Play interactive tour

Edit tour

Linux Analysis Report KPz4ERtS9a

Overview

General Information

Sample Name:	KPz4ERtS9a
Analysis ID:	508203
MD5:	066901d9ef64208c0daf3e6f428f7185
SHA1:	b012217d9b8e1a80a8d077cfdabcef03a12d15af
SHA256:	3a0dd755b8ef388ccb5dcdfc94a543450a8974830b87f0ea284c9de7356d1bef
Tags:	32elfintelmirai
Infos:
Most interesting Screenshot:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample deletes itself

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Classification

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	508203
Start date:	24.10.2021
Start time:	09:39:09
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	KPz4ERtS9a
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.troj.evad.lin@0/1@1/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

KPz4ERtS9a (PID: 5216, Parent: 5110, MD5: 066901d9ef64208c0daf3e6f428f7185) Arguments: /tmp/KPz4ERtS9a

KPz4ERtS9a New Fork (PID: 5217, Parent: 5216)

KPz4ERtS9a New Fork (PID: 5218, Parent: 5216)

dash New Fork (PID: 5240, Parent: 4331)

cat (PID: 5240, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.txS7eGBKCG

dash New Fork (PID: 5241, Parent: 4331)

head (PID: 5241, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 5242, Parent: 4331)

tr (PID: 5242, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 5243, Parent: 4331)

cut (PID: 5243, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 5244, Parent: 4331)

cat (PID: 5244, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.txS7eGBKCG

dash New Fork (PID: 5245, Parent: 4331)

head (PID: 5245, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 5246, Parent: 4331)

tr (PID: 5246, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 5247, Parent: 4331)

cut (PID: 5247, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 5248, Parent: 4331)

rm (PID: 5248, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.txS7eGBKCG /tmp/tmp.JsHkh9sVIe /tmp/tmp.UY8RlWyiIl

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
KPz4ERtS9a	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x10bac:$xo1: \x19;.=885{azd 0x10c1c:$xo1: \x19;.=885{azd 0x10c80:$xo1: \x19;.=885{azd 0x10cec:$xo1: \x19;.=885{azd 0x10d58:$xo1: \x19;.=885{azd 0x10e4c:$xo1: \x19;.=885{azd 0x10f60:$xo1: \x175 366;uotj 0x10fd0:$xo1: \x175 366;uotj 0x11040:$xo1: \x175 366;uotj 0x110b0:$xo1: \x175 366;uotj 0x11120:$xo1: \x175 366;uotj 0x11198:$xo1: \x19;.=885{azd 0x111dc:$xo1: \x19;.=885{azd 0x11228:$xo1: \x19;.=885{azd 0x11284:$xo1: \x19;.=885{azd 0x112cc:$xo1: \x19;.=885{azd 0x11318:$xo1: \x19;.=885{azd 0x1135c:$xo1: \x19;.=885{azd

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5216.1.0000000051390be1.000000002d48251b.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x5d0:$xo1: \x175 366;uotj 0x648:$xo1: \x175 366;uotj 0x6c0:$xo1: \x175 366;uotj 0x738:$xo1: \x175 366;uotj 0x7b0:$xo1: \x175 366;uotj 0x830:$xo1: \x19;.=885{azd 0x8a0:$xo1: \x19;.=885{azd 0x908:$xo1: \x19;.=885{azd 0x978:$xo1: \x19;.=885{azd 0x9e8:$xo1: \x19;.=885{azd 0xae8:$xo1: \x19;.=885{azd 0xba0:$xo1: \x19;.=885{azd 0xbe8:$xo1: \x19;.=885{azd 0xc38:$xo1: \x19;.=885{azd 0xc98:$xo1: \x19;.=885{azd 0xce0:$xo1: \x19;.=885{azd 0xd00:$xo1: \x19;.=885{azd 0xd50:$xo1: \x19;.=885{azd 0xd98:$xo1: \x19;.=885{azd 0xdf8:$xo1: \x19;.=885{azd
5216.1.000000001a887bdc.0000000019a04c35.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x10bac:$xo1: \x19;.=885{azd 0x10c1c:$xo1: \x19;.=885{azd 0x10c80:$xo1: \x19;.=885{azd 0x10cec:$xo1: \x19;.=885{azd 0x10d58:$xo1: \x19;.=885{azd 0x10e4c:$xo1: \x19;.=885{azd 0x10f60:$xo1: \x175 366;uotj 0x10fd0:$xo1: \x175 366;uotj 0x11040:$xo1: \x175 366;uotj 0x110b0:$xo1: \x175 366;uotj 0x11120:$xo1: \x175 366;uotj 0x11198:$xo1: \x19;.=885{azd 0x111dc:$xo1: \x19;.=885{azd 0x11228:$xo1: \x19;.=885{azd 0x11284:$xo1: \x19;.=885{azd 0x112cc:$xo1: \x19;.=885{azd 0x11318:$xo1: \x19;.=885{azd 0x1135c:$xo1: \x19;.=885{azd

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: KPz4ERtS9a	Virustotal: Detection: 51%	Perma Link
Source: KPz4ERtS9a	Metadefender: Detection: 40%	Perma Link
Source: KPz4ERtS9a	ReversingLabs: Detection: 67%

Machine Learning detection for sample

Show sources

Source: KPz4ERtS9a

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:51508
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:51508
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60806
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:50756
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60818
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60828
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60838
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60846
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60884
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60906
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60926
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60952
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60992
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42198
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:51850
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:51850
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 177.22.89.165:23 -> 192.168.2.23:57382
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42234
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51196
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51198
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51202
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51206
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51212
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51034
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51216
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51222
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51234
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51252
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42252
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51260
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:58840
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42328
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42364
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42396
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42418
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43518
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46386
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46386
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42460
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48098
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:43638
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42486
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:38932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52132
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52132
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42520
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48098
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51330
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46468
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46468
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43632
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48180
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59100
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48180
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54230
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:35672
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:35672
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54230
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46560
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46560
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43720
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48266
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54298
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54298
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48266
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.125.85:23 -> 192.168.2.23:47270
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54352
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:43852
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39146
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43802
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48348
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46628
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46628
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.81.162.113:23 -> 192.168.2.23:33038
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54352
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51546
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52426
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52426
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54450
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48348
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54450
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52604
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48474
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54516
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43954
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59386
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46822
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46822
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54516
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52666
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48474
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:35986
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:35986
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54550
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52682
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54550
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48544
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52698
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44024
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54592
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48544
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54592
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43824
Source: Traffic	Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.23:52206 -> 14.248.94.6:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48604
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52732
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44154
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44080
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39448
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39390
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39402
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51826
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52790
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39420
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39430
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48604
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58508
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47004
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47004
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39444
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39452
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58532
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39462
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52838
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52738
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52738
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48720
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39470
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58544
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 178.168.127.193:23 -> 192.168.2.23:42990
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 178.168.127.193:23 -> 192.168.2.23:42990
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39494
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44192
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39520
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59694
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48720
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44270
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:41932
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:38928
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45188
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47148
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47148
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:36296
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:36296
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:41932
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45188
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:38970
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58590
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39000
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42012
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45266
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.228.18.253:23 -> 192.168.2.23:55052
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.228.18.253:23 -> 192.168.2.23:55052
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44384
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45266
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39020
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42012
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44464
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47260
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47260
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39762
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39044
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45306
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42060
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48258
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48258
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:52118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58676
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58676
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39060
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45306
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39080
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42060
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45352
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42112
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39100
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 178.168.127.193:23 -> 192.168.2.23:43262
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 178.168.127.193:23 -> 192.168.2.23:43262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45352
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 212.160.213.100:23 -> 192.168.2.23:56512
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 212.160.213.100:23 -> 192.168.2.23:56512
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:41906
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:53066
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:53066
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39154
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42112
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45438
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58772
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58772
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:41906
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59994
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39190
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45438
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42218
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:41978
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45480
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42218
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48434
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:41978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:36590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:36590
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45480
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42258
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58878
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58878
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:42018
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.16.106.54:23 -> 192.168.2.23:49514
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42258
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:42018
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.16.106.54:23 -> 192.168.2.23:49514
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:40016
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42312
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45578
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:52372
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.228.18.253:23 -> 192.168.2.23:55352
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.228.18.253:23 -> 192.168.2.23:55352
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.16.106.54:23 -> 192.168.2.23:49580
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58958
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58958
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42312
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.16.106.54:23 -> 192.168.2.23:49580
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48552
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45626
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42376

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35004
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45692
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45698
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45706
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45744
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45768
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45778
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53936
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53968

Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.21.6.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.69.36.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 92.75.184.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.66.120.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.146.134.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.18.224.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 121.147.145.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.140.51.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.251.146.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 136.13.0.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.44.18.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.19.37.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.196.28.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 73.79.120.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.48.13.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 149.71.209.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.134.247.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.33.207.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.117.122.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.31.121.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.58.142.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.181.38.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 108.137.178.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.79.19.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.17.177.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 62.214.9.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 68.8.161.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.63.251.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.182.0.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.123.188.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 178.181.38.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.182.55.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 5.253.202.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.195.248.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.188.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 102.181.145.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 177.113.114.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:49008 -> 107.189.1.185:9331
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 146.47.157.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.70.243.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.106.126.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.170.201.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 49.162.191.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 51.98.218.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 31.246.114.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.5.62.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.161.208.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.60.154.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.3.46.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.48.26.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.197.142.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.12.142.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.99.210.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.228.112.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 184.213.49.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.90.101.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.122.93.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 68.58.123.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 76.78.223.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.112.250.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 222.119.196.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 187.130.87.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 171.200.154.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.96.212.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.183.116.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 153.80.198.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.222.129.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 216.105.73.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.168.53.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.95.57.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.222.203.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.161.32.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.81.191.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.22.20.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.66.126.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.176.167.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.71.200.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 77.34.124.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.72.235.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.202.214.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 220.137.139.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.193.205.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.23.240.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.232.191.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.128.43.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.114.141.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.80.66.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.228.11.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.253.235.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.144.232.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 174.68.127.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.199.105.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.2.98.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.12.250.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.89.83.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.94.168.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.212.175.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.255.59.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.109.70.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 188.245.234.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.18.86.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.120.195.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 90.230.196.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.212.161.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 143.152.184.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.231.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.159.17.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.68.206.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.242.223.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.134.78.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.19.167.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.21.146.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.145.56.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.99.195.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.246.102.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 123.247.25.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.215.120.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 150.57.194.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.18.126.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.73.180.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 90.130.102.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 193.130.199.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.69.182.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 67.137.32.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 32.44.248.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 117.159.231.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 196.136.49.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 50.218.222.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.137.19.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.112.65.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.171.215.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.107.72.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.226.143.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 1.130.213.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 145.14.97.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 85.175.132.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 149.144.216.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.221.32.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.5.13.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.48.202.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 190.247.62.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.191.31.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.205.149.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.30.96.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.149.204.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.95.42.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.230.10.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.214.47.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.102.100.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.54.58.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.52.141.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.199.144.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.21.125.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.191.208.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.205.134.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.139.40.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.140.149.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.124.182.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.111.57.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.47.243.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 42.117.50.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 86.59.3.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.219.156.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 32.73.64.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.17.91.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 126.227.161.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.184.110.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 141.163.161.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.4.70.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 164.33.248.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 111.156.77.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 112.20.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 182.87.155.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.85.143.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 105.56.231.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.217.255.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.1.88.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 62.186.98.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.174.171.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.212.104.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.92.32.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.190.16.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.100.119.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 123.115.247.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 141.5.162.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.107.224.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.102.156.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.101.168.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 86.24.226.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.140.179.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.244.151.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.201.181.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.138.230.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.80.78.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.82.159.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.2.2.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 157.170.121.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 170.125.167.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.26.71.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 19.215.167.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.128.38.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.200.241.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.120.145.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.218.195.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.129.114.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.247.9.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 128.127.161.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 93.195.164.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.92.144.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 158.146.247.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.191.25.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 220.184.219.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.91.22.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.237.74.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.213.249.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.32.170.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.6.251.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.132.15.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.74.32.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 210.2.79.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.56.131.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.241.208.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 70.75.241.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.245.144.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.90.11.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.210.242.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.239.32.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.104.5.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.41.164.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.160.63.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 58.148.251.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 222.25.179.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 126.17.16.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.134.83.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.183.210.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.89.215.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 187.191.222.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 208.89.94.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.226.168.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.43.7.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.168.123.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 5.21.52.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.62.101.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 108.167.61.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.217.126.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 50.35.38.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.194.218.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.13.214.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.86.84.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 171.65.160.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.149.156.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 117.167.65.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.57.169.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.1.67.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.249.102.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.54.101.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.227.41.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.226.227.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.2.169.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 178.114.73.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.187.129.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.134.74.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 100.58.100.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.34.130.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.80.44.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.98.114.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.11.245.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.228.246.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.105.120.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 34.227.47.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.184.171.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 70.144.54.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.51.68.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.115.132.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 121.157.123.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.61.56.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.150.24.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.108.42.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 67.156.90.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 104.67.218.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.193.151.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 105.239.100.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.100.216.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.227.145.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.156.78.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 134.38.35.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.250.123.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.141.58.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.216.76.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.115.208.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.241.194.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.201.68.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 206.155.140.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.41.109.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 155.236.66.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.35.74.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.175.245.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.239.47.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.47.28.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 190.159.114.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.175.235.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 150.171.255.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 114.177.212.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.7.178.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.104.60.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.223.64.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.115.52.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.162.16.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.51.48.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.209.90.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 132.240.8.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.10.70.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 94.76.223.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.226.58.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.223.236.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.207.39.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.69.96.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.69.255.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 36.59.13.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.130.103.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.74.136.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.164.151.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.93.191.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.84.84.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.41.204.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.83.156.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.201.207.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 12.84.207.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.178.85.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.218.31.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.36.138.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.87.130.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.34.3.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 45.26.218.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 35.105.30.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.29.7.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 168.228.121.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.200.29.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 34.199.195.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.131.190.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.0.129.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.120.242.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 161.124.202.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 136.39.4.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 8.60.172.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 133.245.227.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 133.77.230.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.147.121.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.39.111.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.158.143.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.156.106.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 81.204.59.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.216.62.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.186.24.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.251.132.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.84.181.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.217.2.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 107.74.9.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 184.22.235.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 12.111.242.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.59.31.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.218.242.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.243.14.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 131.117.164.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.138.255.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 64.159.98.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.196.146.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 95.22.92.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.136.118.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.150.54.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.252.216.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.234.126.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.18.76.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.174.86.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.189.173.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.112.200.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.204.116.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.3.200.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.43.191.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 73.6.131.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 216.148.18.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.37.44.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 161.3.4.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.126.98.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 80.77.235.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 92.198.175.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.100.82.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.17.39.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.76.47.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 75.211.60.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.143.20.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.174.209.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.72.174.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.12.217.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.6.137.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.186.7.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 93.231.212.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.173.246.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 112.5.78.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.43.41.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 81.4.97.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.72.148.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 218.52.108.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 188.32.82.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.39.18.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.133.9.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.201.41.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.73.71.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.26.165.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.79.61.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 164.82.185.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.235.173.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 153.203.99.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.22.181.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.254.87.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.171.128.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.204.219.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 54.70.64.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.140.75.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 25.75.115.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.151.96.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.156.175.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.131.255.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 71.37.113.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 106.242.49.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.239.149.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 131.31.96.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.9.216.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 118.177.94.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.112.20.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.85.129.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.254.46.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 148.48.130.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 208.242.5.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.1.249.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 207.35.94.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.205.221.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 100.205.152.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.2.180.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.34.153.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 31.109.124.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.41.59.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.145.133.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.133.34.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.253.230.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 145.95.19.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.0.153.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.70.245.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.46.56.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.195.9.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 132.73.168.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.74.163.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.252.170.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 36.211.15.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.122.60.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.54.189.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 49.134.63.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 14.107.94.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 146.18.77.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.139.74.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.224.1.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.115.41.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.201.211.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.80.114.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 165.226.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 128.96.120.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.22.191.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.181.249.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 85.67.78.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.85.121.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.190.129.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.36.69.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.163.213.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 66.27.248.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.29.132.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.92.198.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.215.133.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.85.69.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.125.129.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 54.174.103.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.122.13.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.63.101.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.159.63.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.78.214.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.6.55.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.189.31.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.63.232.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 191.106.100.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 206.28.223.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.72.232.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.32.208.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.183.63.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.130.163.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.74.85.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.64.46.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.144.94.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 80.34.50.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.196.75.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.41.132.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.231.101.94:2323

Source: unknown

DNS traffic detected: queries for: bots1.firewalla1337.cc

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33608
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 147.21.6.145
Source: unknown	TCP traffic detected without corresponding DNS query: 75.63.206.145
Source: unknown	TCP traffic detected without corresponding DNS query: 65.6.140.118
Source: unknown	TCP traffic detected without corresponding DNS query: 181.164.126.62
Source: unknown	TCP traffic detected without corresponding DNS query: 131.152.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 49.208.236.66
Source: unknown	TCP traffic detected without corresponding DNS query: 99.237.71.59
Source: unknown	TCP traffic detected without corresponding DNS query: 93.64.74.170
Source: unknown	TCP traffic detected without corresponding DNS query: 128.112.69.96
Source: unknown	TCP traffic detected without corresponding DNS query: 192.126.211.138
Source: unknown	TCP traffic detected without corresponding DNS query: 71.16.211.246
Source: unknown	TCP traffic detected without corresponding DNS query: 175.69.36.233
Source: unknown	TCP traffic detected without corresponding DNS query: 136.126.9.62
Source: unknown	TCP traffic detected without corresponding DNS query: 24.180.34.248
Source: unknown	TCP traffic detected without corresponding DNS query: 69.12.56.128
Source: unknown	TCP traffic detected without corresponding DNS query: 185.151.178.73
Source: unknown	TCP traffic detected without corresponding DNS query: 119.191.100.30
Source: unknown	TCP traffic detected without corresponding DNS query: 14.239.149.122
Source: unknown	TCP traffic detected without corresponding DNS query: 19.151.28.152
Source: unknown	TCP traffic detected without corresponding DNS query: 63.217.201.176
Source: unknown	TCP traffic detected without corresponding DNS query: 221.160.235.34
Source: unknown	TCP traffic detected without corresponding DNS query: 5.159.197.140
Source: unknown	TCP traffic detected without corresponding DNS query: 223.80.140.70
Source: unknown	TCP traffic detected without corresponding DNS query: 37.157.36.41
Source: unknown	TCP traffic detected without corresponding DNS query: 9.248.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 202.11.117.31
Source: unknown	TCP traffic detected without corresponding DNS query: 176.219.193.183
Source: unknown	TCP traffic detected without corresponding DNS query: 92.75.184.46
Source: unknown	TCP traffic detected without corresponding DNS query: 78.52.241.43
Source: unknown	TCP traffic detected without corresponding DNS query: 38.54.232.157
Source: unknown	TCP traffic detected without corresponding DNS query: 130.44.44.135
Source: unknown	TCP traffic detected without corresponding DNS query: 223.66.120.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.209.82.201
Source: unknown	TCP traffic detected without corresponding DNS query: 79.27.213.143
Source: unknown	TCP traffic detected without corresponding DNS query: 47.146.134.61
Source: unknown	TCP traffic detected without corresponding DNS query: 100.63.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 19.59.203.40
Source: unknown	TCP traffic detected without corresponding DNS query: 157.178.135.72
Source: unknown	TCP traffic detected without corresponding DNS query: 174.143.94.249
Source: unknown	TCP traffic detected without corresponding DNS query: 54.177.179.222
Source: unknown	TCP traffic detected without corresponding DNS query: 117.231.27.144
Source: unknown	TCP traffic detected without corresponding DNS query: 128.199.40.213
Source: unknown	TCP traffic detected without corresponding DNS query: 61.15.0.158
Source: unknown	TCP traffic detected without corresponding DNS query: 179.24.253.218
Source: unknown	TCP traffic detected without corresponding DNS query: 175.56.63.70
Source: unknown	TCP traffic detected without corresponding DNS query: 70.176.87.188
Source: unknown	TCP traffic detected without corresponding DNS query: 130.18.224.225

Source: motd-news.27.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

Source: KPz4ERtS9a, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5216.1.0000000051390be1.000000002d48251b.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5216.1.000000001a887bdc.0000000019a04c35.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.evad.lin@0/1@1/0

Source: KPz4ERtS9a

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /usr/bin/dash (PID: 5248)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.txS7eGBKCG /tmp/tmp.JsHkh9sVIe /tmp/tmp.UY8RlWyiIl

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Show sources

Source: /tmp/KPz4ERtS9a (PID: 5216)

File: /tmp/KPz4ERtS9a

Jump to behavior

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35004
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45692
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45698
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45706
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45744
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45768
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45778
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53936
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53968

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	File Deletion11	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
KPz4ERtS9a	52%	Virustotal		Browse
KPz4ERtS9a	40%	Metadefender		Browse
KPz4ERtS9a	68%	ReversingLabs	Linux.Trojan.Mirai
KPz4ERtS9a	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bots1.firewalla1337.cc	8%	Virustotal		Browse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bots1.firewalla1337.cc	107.189.1.185	true	true	8%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ubuntu.com/blog/microk8s-memory-optimisation	motd-news.27.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
206.61.188.190	unknown	United States	11280	SNAPPYDSL-ASN1US	false
154.109.4.238	unknown	Tunisia	37693	TUNISIANATN	false
87.136.201.29	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
96.155.237.246	unknown	United States	7922	COMCAST-7922US	false
114.53.103.116	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
76.15.172.29	unknown	United States	12271	TWC-12271-NYCUS	false
69.119.173.255	unknown	United States	6128	CABLE-NET-1US	false
49.216.216.28	unknown	Taiwan; Republic of China (ROC)	24158	TAIWANMOBILE-ASTaiwanMobileCoLtdTW	false
183.243.36.155	unknown	China	56048	CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCN	false
19.249.21.160	unknown	United States	3	MIT-GATEWAYSUS	false
182.200.28.120	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
25.88.36.74	unknown	United Kingdom	7922	COMCAST-7922US	false
222.12.163.129	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
86.17.238.169	unknown	United Kingdom	5089	NTLGB	false
192.154.238.237	unknown	United States	64200	VIVIDHOSTINGUS	false
20.169.237.13	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
36.20.185.59	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
198.65.209.238	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
136.173.114.39	unknown	Luxembourg	43375	EP-ASEU	false
70.176.178.96	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
111.205.148.181	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
182.104.254.37	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
141.30.26.199	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
135.122.218.248	unknown	United States	18676	AVAYAUS	false
4.107.107.55	unknown	United States	3356	LEVEL3US	false
176.149.9.225	unknown	France	5410	BOUYGTEL-ISPFR	false
2.222.21.137	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
103.157.51.89	unknown	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
167.108.230.242	unknown	Uruguay	6057	AdministracionNacionaldeTelecomunicacionesUY	false
25.195.155.27	unknown	United Kingdom	7922	COMCAST-7922US	false
122.255.10.218	unknown	Sri Lanka	18001	DIALOG-ASDialogAxiataPLCLK	false
42.243.149.119	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
19.55.221.32	unknown	United States	3	MIT-GATEWAYSUS	false
173.66.71.172	unknown	United States	701	UUNETUS	false
131.87.85.231	unknown	United States	27046	DNIC-ASBLK-27032-27159US	false
113.68.61.110	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
17.54.245.74	unknown	United States	714	APPLE-ENGINEERINGUS	false
163.57.235.167	unknown	unknown	2516	KDDIKDDICORPORATIONJP	false
190.101.117.123	unknown	Chile	22047	VTRBANDAANCHASACL	false
199.121.191.229	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
12.138.97.107	unknown	United States	7018	ATT-INTERNET4US	false
103.159.224.199	unknown	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
63.80.5.76	unknown	United States	701	UUNETUS	false
13.213.91.126	unknown	United States	16509	AMAZON-02US	false
143.23.212.59	unknown	United States	11003	PANDGUS	false
57.234.176.245	unknown	Belgium	2686	ATGS-MMD-ASUS	false
111.80.249.216	unknown	Taiwan; Republic of China (ROC)	2510	INFOWEBFUJITSULIMITEDJP	false
40.131.167.177	unknown	United States	7029	WINDSTREAMUS	false
196.51.223.15	unknown	South Africa	37518	FIBERGRIDSC	false
149.64.54.60	unknown	United States	188	SAIC-ASUS	false
211.110.246.116	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
153.31.237.205	unknown	United States	25996	FBICJISUS	false
42.130.115.68	unknown	China	4249	LILLY-ASUS	false
198.61.186.238	unknown	United States	19994	RACKSPACEUS	false
64.192.132.233	unknown	United States	33548	UNWIRED-NOCUS	false
49.52.78.12	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
179.188.242.121	unknown	Brazil	27715	LocawebServicosdeInternetSABR	false
8.36.137.236	unknown	United States	3356	LEVEL3US	false
152.170.97.196	unknown	Argentina	10318	TelecomArgentinaSAAR	false
64.95.129.152	unknown	United States	395424	LOGMEIN-EMEA-1US	false
194.25.238.144	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
105.237.52.13	unknown	South Africa	16637	MTNNS-ASZA	false
87.35.240.228	unknown	Ireland	1213	HEANETIE	false
213.37.228.51	unknown	Spain	12357	COMUNITELSPAINES	false
191.14.68.220	unknown	Brazil	26599	TELEFONICABRASILSABR	false
161.87.168.175	unknown	Netherlands	14298	EPA-NETUS	false
174.40.48.84	unknown	United States	6167	CELLCO-PARTUS	false
209.63.110.87	unknown	United States	7385	ALLSTREAMUS	false
203.51.120.80	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
31.219.164.78	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
187.177.237.196	unknown	Mexico	6503	AxtelSABdeCVMX	false
35.176.86.255	unknown	United States	16509	AMAZON-02US	false
179.62.170.72	unknown	Argentina	27983	RedIntercableDigitalSAAR	false
82.148.164.138	unknown	Norway	29300	AS-DIRECTCONNECTNO	false
105.179.46.23	unknown	unknown	37228	Olleh-Rwanda-NetworksRW	false
221.200.240.250	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
191.201.125.63	unknown	Brazil	26599	TELEFONICABRASILSABR	false
202.109.79.52	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
174.162.235.66	unknown	United States	7922	COMCAST-7922US	false
165.223.234.228	unknown	United States	3550	ERX-PHILNETAteneodeManilaUniversityPH	false
149.131.179.149	unknown	United States	33022	WELLESLEY-COLLEGEUS	false
213.215.187.119	unknown	Italy	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
42.204.186.200	unknown	China	7641	CHINABTNChinaBroadcastingTVNetCN	false
200.252.67.136	unknown	Brazil	4230	CLAROSABR	false
141.239.2.110	unknown	United States	36149	HAWAIIAN-TELCOMUS	false
211.41.228.38	unknown	Korea Republic of	9943	KNCTV-ASKangNamCableTVKR	false
65.239.163.61	unknown	United States	701	UUNETUS	false
151.58.79.95	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
25.148.142.254	unknown	United Kingdom	7922	COMCAST-7922US	false
92.179.237.117	unknown	France	12479	UNI2-ASES	false
196.146.184.1	unknown	Egypt	36935	Vodafone-EG	false
25.158.212.76	unknown	United Kingdom	7922	COMCAST-7922US	false
203.147.5.113	unknown	Thailand	7616	JINET-BKK-AS-APJasmineInternetCoLtdTH	false
185.21.26.85	unknown	Italy	199324	DODONETDODONETSRL-dodonetnetwork-httpwwwdodone	false
60.252.146.232	unknown	China	17968	DQTNETDaqingzhongjipetroleumtelecommunicationconstructi	false
64.22.117.125	unknown	United States	7226	ZCOLO-ATL01US	false
150.98.213.183	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
13.133.76.171	unknown	United States	7018	ATT-INTERNET4US	false
132.150.213.184	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
125.51.29.222	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false

Runtime Messages

Command:	/tmp/KPz4ERtS9a
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	InfectedNight did its job
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
198.65.209.238	PSLItQP6x7	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
bots1.firewalla1337.cc	UNNEIaOxVM	Get hash	malicious	Browse	107.189.1.185
	ATc5uxXlTp	Get hash	malicious	Browse	107.189.1.185
	il32XbklZm	Get hash	malicious	Browse	107.189.1.185
	IN7REq0Jv5	Get hash	malicious	Browse	107.189.1.185
	HDgtpV43hX	Get hash	malicious	Browse	107.189.1.185
	B2WBaqkm8k	Get hash	malicious	Browse	107.189.1.185
	7SerHvEAjE	Get hash	malicious	Browse	107.189.1.185
	i686	Get hash	malicious	Browse	107.189.1.185
	m5DozqUO2t	Get hash	malicious	Browse	107.189.1.185
	avxeC9Wssi	Get hash	malicious	Browse	107.189.1.185
	ayx5kFWYmZ	Get hash	malicious	Browse	107.189.1.185
	p4vXpD0P73	Get hash	malicious	Browse	107.189.1.185
	j3LQELTT0m	Get hash	malicious	Browse	107.189.1.185
	BLBHEA8knd	Get hash	malicious	Browse	107.189.1.185
	mips	Get hash	malicious	Browse	107.189.1.185
	x86_64	Get hash	malicious	Browse	107.189.1.185
	arm	Get hash	malicious	Browse	107.189.1.185
	Ynffczq7m4	Get hash	malicious	Browse	107.189.1.185
	BqfM9JwIC5	Get hash	malicious	Browse	107.189.1.185
	7bkrFirKok	Get hash	malicious	Browse	107.189.1.185

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TUNISIANATN	apep.x86	Get hash	malicious	Browse	197.16.172.171
	F3br85KuNX	Get hash	malicious	Browse	197.21.89.15
	zYMp3detVO	Get hash	malicious	Browse	102.108.211.181
	Tf9ATzpdKR	Get hash	malicious	Browse	154.104.70.32
	JYWllP5wHP	Get hash	malicious	Browse	197.23.201.48
	arm7	Get hash	malicious	Browse	41.228.193.68
	x86	Get hash	malicious	Browse	197.16.42.199
	FWsCarsq8Q	Get hash	malicious	Browse	197.20.132.151
	sora.arm7	Get hash	malicious	Browse	154.110.236.111
	sora.arm	Get hash	malicious	Browse	102.107.163.127
	iSdOB1UKQv	Get hash	malicious	Browse	102.175.134.3
	Kot3UfQMDm	Get hash	malicious	Browse	102.106.77.222
	arm	Get hash	malicious	Browse	197.23.213.125
	x86	Get hash	malicious	Browse	197.17.114.178
	arm	Get hash	malicious	Browse	197.19.205.253
	7vmT7Q2se0	Get hash	malicious	Browse	196.177.53.174
	x86.light	Get hash	malicious	Browse	197.19.253.162
	x86	Get hash	malicious	Browse	197.19.253.174
	lCTNXNa4Bo	Get hash	malicious	Browse	197.19.50.8
	UniRHdW5VC	Get hash	malicious	Browse	197.19.129.118
DTAGInternetserviceprovideroperationsDE	apep.arm	Get hash	malicious	Browse	31.238.199.244
	db0fa4b8db0333367e9bda3ab68b8042.x86	Get hash	malicious	Browse	79.208.52.225
	MjqRJNVy8K	Get hash	malicious	Browse	93.230.53.41
	6NzbU4oW61	Get hash	malicious	Browse	80.128.31.249
	Rpl2Twyrts	Get hash	malicious	Browse	93.249.80.159
	MPnFvIsvJp	Get hash	malicious	Browse	84.141.10.139
	sora.arm	Get hash	malicious	Browse	217.83.112.79
	R9kV5GcwPz	Get hash	malicious	Browse	194.25.238.156
	DPJPYxGxfI	Get hash	malicious	Browse	79.213.41.48
	4RBTXTxBnt	Get hash	malicious	Browse	79.222.243.3
	T4xP1S9Fhz	Get hash	malicious	Browse	79.241.253.30
	hWT9RJDotD	Get hash	malicious	Browse	2.169.202.35
	gKCq4VLpjL	Get hash	malicious	Browse	93.254.185.68
	UYnpKcFZ2s	Get hash	malicious	Browse	31.224.103.37
	jviIYCvWBc	Get hash	malicious	Browse	79.252.137.231
	zYMp3detVO	Get hash	malicious	Browse	80.128.233.103
	lQKil1R7D9	Get hash	malicious	Browse	87.152.228.70
	oH6qNmnFRP	Get hash	malicious	Browse	80.137.89.134
	b3astmode.arm	Get hash	malicious	Browse	217.226.143.197
	b3astmode.arm7	Get hash	malicious	Browse	93.202.104.141
SNAPPYDSL-ASN1US	sora.arm	Get hash	malicious	Browse	206.61.188.185

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
fb4726d465c5f28b84cd6d14cedd13a7	vCLbAS7aPb	Get hash	malicious	Browse	54.171.230.55
	yzui4gwsrF	Get hash	malicious	Browse	54.171.230.55
	072FZHiMhs	Get hash	malicious	Browse	54.171.230.55
	sjZlfrpuyc	Get hash	malicious	Browse	54.171.230.55
	khoE2I8yer	Get hash	malicious	Browse	54.171.230.55
	wvsEoQ0khP	Get hash	malicious	Browse	54.171.230.55
	32	Get hash	malicious	Browse	54.171.230.55
	a-r.m-5.Sakura	Get hash	malicious	Browse	54.171.230.55
	NDYfrLSNFW	Get hash	malicious	Browse	54.171.230.55
	m-i.p-s.Sakura	Get hash	malicious	Browse	54.171.230.55
	6Qn1b9fB2C	Get hash	malicious	Browse	54.171.230.55
	ZSbDircdwC	Get hash	malicious	Browse	54.171.230.55
	s0bi9t	Get hash	malicious	Browse	54.171.230.55
	E7VXPEy1i2	Get hash	malicious	Browse	54.171.230.55
	JIMFLthThO	Get hash	malicious	Browse	54.171.230.55
	[cpu]	Get hash	malicious	Browse	54.171.230.55
	vC6OApPu6u	Get hash	malicious	Browse	54.171.230.55
	i686	Get hash	malicious	Browse	54.171.230.55
	4f0PBbcOBI	Get hash	malicious	Browse	54.171.230.55
	7iw4z5I41w	Get hash	malicious	Browse	54.171.230.55

Dropped Files

No context

Created / dropped Files

/var/cache/motd-news Download File
Process:	/usr/bin/cut
File Type:	ASCII text
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.515771857099866
Encrypted:	false
SSDEEP:	3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
MD5:	DD514F892B5F93ED615D366E58AC58AF
SHA1:	BA75EDB3C2232CC260BC187F604DC8F25AA72C11
SHA-256:	F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
SHA-512:	9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	* Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.

Static File Info

General
File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.394763938732628
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	KPz4ERtS9a
File size:	74512
MD5:	066901d9ef64208c0daf3e6f428f7185
SHA1:	b012217d9b8e1a80a8d077cfdabcef03a12d15af
SHA256:	3a0dd755b8ef388ccb5dcdfc94a543450a8974830b87f0ea284c9de7356d1bef
SHA512:	10e417881e4a6805b7861c3d1c707c6b4d82d23b16c94355de36ffb62aabbe8033d033dddfae6e0185a5db5424326a6a520a4b25b3adbf8e56ee824ef58fb636
SSDEEP:	1536:RwyXAG59RrNQadk8+5SCH/WzEe9PSXtkaK1Dr5ZprWwrLr/ai6d:BXAG3RrNQwk55SCH/WzEcqtkr1DtHWWk
File Content Preview:	.ELF....................d...4....!......4. ...(..................... ... ................ ..........@...@...........Q.td............................U..S.......w....h........[]...$.............U......=@....t..5....$......$.......u........t....h ...........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	74112
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xff36	0x0	0x6	AX	16
.fini	PROGBITS	0x8057fe6	0xffe6	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8058000	0x10000	0x1920	0x0	0x2	A	32
.ctors	PROGBITS	0x805a000	0x12000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805a008	0x12008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805a020	0x12020	0x120	0x0	0x3	WA	32
.bss	NOBITS	0x805a140	0x12140	0x800	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x12140	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x11920	0x11920	3.9608	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x12000	0x805a000	0x805a000	0x140	0x940	2.5092	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2021 09:39:51.953430891 CEST	33608	443	192.168.2.23	54.171.230.55
Oct 24, 2021 09:39:52.011032104 CEST	443	33608	54.171.230.55	192.168.2.23
Oct 24, 2021 09:39:52.011204004 CEST	33608	443	192.168.2.23	54.171.230.55
Oct 24, 2021 09:39:52.011779070 CEST	33608	443	192.168.2.23	54.171.230.55
Oct 24, 2021 09:39:52.071763992 CEST	443	33608	54.171.230.55	192.168.2.23
Oct 24, 2021 09:39:52.369581938 CEST	63275	2323	192.168.2.23	147.21.6.145
Oct 24, 2021 09:39:52.369596004 CEST	63275	23	192.168.2.23	75.63.206.145
Oct 24, 2021 09:39:52.369600058 CEST	63275	23	192.168.2.23	65.6.140.118
Oct 24, 2021 09:39:52.369605064 CEST	63275	23	192.168.2.23	181.164.126.62
Oct 24, 2021 09:39:52.369616032 CEST	63275	23	192.168.2.23	131.152.82.11
Oct 24, 2021 09:39:52.369635105 CEST	63275	23	192.168.2.23	49.208.236.66
Oct 24, 2021 09:39:52.369638920 CEST	63275	23	192.168.2.23	99.237.71.59
Oct 24, 2021 09:39:52.369643927 CEST	63275	23	192.168.2.23	93.64.74.170
Oct 24, 2021 09:39:52.369648933 CEST	63275	23	192.168.2.23	128.112.69.96
Oct 24, 2021 09:39:52.369651079 CEST	63275	23	192.168.2.23	192.126.211.138
Oct 24, 2021 09:39:52.369657040 CEST	63275	23	192.168.2.23	71.16.211.246
Oct 24, 2021 09:39:52.369658947 CEST	63275	2323	192.168.2.23	175.69.36.233
Oct 24, 2021 09:39:52.369662046 CEST	63275	23	192.168.2.23	136.126.9.62
Oct 24, 2021 09:39:52.369663954 CEST	63275	23	192.168.2.23	24.180.34.248
Oct 24, 2021 09:39:52.369668007 CEST	63275	23	192.168.2.23	69.12.56.128
Oct 24, 2021 09:39:52.369673014 CEST	63275	23	192.168.2.23	185.151.178.73
Oct 24, 2021 09:39:52.369677067 CEST	63275	23	192.168.2.23	128.210.177.56
Oct 24, 2021 09:39:52.369678020 CEST	63275	23	192.168.2.23	119.191.100.30
Oct 24, 2021 09:39:52.369680882 CEST	63275	23	192.168.2.23	14.239.149.122
Oct 24, 2021 09:39:52.369683027 CEST	63275	23	192.168.2.23	19.151.28.152
Oct 24, 2021 09:39:52.369687080 CEST	63275	23	192.168.2.23	63.217.201.176
Oct 24, 2021 09:39:52.369688034 CEST	63275	23	192.168.2.23	221.160.235.34
Oct 24, 2021 09:39:52.369694948 CEST	63275	23	192.168.2.23	5.159.197.140
Oct 24, 2021 09:39:52.369700909 CEST	63275	23	192.168.2.23	223.80.140.70
Oct 24, 2021 09:39:52.369709969 CEST	63275	23	192.168.2.23	37.157.36.41
Oct 24, 2021 09:39:52.369712114 CEST	63275	23	192.168.2.23	9.248.184.17
Oct 24, 2021 09:39:52.369731903 CEST	63275	23	192.168.2.23	202.11.117.31
Oct 24, 2021 09:39:52.369740963 CEST	63275	23	192.168.2.23	176.219.193.183
Oct 24, 2021 09:39:52.369749069 CEST	63275	2323	192.168.2.23	92.75.184.46
Oct 24, 2021 09:39:52.369751930 CEST	63275	23	192.168.2.23	78.52.241.43
Oct 24, 2021 09:39:52.369755983 CEST	63275	23	192.168.2.23	38.54.232.157
Oct 24, 2021 09:39:52.369771957 CEST	63275	23	192.168.2.23	130.44.44.135
Oct 24, 2021 09:39:52.369780064 CEST	63275	2323	192.168.2.23	223.66.120.169
Oct 24, 2021 09:39:52.369786978 CEST	63275	23	192.168.2.23	45.209.82.201
Oct 24, 2021 09:39:52.369793892 CEST	63275	23	192.168.2.23	79.27.213.143
Oct 24, 2021 09:39:52.369801998 CEST	63275	2323	192.168.2.23	47.146.134.61
Oct 24, 2021 09:39:52.369803905 CEST	63275	23	192.168.2.23	100.63.68.29
Oct 24, 2021 09:39:52.369807959 CEST	63275	23	192.168.2.23	19.59.203.40
Oct 24, 2021 09:39:52.369816065 CEST	63275	23	192.168.2.23	157.178.135.72
Oct 24, 2021 09:39:52.369827986 CEST	63275	23	192.168.2.23	174.143.94.249
Oct 24, 2021 09:39:52.369831085 CEST	63275	23	192.168.2.23	54.177.179.222
Oct 24, 2021 09:39:52.369836092 CEST	63275	23	192.168.2.23	117.231.27.144
Oct 24, 2021 09:39:52.369836092 CEST	63275	23	192.168.2.23	128.199.40.213
Oct 24, 2021 09:39:52.369841099 CEST	63275	23	192.168.2.23	61.15.0.158
Oct 24, 2021 09:39:52.369844913 CEST	63275	23	192.168.2.23	179.24.253.218
Oct 24, 2021 09:39:52.369844913 CEST	63275	23	192.168.2.23	175.56.63.70
Oct 24, 2021 09:39:52.369849920 CEST	63275	23	192.168.2.23	70.176.87.188
Oct 24, 2021 09:39:52.369851112 CEST	63275	23	192.168.2.23	153.172.17.249
Oct 24, 2021 09:39:52.369853973 CEST	63275	2323	192.168.2.23	130.18.224.225
Oct 24, 2021 09:39:52.369858027 CEST	63275	23	192.168.2.23	152.40.170.13
Oct 24, 2021 09:39:52.369858980 CEST	63275	23	192.168.2.23	219.188.232.19
Oct 24, 2021 09:39:52.369863987 CEST	63275	23	192.168.2.23	89.95.221.28
Oct 24, 2021 09:39:52.369865894 CEST	63275	23	192.168.2.23	69.60.251.10
Oct 24, 2021 09:39:52.369868994 CEST	63275	23	192.168.2.23	24.75.166.97
Oct 24, 2021 09:39:52.369870901 CEST	63275	23	192.168.2.23	34.92.234.198
Oct 24, 2021 09:39:52.369872093 CEST	63275	23	192.168.2.23	14.99.235.239
Oct 24, 2021 09:39:52.369874001 CEST	63275	23	192.168.2.23	151.78.153.196
Oct 24, 2021 09:39:52.369875908 CEST	63275	23	192.168.2.23	143.120.236.26
Oct 24, 2021 09:39:52.369878054 CEST	63275	23	192.168.2.23	105.48.29.167
Oct 24, 2021 09:39:52.369882107 CEST	63275	23	192.168.2.23	198.231.203.101
Oct 24, 2021 09:39:52.369884014 CEST	63275	23	192.168.2.23	131.214.138.64
Oct 24, 2021 09:39:52.369884968 CEST	63275	23	192.168.2.23	162.157.22.208
Oct 24, 2021 09:39:52.369889975 CEST	63275	2323	192.168.2.23	121.147.145.195
Oct 24, 2021 09:39:52.369894028 CEST	63275	23	192.168.2.23	12.155.214.131
Oct 24, 2021 09:39:52.369904041 CEST	63275	23	192.168.2.23	103.220.229.98
Oct 24, 2021 09:39:52.369911909 CEST	63275	23	192.168.2.23	24.212.39.55
Oct 24, 2021 09:39:52.369915009 CEST	63275	23	192.168.2.23	98.67.28.122
Oct 24, 2021 09:39:52.369925022 CEST	63275	2323	192.168.2.23	183.140.51.66
Oct 24, 2021 09:39:52.369925976 CEST	63275	23	192.168.2.23	178.176.167.84
Oct 24, 2021 09:39:52.369931936 CEST	63275	23	192.168.2.23	67.72.66.132
Oct 24, 2021 09:39:52.369944096 CEST	63275	23	192.168.2.23	118.225.216.130
Oct 24, 2021 09:39:52.369951963 CEST	63275	23	192.168.2.23	131.211.51.78
Oct 24, 2021 09:39:52.369959116 CEST	63275	23	192.168.2.23	46.128.32.148
Oct 24, 2021 09:39:52.369966984 CEST	63275	23	192.168.2.23	195.7.136.164
Oct 24, 2021 09:39:52.369975090 CEST	63275	23	192.168.2.23	149.136.42.35
Oct 24, 2021 09:39:52.370068073 CEST	63275	23	192.168.2.23	72.133.72.209
Oct 24, 2021 09:39:52.370080948 CEST	63275	23	192.168.2.23	24.186.255.117
Oct 24, 2021 09:39:52.370088100 CEST	63275	23	192.168.2.23	164.141.146.141
Oct 24, 2021 09:39:52.370094061 CEST	63275	23	192.168.2.23	133.94.125.154
Oct 24, 2021 09:39:52.370099068 CEST	63275	23	192.168.2.23	113.52.221.160
Oct 24, 2021 09:39:52.370115995 CEST	63275	23	192.168.2.23	172.210.199.33
Oct 24, 2021 09:39:52.370119095 CEST	63275	23	192.168.2.23	38.59.108.72
Oct 24, 2021 09:39:52.370120049 CEST	63275	23	192.168.2.23	162.134.115.38
Oct 24, 2021 09:39:52.370124102 CEST	63275	23	192.168.2.23	131.68.229.191
Oct 24, 2021 09:39:52.370127916 CEST	63275	23	192.168.2.23	149.214.207.243
Oct 24, 2021 09:39:52.370130062 CEST	63275	23	192.168.2.23	78.127.89.132
Oct 24, 2021 09:39:52.370132923 CEST	63275	23	192.168.2.23	105.204.57.74
Oct 24, 2021 09:39:52.370135069 CEST	63275	23	192.168.2.23	156.161.217.14
Oct 24, 2021 09:39:52.370136023 CEST	63275	23	192.168.2.23	129.125.13.42
Oct 24, 2021 09:39:52.370140076 CEST	63275	23	192.168.2.23	112.27.66.224
Oct 24, 2021 09:39:52.370143890 CEST	63275	23	192.168.2.23	86.14.108.233
Oct 24, 2021 09:39:52.370145082 CEST	63275	23	192.168.2.23	80.26.117.121
Oct 24, 2021 09:39:52.370146990 CEST	63275	23	192.168.2.23	120.226.58.251
Oct 24, 2021 09:39:52.370151043 CEST	63275	23	192.168.2.23	113.26.170.213
Oct 24, 2021 09:39:52.370152950 CEST	63275	23	192.168.2.23	80.238.51.42

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 24, 2021 09:39:52.366121054 CEST	192.168.2.23	1.1.1.1	0xfbf4	Standard query (0)	bots1.firewalla1337.cc	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 24, 2021 09:39:52.391582012 CEST	1.1.1.1	192.168.2.23	0xfbf4	No error (0)	bots1.firewalla1337.cc		107.189.1.185	A (IP address)	IN (0x0001)

System Behavior

Analysis Process: KPz4ERtS9a PID: 5216 Parent PID: 5110

General

Start time:	09:39:51
Start date:	24/10/2021
Path:	/tmp/KPz4ERtS9a
Arguments:	/tmp/KPz4ERtS9a
File size:	74512 bytes
MD5 hash:	066901d9ef64208c0daf3e6f428f7185

Analysis Process: KPz4ERtS9a PID: 5217 Parent PID: 5216

General

Start time:	09:39:51
Start date:	24/10/2021
Path:	/tmp/KPz4ERtS9a
Arguments:	n/a
File size:	74512 bytes
MD5 hash:	066901d9ef64208c0daf3e6f428f7185

Analysis Process: KPz4ERtS9a PID: 5218 Parent PID: 5216

General

Start time:	09:39:51
Start date:	24/10/2021
Path:	/tmp/KPz4ERtS9a
Arguments:	n/a
File size:	74512 bytes
MD5 hash:	066901d9ef64208c0daf3e6f428f7185

Analysis Process: dash PID: 5240 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cat PID: 5240 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.txS7eGBKCG
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Analysis Process: dash PID: 5241 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: head PID: 5241 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Analysis Process: dash PID: 5242 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: tr PID: 5242 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Analysis Process: dash PID: 5243 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cut PID: 5243 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Analysis Process: dash PID: 5244 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cat PID: 5244 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.txS7eGBKCG
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Analysis Process: dash PID: 5245 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: head PID: 5245 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Analysis Process: dash PID: 5246 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: tr PID: 5246 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Analysis Process: dash PID: 5247 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cut PID: 5247 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Analysis Process: dash PID: 5248 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: rm PID: 5248 Parent PID: 4331

General

Start time:	09:40:01
Start date:	24/10/2021
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.txS7eGBKCG /tmp/tmp.JsHkh9sVIe /tmp/tmp.UY8RlWyiIl
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report KPz4ERtS9a

Overview

General Information

Detection

Signatures

Classification

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: KPz4ERtS9a PID: 5216 Parent PID: 5110

General

Analysis Process: KPz4ERtS9a PID: 5217 Parent PID: 5216

General

Analysis Process: KPz4ERtS9a PID: 5218 Parent PID: 5216

General

Analysis Process: dash PID: 5240 Parent PID: 4331

General

Analysis Process: cat PID: 5240 Parent PID: 4331

General

Analysis Process: dash PID: 5241 Parent PID: 4331

General

Analysis Process: head PID: 5241 Parent PID: 4331

General

Analysis Process: dash PID: 5242 Parent PID: 4331

General

Analysis Process: tr PID: 5242 Parent PID: 4331