan 19, 2025 03:48:02.937247992 CET	13566	44496	83.222.180.32	192.168.2.14
Jan 19, 2025 03:48:02.937305927 CET	44496	13566	192.168.2.14	83.222.180.32
Jan 19, 2025 03:48:02.937515974 CET	40784	13566	192.168.2.14	83.222.118.176
Jan 19, 2025 03:48:02.938263893 CET	13566	47882	83.222.54.199	192.168.2.14
Jan 19, 2025 03:48:02.938314915 CET	47882	13566	192.168.2.14	83.222.54.199
Jan 19, 2025 03:48:02.938777924 CET	40596	13566	192.168.2.14	83.222.14.65
Jan 19, 2025 03:48:02.940064907 CET	46720	13566	192.168.2.14	83.222.149.189
Jan 19, 2025 03:48:02.941071987 CET	13566	38748	83.222.232.31	192.168.2.14
Jan 19, 2025 03:48:02.941123962 CET	38748	13566	192.168.2.14	83.222.232.31
Jan 19, 2025 03:48:02.941278934 CET	42912	13566	192.168.2.14	83.222.190.164
Jan 19, 2025 03:48:02.942341089 CET	13566	40784	83.222.118.176	192.168.2.14
Jan 19, 2025 03:48:02.942390919 CET	40784	13566	192.168.2.14	83.222.118.176
Jan 19, 2025 03:48:02.942620993 CET	52900	13566	192.168.2.14	83.222.79.242
Jan 19, 2025 03:48:02.943658113 CET	13566	40596	83.222.14.65	192.168.2.14
Jan 19, 2025 03:48:02.943708897 CET	40596	13566	192.168.2.14	83.222.14.65
Jan 19, 2025 03:48:02.943866968 CET	32918	13566	192.168.2.14	83.222.179.102
Jan 19, 2025 03:48:02.944931030 CET	13566	46720	83.222.149.189	192.168.2.14
Jan 19, 2025 03:48:02.945027113 CET	46720	13566	192.168.2.14	83.222.149.189
Jan 19, 2025 03:48:02.945200920 CET	44368	13566	192.168.2.14	83.222.154.85
Jan 19, 2025 03:48:02.946105957 CET	13566	42912	83.222.190.164	192.168.2.14
Jan 19, 2025 03:48:02.946258068 CET	42912	13566	192.168.2.14	83.222.190.164
Jan 19, 2025 03:48:02.947484016 CET	13566	52900	83.222.79.242	192.168.2.14
Jan 19, 2025 03:48:02.947886944 CET	52900	13566	192.168.2.14	83.222.79.242
Jan 19, 2025 03:48:02.947938919 CET	54202	13566	192.168.2.14	83.222.22.190
Jan 19, 2025 03:48:02.948693037 CET	13566	32918	83.222.179.102	192.168.2.14
Jan 19, 2025 03:48:02.948924065 CET	32918	13566	192.168.2.14	83.222.179.102
Jan 19, 2025 03:48:02.950155020 CET	13566	44368	83.222.154.85	192.168.2.14
Jan 19, 2025 03:48:02.950295925 CET	44368	13566	192.168.2.14	83.222.154.85
Jan 19, 2025 03:48:02.952873945 CET	13566	54202	83.222.22.190	192.168.2.14
Jan 19, 2025 03:48:02.954281092 CET	54202	13566	192.168.2.14	83.222.22.190
Jan 19, 2025 03:48:02.958509922 CET	54202	13566	192.168.2.14	83.222.22.190
Jan 19, 2025 03:48:02.963443995 CET	13566	54202	83.222.22.190	192.168.2.14
Jan 19, 2025 03:48:02.963659048 CET	54202	13566	192.168.2.14	83.222.22.190
Jan 19, 2025 03:48:02.963722944 CET	32824	13566	192.168.2.14	83.222.243.148
Jan 19, 2025 03:48:02.968616009 CET	13566	32824	83.222.243.148	192.168.2.14
Jan 19, 2025 03:48:02.968677044 CET	32824	13566	192.168.2.14	83.222.243.148
Jan 19, 2025 03:48:02.974401951 CET	32824	13566	192.168.2.14	83.222.243.148
Jan 19, 2025 03:48:02.980685949 CET	13566	32824	83.222.243.148	192.168.2.14
Jan 19, 2025 03:48:02.980768919 CET	32824	13566	192.168.2.14	83.222.243.148
Jan 19, 2025 03:48:02.982429028 CET	38542	13566	192.168.2.14	83.222.166.179
Jan 19, 2025 03:48:02.987921000 CET	13566	38542	83.222.166.179	192.168.2.14
Jan 19, 2025 03:48:02.988065004 CET	38542	13566	192.168.2.14	83.222.166.179
Jan 19, 2025 03:48:02.998406887 CET	38542	13566	192.168.2.14	83.222.166.179
Jan 19, 2025 03:48:03.004673004 CET	13566	38542	83.222.166.179	192.168.2.14
Jan 19, 2025 03:48:03.004829884 CET	38542	13566	192.168.2.14	83.222.166.179
Jan 19, 2025 03:48:03.014534950 CET	47758	13566	192.168.2.14	83.222.154.67
Jan 19, 2025 03:48:03.019908905 CET	13566	47758	83.222.154.67	192.168.2.14
Jan 19, 2025 03:48:03.020072937 CET	47758	13566	192.168.2.14	83.222.154.67
Jan 19, 2025 03:48:03.062884092 CET	47758	13566	192.168.2.14	83.222.154.67
Jan 19, 2025 03:48:03.067919970 CET	13566	47758	83.222.154.67	192.168.2.14
Jan 19, 2025 03:48:03.068123102 CET	47758	13566	192.168.2.14	83.222.154.67
Jan 19, 2025 03:48:03.120899916 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:48:03.127135038 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:48:03.127310038 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:48:03.132611036 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:48:03.138648987 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:48:03.138751030 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:48:03.145589113 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:48:13.141882896 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:48:13.147242069 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:48:13.350084066 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:48:13.350161076 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:48:13.725045919 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:48:13.725209951 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:49:13.772367954 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:49:13.777757883 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:49:14.035149097 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:49:14.035480976 CET	56540	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 03:49:14.727818966 CET	13566	56540	83.222.191.90	192.168.2.14
Jan 19, 2025 03:49:14.728261948 CET	56540	13566	192.168.2.14	83.222.191.90

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2025 03:48:03.107661009 CET	49997	53	192.168.2.14	8.8.8.8
Jan 19, 2025 03:48:03.118324995 CET	53	49997	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 19, 2025 03:48:03.107661009 CET	192.168.2.14	8.8.8.8	0xa6b3	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 19, 2025 03:48:03.118324995 CET	8.8.8.8	192.168.2.14	0xa6b3	No error (0)	secure-network-rebirthltd.ru		83.222.191.90	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: Kloki.m68k.elf PID: 5487, Parent PID: 5412

General

Start time (UTC):	02:48:00
Start date (UTC):	19/01/2025
Path:	/tmp/Kloki.m68k.elf
Arguments:	/tmp/Kloki.m68k.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: Kloki.m68k.elf PID: 5489, Parent PID: 5487

General

Start time (UTC):	02:48:00
Start date (UTC):	19/01/2025
Path:	/tmp/Kloki.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: Kloki.m68k.elf PID: 5492, Parent PID: 5487

General

Start time (UTC):	02:48:00
Start date (UTC):	19/01/2025
Path:	/tmp/Kloki.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: Kloki.m68k.elf PID: 5494, Parent PID: 5492

General

Start time (UTC):	02:48:00
Start date (UTC):	19/01/2025
Path:	/tmp/Kloki.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

File Activities

File Opened

Directory Enumerated

Process Activities

Signal Sent

Thread Sleep

Chronological Activities

Analysis Process: gnome-session-binary PID: 5496, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5496, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

Chronological Activities

Analysis Process: gnome-session-binary PID: 5521, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5521, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gnome-shell PID: 5521, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

File Activities

File Opened

Chronological Activities

Analysis Process: gnome-session-binary PID: 5522, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5522, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gnome-session-binary PID: 5523, Parent PID: 1383

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gdm3 PID: 5524, Parent PID: 1289

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 5524, Parent PID: 1289

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gdm3 PID: 5529, Parent PID: 1289

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 5529, Parent PID: 1289

General

Start time (UTC):	02:48:01
Start date (UTC):	19/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

Chronological Activities

Analysis Process: systemd PID: 5535, Parent PID: 1

General

Start time (UTC):	02:48:11
Start date (UTC):	19/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: systemd-user-runtime-dir PID: 5535, Parent PID: 1

General

Start time (UTC):	02:48:11
Start date (UTC):	19/01/2025
Path:	/lib/systemd/systemd-user-runtime-dir
Arguments:	/lib/systemd/systemd-user-runtime-dir stop 127
File size:	22672 bytes
MD5 hash:	d55f4b0847f88131dbcfb07435178e54

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Kloki.m68k.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: Kloki.m68k.elf PID: 5487, Parent PID: 5412

General

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: Kloki.m68k.elf PID: 5489, Parent PID: 5487

General

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Linux Analysis Report
Kloki.m68k.elf