Linux Analysis Report mipsel

Overview

General Information

Sample Name:	mipsel
Analysis ID:	513619
MD5:	04b94c63425607f5f58ebd51578dd8e8
SHA1:	a2165f05ecfce4f95f6afc61574361e6db9b2a43
SHA256:	4fddb7884d4855b8b1864825992139fd2b29d46c198b4366ec33e2beb0a2f1e2
Tags:	Mirai
Infos:

Detection

Mirai

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample deletes itself

Uses known network protocols on non-standard ports

Yara signature match

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: mipsel

Avira: detected

Multi AV Scanner detection for submitted file

Source: mipsel	Metadefender: Detection: 28%			Perma Link
Source: mipsel	ReversingLabs: Detection: 65%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46062
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:55664
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:55664
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46084
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46086
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46088
Source: Traffic	Snort IDS: 716 INFO TELNET access 185.239.57.22:23 -> 192.168.2.23:49690
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.77.127.14:23 -> 192.168.2.23:36702
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43404
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.77.127.14:23 -> 192.168.2.23:36702
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.77.127.14:23 -> 192.168.2.23:36702
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.43.124.73:23 -> 192.168.2.23:41016
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43416
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 185.239.57.22:23 -> 192.168.2.23:49690
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 185.239.57.22:23 -> 192.168.2.23:49690
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43478
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:55808
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:55808
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46230
Source: Traffic	Snort IDS: 2024980 ET EXPLOIT Actiontec C1000A backdoor account M2 192.168.2.23:46230 -> 77.40.22.64:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.172.4.223:23 -> 192.168.2.23:47738
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46238
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46256
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43520
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.77.127.14:23 -> 192.168.2.23:36848
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.43.124.73:23 -> 192.168.2.23:41182
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:41182 -> 177.43.124.73:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.77.127.14:23 -> 192.168.2.23:36848
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.77.127.14:23 -> 192.168.2.23:36848
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.249.138.247:23 -> 192.168.2.23:43830
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 188.150.249.151: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43618
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37166
Source: Traffic	Snort IDS: 716 INFO TELNET access 185.239.57.22:23 -> 192.168.2.23:49968
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37182
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37210
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37260
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43752
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 185.239.57.22:23 -> 192.168.2.23:49968
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 185.239.57.22:23 -> 192.168.2.23:49968
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37288
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:56094
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:56094
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37308
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.172.4.223:23 -> 192.168.2.23:48014
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37318
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37330
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46538
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43824
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.127.17.54:23 -> 192.168.2.23:34412
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46568
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46576
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37344
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.43.124.73:23 -> 192.168.2.23:41480
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.77.127.14:23 -> 192.168.2.23:37180
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37408
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59696
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59702
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59706
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59710
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43902
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.77.127.14:23 -> 192.168.2.23:37180
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.77.127.14:23 -> 192.168.2.23:37180
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59716
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:56296
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:56296
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.172.4.223:23 -> 192.168.2.23:48228
Source: Traffic	Snort IDS: 716 INFO TELNET access 185.239.57.22:23 -> 192.168.2.23:50292
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.127.32.88:23 -> 192.168.2.23:55324
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:44038
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.127.17.54:23 -> 192.168.2.23:34622

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36714
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36716
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36720
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36728
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36734
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36736
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36738
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36742

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:54948 -> 156.96.156.212:55650
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 210.101.74.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 182.18.121.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 126.112.115.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 181.35.27.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 32.159.247.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.139.197.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.183.74.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 163.5.90.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.208.29.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.152.234.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 168.238.43.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.194.45.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 24.178.195.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 61.175.107.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 167.112.11.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 169.61.161.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 186.10.159.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 170.229.3.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 9.86.117.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.92.45.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.46.189.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 83.94.210.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 76.10.33.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 142.223.221.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 136.133.122.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 162.186.103.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 63.183.240.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 9.248.255.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.36.26.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 2.48.177.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.255.253.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 139.129.5.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.162.103.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 31.52.188.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.87.168.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.204.52.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 139.45.161.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.240.218.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 59.54.237.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.87.99.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 13.10.230.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 116.31.108.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.254.181.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 201.209.12.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 109.90.87.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.134.52.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 217.247.205.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.71.58.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.33.130.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 96.152.28.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 150.109.192.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 8.20.120.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.217.10.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 86.128.167.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 103.63.210.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.170.166.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.240.197.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 157.174.68.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 8.9.56.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 154.249.91.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.129.38.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.220.191.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 107.158.1.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.188.141.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 36.163.17.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.3.36.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.158.209.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.27.137.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.189.136.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.67.27.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.139.235.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.89.218.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 199.141.200.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 150.24.22.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.254.104.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 223.155.87.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 149.111.18.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 5.86.43.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 203.80.106.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 194.96.13.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 198.160.155.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.173.161.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.115.218.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 195.9.166.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.74.108.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 78.81.246.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 167.19.186.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 17.253.114.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 18.89.182.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.101.29.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 65.185.137.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 97.177.23.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 157.52.94.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.108.231.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 64.234.88.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.204.90.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.92.203.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.11.86.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 152.40.55.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 159.51.179.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.159.236.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 169.49.128.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 168.219.103.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.69.111.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.103.229.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.193.5.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 49.102.30.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 221.52.102.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.252.116.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 1.52.73.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.88.147.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 173.14.71.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.81.138.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.74.244.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.212.127.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.129.252.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 155.57.181.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.190.152.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.138.252.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 87.39.28.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.138.81.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.67.105.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 217.85.51.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 66.230.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 159.177.193.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.80.100.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 52.185.23.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 119.168.197.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 101.45.93.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 95.31.131.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 171.152.113.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 25.152.218.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.74.34.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.69.100.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 27.166.15.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.254.158.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 136.68.89.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.118.196.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 181.137.242.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 54.168.108.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 183.125.143.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 115.168.175.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.33.64.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.68.159.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 87.113.190.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.140.61.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 19.177.80.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.167.162.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.122.140.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 46.142.166.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.32.181.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 18.72.61.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.115.87.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 186.78.109.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.253.62.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 170.220.51.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.50.222.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.213.95.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.122.153.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 121.28.141.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 173.204.207.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.57.221.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.63.3.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.19.221.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.98.225.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.113.92.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.22.101.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.41.45.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.203.56.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 69.158.210.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.186.197.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.225.88.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.213.155.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.108.192.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.140.90.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.70.254.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.64.123.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 157.116.189.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 64.211.190.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 107.96.160.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.243.211.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 24.235.228.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 122.243.251.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.49.228.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 47.84.50.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.37.117.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 124.113.51.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 57.16.217.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 93.56.69.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.99.72.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 74.215.191.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.5.43.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 106.6.2.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 156.128.10.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 209.168.60.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 69.147.162.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.9.179.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.255.198.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.182.196.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.239.248.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 101.191.108.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 119.77.10.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 37.13.140.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.109.87.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.203.84.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 31.108.248.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 158.71.198.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.23.140.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.208.21.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.173.174.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.64.69.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 210.58.235.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.156.245.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 216.216.67.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 32.161.30.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 37.234.240.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.53.103.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 100.135.244.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.191.146.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 73.126.240.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.179.247.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.25.98.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 105.209.212.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.80.37.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 53.143.42.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.165.213.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 115.28.58.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 158.113.217.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 166.239.33.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.231.126.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.15.125.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 4.68.168.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 149.161.142.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.70.125.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.59.93.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.138.216.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 113.218.161.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.58.80.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.203.106.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 142.178.244.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 223.53.201.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.15.159.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.216.112.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 206.130.60.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 146.30.236.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.53.181.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.101.148.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 66.116.11.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.60.18.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 147.100.21.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.189.72.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.99.60.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 216.13.205.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.166.124.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 86.180.29.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 35.140.205.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.107.24.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 166.218.147.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.145.185.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 65.197.167.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 37.37.101.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.231.89.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 93.112.41.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.187.16.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 40.228.146.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.181.190.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 45.67.27.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.186.144.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 130.136.120.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.219.188.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.240.145.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 203.242.21.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 209.222.100.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 74.108.75.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 101.20.18.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.42.229.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.63.104.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 202.93.1.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.7.212.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 113.116.54.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.10.220.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.135.245.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 9.163.52.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 131.13.237.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.92.186.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 212.132.47.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.236.45.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.210.57.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.92.0.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 131.181.97.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 35.114.147.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 146.172.105.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 151.114.80.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 128.61.103.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 148.121.104.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.167.18.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 178.189.38.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 136.157.150.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 78.169.72.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 155.1.43.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.119.44.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.53.161.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.35.255.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.15.137.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 107.246.184.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 113.60.43.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 154.233.35.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.250.35.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 149.46.172.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 24.206.91.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 137.115.143.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.53.232.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 102.81.242.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 59.138.224.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.0.87.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 165.188.149.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.135.214.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.39.160.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 5.162.96.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 54.189.124.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 80.135.192.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 166.26.148.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.105.38.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 183.12.96.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.136.171.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.233.255.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 73.45.76.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 63.55.183.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.147.195.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.177.247.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 115.17.229.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.85.29.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.15.122.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 156.48.90.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.66.113.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.217.22.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 121.120.105.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 82.246.230.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 2.87.79.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.213.3.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 53.146.80.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 63.192.62.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.219.22.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 197.171.198.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 72.93.110.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 138.1.157.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 208.119.15.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.218.0.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 119.50.164.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 212.114.11.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.85.134.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 88.30.248.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 150.85.200.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 25.207.62.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.19.92.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 130.182.148.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 142.13.62.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 83.0.147.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 75.206.42.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 207.177.108.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 95.131.46.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 47.166.181.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 91.250.147.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 221.108.207.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.244.176.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 154.198.252.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 23.6.154.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.171.31.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 71.154.14.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 49.13.241.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.56.25.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.107.211.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 73.132.10.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 209.202.138.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 19.240.213.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.145.2.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.124.24.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.60.84.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 159.211.120.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.253.209.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.153.59.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 19.19.210.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 169.37.75.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 106.243.103.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 203.138.8.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.249.70.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 195.66.144.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.91.150.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.187.62.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.80.238.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 35.10.43.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 23.138.48.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.128.214.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 137.240.45.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.222.56.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.61.20.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.108.94.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.236.5.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.201.4.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 124.201.224.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 207.72.62.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.135.123.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 206.231.205.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.100.234.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 167.116.61.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 182.86.182.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.136.99.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 78.76.121.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 82.24.124.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 190.124.100.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 2.238.35.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 202.248.150.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 96.202.122.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.140.229.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 133.164.78.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.35.45.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 217.187.152.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.107.27.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.111.219.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.227.227.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.45.110.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.119.38.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.224.150.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 102.106.95.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.26.89.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.132.69.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 79.124.131.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 143.111.27.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 95.40.72.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.146.137.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 88.242.125.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.65.63.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 31.92.152.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 186.84.149.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.224.243.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 178.119.30.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.120.173.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 23.180.99.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.168.215.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 79.232.68.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.193.35.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 212.97.135.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 66.119.36.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.95.230.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.76.37.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 109.246.201.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.187.246.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.123.108.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 106.103.80.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.97.57.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 163.45.249.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 132.137.73.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 116.87.250.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.55.20.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 173.205.255.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.56.0.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 128.141.7.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.42.5.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 140.174.96.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 52.125.29.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.73.186.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.28.182.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 194.177.153.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.240.213.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.217.184.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 64.210.31.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.158.186.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 220.221.72.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.119.88.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.160.23.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 138.152.194.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.14.75.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 132.217.105.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 140.240.160.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 47.147.51.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.136.94.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 62.145.233.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 75.231.243.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.209.150.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.104.227.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.77.91.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 53.42.222.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 221.177.43.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.221.93.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 202.135.227.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 194.237.219.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.223.181.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 82.148.88.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 96.51.177.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.164.142.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 49.165.74.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 206.228.91.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.152.78.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.87.53.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.83.70.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 104.179.37.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 102.222.151.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.51.145.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 18.79.71.33:2323

Sample listens on a socket

Source: /tmp/mipsel (PID: 5233)

Socket: 127.0.0.1::1124

Jump to behavior

Source: unknown

DNS traffic detected: queries for: arcticboatz.cz

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 86.39.206.104
Source: unknown	TCP traffic detected without corresponding DNS query: 159.123.66.105
Source: unknown	TCP traffic detected without corresponding DNS query: 95.94.197.228
Source: unknown	TCP traffic detected without corresponding DNS query: 88.94.8.146
Source: unknown	TCP traffic detected without corresponding DNS query: 169.52.122.144
Source: unknown	TCP traffic detected without corresponding DNS query: 109.189.178.23
Source: unknown	TCP traffic detected without corresponding DNS query: 182.18.121.150
Source: unknown	TCP traffic detected without corresponding DNS query: 190.196.95.226
Source: unknown	TCP traffic detected without corresponding DNS query: 173.19.73.5
Source: unknown	TCP traffic detected without corresponding DNS query: 68.17.52.150
Source: unknown	TCP traffic detected without corresponding DNS query: 174.252.132.179
Source: unknown	TCP traffic detected without corresponding DNS query: 104.131.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.126.80.103
Source: unknown	TCP traffic detected without corresponding DNS query: 109.253.252.137
Source: unknown	TCP traffic detected without corresponding DNS query: 64.14.175.12
Source: unknown	TCP traffic detected without corresponding DNS query: 17.65.47.188
Source: unknown	TCP traffic detected without corresponding DNS query: 155.136.129.234
Source: unknown	TCP traffic detected without corresponding DNS query: 186.252.1.210
Source: unknown	TCP traffic detected without corresponding DNS query: 204.28.106.19
Source: unknown	TCP traffic detected without corresponding DNS query: 158.143.25.34
Source: unknown	TCP traffic detected without corresponding DNS query: 24.40.42.84
Source: unknown	TCP traffic detected without corresponding DNS query: 126.112.115.52
Source: unknown	TCP traffic detected without corresponding DNS query: 156.163.106.228
Source: unknown	TCP traffic detected without corresponding DNS query: 24.104.21.201
Source: unknown	TCP traffic detected without corresponding DNS query: 112.167.52.9
Source: unknown	TCP traffic detected without corresponding DNS query: 177.136.245.176
Source: unknown	TCP traffic detected without corresponding DNS query: 181.35.27.125
Source: unknown	TCP traffic detected without corresponding DNS query: 66.158.252.83
Source: unknown	TCP traffic detected without corresponding DNS query: 46.124.196.135
Source: unknown	TCP traffic detected without corresponding DNS query: 60.117.107.80
Source: unknown	TCP traffic detected without corresponding DNS query: 52.158.121.230
Source: unknown	TCP traffic detected without corresponding DNS query: 76.120.137.198
Source: unknown	TCP traffic detected without corresponding DNS query: 161.96.182.157
Source: unknown	TCP traffic detected without corresponding DNS query: 41.85.33.128
Source: unknown	TCP traffic detected without corresponding DNS query: 115.147.120.61
Source: unknown	TCP traffic detected without corresponding DNS query: 44.243.19.229
Source: unknown	TCP traffic detected without corresponding DNS query: 32.159.247.166
Source: unknown	TCP traffic detected without corresponding DNS query: 211.149.218.170
Source: unknown	TCP traffic detected without corresponding DNS query: 106.86.30.44
Source: unknown	TCP traffic detected without corresponding DNS query: 146.13.181.184
Source: unknown	TCP traffic detected without corresponding DNS query: 51.109.159.140
Source: unknown	TCP traffic detected without corresponding DNS query: 189.207.59.251
Source: unknown	TCP traffic detected without corresponding DNS query: 128.83.231.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.250.220.121
Source: unknown	TCP traffic detected without corresponding DNS query: 160.91.82.176
Source: unknown	TCP traffic detected without corresponding DNS query: 89.251.167.59
Source: unknown	TCP traffic detected without corresponding DNS query: 62.174.200.35
Source: unknown	TCP traffic detected without corresponding DNS query: 43.206.72.34
Source: unknown	TCP traffic detected without corresponding DNS query: 96.170.114.187
Source: unknown	TCP traffic detected without corresponding DNS query: 197.106.45.223

System Summary:

Malicious sample detected (through community Yara rule)

Source: mipsel, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: mipsel, type: SAMPLE	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Yara signature match

Source: mipsel, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: mipsel, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal100.troj.evad.lin@0/0@1/0

Source: mipsel

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5030/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/761/cmdline	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2294/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2050/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1877/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1633/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1599/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1632/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1477/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1476/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2048/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2289/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1639/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1638/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2208/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2180/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1809/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1494/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1890/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2063/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2062/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1888/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1886/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1489/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1642/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1648/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2191/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2078/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2077/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2074/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2195/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/4490/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1656/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1654/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2226/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1532/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2069/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2102/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2223/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2080/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5110/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5235/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5235/cmdline	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2242/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2084/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2083/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5193/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5194/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/mipsel (PID: 5233)

File: /tmp/mipsel

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36714
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36716
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36720
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36728
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36734
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36736
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36738
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36742

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/mipsel (PID: 5233)

Queries kernel information via 'uname':

Jump to behavior

Source: mipsel, 5233.1.00000000e91062d0.0000000089bb831f.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: mipsel, 5233.1.00000000890da8ff.000000004edb4864.rw-.sdmp	Binary or memory string: Mx86_64/usr/bin/qemu-mipsel/tmp/mipselSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mipsel
Source: mipsel, 5233.1.00000000e91062d0.0000000089bb831f.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mipsel, 5233.1.00000000890da8ff.000000004edb4864.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: mipsel, type: SAMPLE
Source: Yara match	File source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: mipsel, type: SAMPLE
Source: Yara match	File source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
126.150.44.151	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
90.81.217.79	unknown	France	3215	FranceTelecom-OrangeFR	false
32.220.190.62	unknown	United States	46690	SNET-FCCUS	false
180.142.37.227	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
206.157.228.118	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
157.102.254.167	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
78.95.246.243	unknown	Saudi Arabia	39891	ALJAWWALSTC-ASSA	false
99.31.241.203	unknown	United States	7018	ATT-INTERNET4US	false
205.34.171.117	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
185.146.23.53	unknown	United States	55293	A2HOSTINGUS	false
25.138.111.88	unknown	United Kingdom	7922	COMCAST-7922US	false
92.55.152.37	unknown	Romania	39737	PRIME-TELECOM-ASRO	false
203.1.229.214	unknown	Australia	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
17.32.131.11	unknown	United States	714	APPLE-ENGINEERINGUS	false
52.13.176.234	unknown	United States	16509	AMAZON-02US	false
186.205.151.110	unknown	Brazil	28573	CLAROSABR	false
5.75.234.246	unknown	Germany	24940	HETZNER-ASDE	false
102.118.234.57	unknown	Mauritius	23889	MauritiusTelecomMU	false
111.134.166.239	unknown	China	24138	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
40.65.53.51	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
90.240.252.117	unknown	United Kingdom	5378	VodafoneGB	false
108.139.242.206	unknown	United States	16509	AMAZON-02US	false
32.190.163.250	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
44.36.244.222	unknown	United States	63479	HAMWANUS	false
142.91.37.47	unknown	United States	7203	LEASEWEB-USA-SFO-12US	false
161.96.213.124	unknown	Japan	7582	UMAC-AS-APUniversityofMacauMO	false
57.240.42.211	unknown	Belgium	2686	ATGS-MMD-ASUS	false
108.54.36.41	unknown	United States	701	UUNETUS	false
44.39.237.252	unknown	United States	7377	UCSDUS	false
72.155.240.173	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
213.51.218.89	unknown	Netherlands	33915	TNF-ASNL	false
126.74.201.174	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
134.90.40.201	unknown	Georgia	20771	CAUCASUS-CABLE-SYSTEMCCSAutonomousSystemGE	false
8.20.120.86	unknown	United States	13832	AS13832US	false
131.217.159.45	unknown	Australia	7573	UTASTheUniversityofTasmaniaAU	false
90.176.158.155	unknown	Czech Republic	5610	O2-CZECH-REPUBLICCZ	false
131.39.50.0	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
50.144.231.57	unknown	United States	7922	COMCAST-7922US	false
195.172.155.96	unknown	United Kingdom	4589	EASYNETEasynetGlobalServicesEU	false
186.253.51.2	unknown	Brazil	26615	TIMSABR	false
98.61.107.109	unknown	United States	7922	COMCAST-7922US	false
134.229.178.148	unknown	United States	27066	DNIC-ASBLK-27032-27159US	false
203.239.13.14	unknown	Korea Republic of	9848	SEJONGTELECOM-AS-KRSejongTelecomKR	false
159.38.64.81	unknown	Sweden	19399	SLLNETEU	false
107.130.250.92	unknown	United States	7018	ATT-INTERNET4US	false
17.57.239.119	unknown	United States	714	APPLE-ENGINEERINGUS	false
111.61.56.107	unknown	China	24547	CMNET-V4HEBEI-AS-APHebeiMobileCommunicationCompanyLimit	false
85.64.123.47	unknown	Israel	1680	NV-ASNCELLCOMltdIL	false
116.188.238.135	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
129.154.242.2	unknown	United States	7160	NETDYNAMICSUS	false
122.57.38.135	unknown	New Zealand	4771	SPARKNZSparkNewZealandTradingLtdNZ	false
190.187.141.157	unknown	Peru	19180	AMERICATELPERUSAPE	false
110.9.24.108	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
154.134.132.111	unknown	Egypt	37069	MOBINILEG	false
89.127.32.88	unknown	Ireland	25441	IBIS-ASImagineGroupLtdIE	true
185.213.254.236	unknown	Israel	205564	INFINIDATIL	false
48.185.111.80	unknown	United States	2686	ATGS-MMD-ASUS	false
105.244.205.35	unknown	South Africa	36994	Vodacom-VBZA	false
103.236.165.144	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
134.184.14.239	unknown	Belgium	2611	BELNETBE	false
155.48.84.66	unknown	United States	16481	BABSON-GNETUS	false
143.16.48.49	unknown	United States	264008	LANCAMANTOANISERVICOSDEINFORMATICALTDA-MEBR	false
183.88.253.138	unknown	Thailand	45758	TRIPLETNET-AS-APTripleTInternetTripleTBroadbandTH	false
61.214.172.207	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
73.69.38.23	unknown	United States	7922	COMCAST-7922US	false
207.90.126.112	unknown	United States	7321	LNET-ASNUS	false
42.76.124.102	unknown	Taiwan; Republic of China (ROC)	17421	EMOME-NETMobileBusinessGroupTW	false
124.144.158.102	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
84.103.32.251	unknown	France	15557	LDCOMNETFR	false
171.43.62.146	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
45.255.61.36	unknown	China	132116	ANINETWORK-INAniNetworkPvtLtdIN	false
147.132.235.1	unknown	Australia	9650	CITEC-AU-APQLDGovernmentBusinessITAU	false
89.19.50.206	unknown	United Kingdom	61317	ASDETUKhttpwwwheficedcomGB	false
12.79.50.235	unknown	United States	7018	ATT-INTERNET4US	false
117.33.176.38	unknown	China	134768	CHINANET-SHAANXI-CLOUD-BASECHINANETSHAANXIprovinceCloud	false
106.178.155.250	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
40.65.77.63	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
198.84.178.65	unknown	Canada	5645	TEKSAVVYCA	false
52.203.21.38	unknown	United States	14618	AMAZON-AESUS	false
129.111.117.191	unknown	United States	26971	UTHSCSA-ASUS	false
89.107.90.194	unknown	Italy	39808	FONTELIT	false
197.16.212.62	unknown	Tunisia	37693	TUNISIANATN	false
95.144.4.23	unknown	United Kingdom	12576	EELtdGB	false
121.177.161.98	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
170.249.52.241	unknown	Canada	46618	DERYTELECOMCA	false
193.77.13.181	unknown	Slovenia	5603	SIOL-NETTelekomSlovenijeddSI	false
206.133.109.184	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
150.40.81.17	unknown	Japan	9991	SHUDO-UHiroshimaShudoUniversityJP	false
96.254.22.112	unknown	United States	5650	FRONTIER-FRTRUS	false
168.153.203.148	unknown	Australia	2764	AAPTAAPTLimitedAU	false
129.164.153.209	unknown	United States	297	AS297US	false
150.185.168.226	unknown	Venezuela	23007	UniversidaddeLosAndesVE	false
32.252.141.152	unknown	United States	2686	ATGS-MMD-ASUS	false
110.243.246.254	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
179.34.244.156	unknown	Brazil	26615	TIMSABR	false
178.9.146.143	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
178.229.218.209	unknown	Netherlands	31615	TMO-NL-ASNL	false
9.120.138.185	unknown	United States	3356	LEVEL3US	false
221.72.28.138	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
199.143.223.121	unknown	United States	4152	USDA-1US	false

Contacted Domains

Name	IP	Active
arcticboatz.cz	156.96.156.212	true

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: mipsel

Avira: detected

Multi AV Scanner detection for submitted file

Source: mipsel	Metadefender: Detection: 28%			Perma Link
Source: mipsel	ReversingLabs: Detection: 65%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46062
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:55664
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:55664
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46084
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46086
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46088
Source: Traffic	Snort IDS: 716 INFO TELNET access 185.239.57.22:23 -> 192.168.2.23:49690
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.77.127.14:23 -> 192.168.2.23:36702
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43404
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.77.127.14:23 -> 192.168.2.23:36702
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.77.127.14:23 -> 192.168.2.23:36702
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.43.124.73:23 -> 192.168.2.23:41016
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43416
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 185.239.57.22:23 -> 192.168.2.23:49690
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 185.239.57.22:23 -> 192.168.2.23:49690
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43478
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:55808
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:55808
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46230
Source: Traffic	Snort IDS: 2024980 ET EXPLOIT Actiontec C1000A backdoor account M2 192.168.2.23:46230 -> 77.40.22.64:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.172.4.223:23 -> 192.168.2.23:47738
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46238
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46256
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43520
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.77.127.14:23 -> 192.168.2.23:36848
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.43.124.73:23 -> 192.168.2.23:41182
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:41182 -> 177.43.124.73:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.77.127.14:23 -> 192.168.2.23:36848
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.77.127.14:23 -> 192.168.2.23:36848
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.249.138.247:23 -> 192.168.2.23:43830
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 188.150.249.151: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43618
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37166
Source: Traffic	Snort IDS: 716 INFO TELNET access 185.239.57.22:23 -> 192.168.2.23:49968
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37182
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37210
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37260
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43752
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 185.239.57.22:23 -> 192.168.2.23:49968
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 185.239.57.22:23 -> 192.168.2.23:49968
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37288
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:56094
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:56094
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37308
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.172.4.223:23 -> 192.168.2.23:48014
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37318
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37330
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46538
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43824
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.127.17.54:23 -> 192.168.2.23:34412
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46568
Source: Traffic	Snort IDS: 716 INFO TELNET access 77.40.22.64:23 -> 192.168.2.23:46576
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37344
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.43.124.73:23 -> 192.168.2.23:41480
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.77.127.14:23 -> 192.168.2.23:37180
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 125.31.39.138:23 -> 192.168.2.23:37408
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59696
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59702
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59706
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59710
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43902
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.77.127.14:23 -> 192.168.2.23:37180
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.77.127.14:23 -> 192.168.2.23:37180
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 62.141.106.224:23 -> 192.168.2.23:59716
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:43960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 200.123.216.56:23 -> 192.168.2.23:56296
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 200.123.216.56:23 -> 192.168.2.23:56296
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.172.4.223:23 -> 192.168.2.23:48228
Source: Traffic	Snort IDS: 716 INFO TELNET access 185.239.57.22:23 -> 192.168.2.23:50292
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.127.32.88:23 -> 192.168.2.23:55324
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.231.219.122:23 -> 192.168.2.23:44038
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.127.17.54:23 -> 192.168.2.23:34622

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36714
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36716
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36720
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36728
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36734
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36736
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36738
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36742

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:54948 -> 156.96.156.212:55650
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 210.101.74.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 182.18.121.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 126.112.115.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 181.35.27.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 32.159.247.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.139.197.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.183.74.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 163.5.90.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.208.29.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.152.234.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 168.238.43.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.194.45.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 24.178.195.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 61.175.107.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 167.112.11.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 169.61.161.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 186.10.159.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 170.229.3.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 9.86.117.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.92.45.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.46.189.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 83.94.210.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 76.10.33.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 142.223.221.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 136.133.122.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 162.186.103.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 63.183.240.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 9.248.255.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.36.26.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 2.48.177.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.255.253.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 139.129.5.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.162.103.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 31.52.188.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.87.168.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.204.52.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 139.45.161.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.240.218.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 59.54.237.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.87.99.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 13.10.230.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 116.31.108.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.254.181.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 201.209.12.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 109.90.87.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.134.52.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 217.247.205.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.71.58.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.33.130.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 96.152.28.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 150.109.192.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 8.20.120.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.217.10.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 86.128.167.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 103.63.210.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.170.166.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.240.197.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 157.174.68.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 8.9.56.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 154.249.91.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.129.38.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.220.191.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 107.158.1.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.188.141.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 36.163.17.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.3.36.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.158.209.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.27.137.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.189.136.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.67.27.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.139.235.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.89.218.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 199.141.200.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 150.24.22.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.254.104.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 223.155.87.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 149.111.18.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 5.86.43.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 203.80.106.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 194.96.13.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 198.160.155.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.173.161.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.115.218.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 195.9.166.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.74.108.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 78.81.246.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 167.19.186.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 17.253.114.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 18.89.182.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.101.29.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 65.185.137.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 97.177.23.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 157.52.94.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.108.231.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 64.234.88.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.204.90.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.92.203.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.11.86.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 152.40.55.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 159.51.179.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.159.236.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 169.49.128.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 168.219.103.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.69.111.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.103.229.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.193.5.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 49.102.30.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 221.52.102.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.252.116.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 1.52.73.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.88.147.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 173.14.71.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.81.138.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.74.244.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.212.127.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.129.252.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 155.57.181.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.190.152.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.138.252.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 87.39.28.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.138.81.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.67.105.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 217.85.51.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 66.230.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 159.177.193.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.80.100.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 52.185.23.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 119.168.197.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 101.45.93.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 95.31.131.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 171.152.113.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 25.152.218.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.74.34.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.69.100.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 27.166.15.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.254.158.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 136.68.89.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.118.196.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 181.137.242.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 54.168.108.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 183.125.143.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 115.168.175.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.33.64.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.68.159.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 87.113.190.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.140.61.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 19.177.80.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.167.162.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.122.140.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 46.142.166.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.32.181.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 18.72.61.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.115.87.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 186.78.109.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.253.62.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 170.220.51.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.50.222.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.213.95.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.122.153.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 121.28.141.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 173.204.207.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.57.221.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.63.3.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.19.221.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.98.225.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 92.113.92.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.22.101.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.41.45.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.203.56.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 69.158.210.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.186.197.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.225.88.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.213.155.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.108.192.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.140.90.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.70.254.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.64.123.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 157.116.189.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 64.211.190.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 107.96.160.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.243.211.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 24.235.228.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 122.243.251.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.49.228.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 47.84.50.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.37.117.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 124.113.51.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 57.16.217.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 93.56.69.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.99.72.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 74.215.191.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.5.43.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 106.6.2.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 156.128.10.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 209.168.60.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 69.147.162.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.9.179.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.255.198.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.182.196.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.239.248.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 101.191.108.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 119.77.10.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 37.13.140.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.109.87.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.203.84.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 31.108.248.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 158.71.198.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.23.140.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.208.21.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.173.174.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.64.69.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 210.58.235.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.156.245.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 216.216.67.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 32.161.30.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 37.234.240.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.53.103.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 100.135.244.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 120.191.146.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 73.126.240.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.179.247.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.25.98.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 105.209.212.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.80.37.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 53.143.42.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.165.213.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 115.28.58.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 158.113.217.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 166.239.33.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.231.126.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.15.125.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 4.68.168.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 149.161.142.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.70.125.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.59.93.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.138.216.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 113.218.161.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.58.80.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.203.106.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 142.178.244.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 223.53.201.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.15.159.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.216.112.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 206.130.60.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 146.30.236.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.53.181.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.101.148.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 66.116.11.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.60.18.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 147.100.21.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.189.72.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.99.60.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 216.13.205.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.166.124.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 86.180.29.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 35.140.205.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.107.24.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 166.218.147.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.145.185.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 65.197.167.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 37.37.101.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.231.89.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 93.112.41.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.187.16.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 40.228.146.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.181.190.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 45.67.27.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.186.144.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 130.136.120.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.219.188.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.240.145.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 203.242.21.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 209.222.100.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 74.108.75.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 101.20.18.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 211.42.229.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.63.104.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 202.93.1.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.7.212.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 113.116.54.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.10.220.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.135.245.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 9.163.52.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 131.13.237.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.92.186.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 212.132.47.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 144.236.45.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.210.57.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.92.0.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 131.181.97.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 35.114.147.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 146.172.105.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 151.114.80.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 128.61.103.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 148.121.104.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.167.18.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 178.189.38.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 136.157.150.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 78.169.72.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 155.1.43.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.119.44.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.53.161.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.35.255.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.15.137.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 107.246.184.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 113.60.43.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 154.233.35.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.250.35.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 149.46.172.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 24.206.91.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 137.115.143.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.53.232.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 102.81.242.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 59.138.224.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.0.87.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 165.188.149.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 38.135.214.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.39.160.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 5.162.96.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 54.189.124.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 80.135.192.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 166.26.148.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.105.38.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 183.12.96.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.136.171.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.233.255.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 73.45.76.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 63.55.183.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.147.195.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 174.177.247.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 115.17.229.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 184.85.29.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.15.122.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 156.48.90.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.66.113.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.217.22.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 121.120.105.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 82.246.230.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 2.87.79.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.213.3.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 53.146.80.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 63.192.62.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.219.22.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 197.171.198.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 72.93.110.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 138.1.157.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 208.119.15.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.218.0.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 119.50.164.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 212.114.11.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 125.85.134.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 88.30.248.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 150.85.200.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 25.207.62.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.19.92.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 130.182.148.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 142.13.62.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 83.0.147.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 75.206.42.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 207.177.108.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 95.131.46.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 47.166.181.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 91.250.147.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 221.108.207.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 218.244.176.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 154.198.252.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 23.6.154.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.171.31.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 71.154.14.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 49.13.241.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.56.25.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.107.211.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 73.132.10.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 209.202.138.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 19.240.213.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.145.2.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.124.24.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 135.60.84.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 159.211.120.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 219.253.209.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.153.59.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 19.19.210.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 169.37.75.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 106.243.103.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 203.138.8.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 110.249.70.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 195.66.144.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.91.150.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.187.62.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 180.80.238.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 35.10.43.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 23.138.48.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 90.128.214.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 137.240.45.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.222.56.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.61.20.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.108.94.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.236.5.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.201.4.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 124.201.224.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 207.72.62.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 160.135.123.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 206.231.205.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 39.100.234.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 167.116.61.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 182.86.182.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.136.99.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 78.76.121.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 82.24.124.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 190.124.100.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 2.238.35.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 202.248.150.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 96.202.122.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 77.140.229.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 133.164.78.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.35.45.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 217.187.152.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 177.107.27.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 89.111.219.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.227.227.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.45.110.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 81.119.38.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.224.150.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 102.106.95.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 50.26.89.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 67.132.69.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 79.124.131.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 143.111.27.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 95.40.72.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 204.146.137.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 88.242.125.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 117.65.63.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 31.92.152.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 186.84.149.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 191.224.243.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 178.119.30.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.120.173.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 23.180.99.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 112.168.215.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 79.232.68.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 188.193.35.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 212.97.135.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 66.119.36.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.95.230.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 108.76.37.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 109.246.201.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 123.187.246.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.123.108.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 106.103.80.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 84.97.57.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 163.45.249.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 132.137.73.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 116.87.250.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 111.55.20.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 173.205.255.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 48.56.0.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 128.141.7.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.42.5.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 140.174.96.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 52.125.29.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 193.73.186.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 200.28.182.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 194.177.153.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 114.240.213.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.217.184.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 64.210.31.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.158.186.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 220.221.72.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.119.88.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 205.160.23.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 138.152.194.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 118.14.75.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 132.217.105.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 140.240.160.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 47.147.51.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 14.136.94.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 62.145.233.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 75.231.243.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 213.209.150.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 161.104.227.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 99.77.91.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 53.42.222.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 221.177.43.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 43.221.93.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 202.135.227.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 194.237.219.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 196.223.181.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 82.148.88.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 96.51.177.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 175.164.142.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 49.165.74.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 206.228.91.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 12.152.78.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 145.87.53.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 164.83.70.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 104.179.37.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 102.222.151.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 34.51.145.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:32554 -> 18.79.71.33:2323

Sample listens on a socket

Source: /tmp/mipsel (PID: 5233)

Socket: 127.0.0.1::1124

Jump to behavior

Source: unknown

DNS traffic detected: queries for: arcticboatz.cz

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 86.39.206.104
Source: unknown	TCP traffic detected without corresponding DNS query: 159.123.66.105
Source: unknown	TCP traffic detected without corresponding DNS query: 95.94.197.228
Source: unknown	TCP traffic detected without corresponding DNS query: 88.94.8.146
Source: unknown	TCP traffic detected without corresponding DNS query: 169.52.122.144
Source: unknown	TCP traffic detected without corresponding DNS query: 109.189.178.23
Source: unknown	TCP traffic detected without corresponding DNS query: 182.18.121.150
Source: unknown	TCP traffic detected without corresponding DNS query: 190.196.95.226
Source: unknown	TCP traffic detected without corresponding DNS query: 173.19.73.5
Source: unknown	TCP traffic detected without corresponding DNS query: 68.17.52.150
Source: unknown	TCP traffic detected without corresponding DNS query: 174.252.132.179
Source: unknown	TCP traffic detected without corresponding DNS query: 104.131.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.126.80.103
Source: unknown	TCP traffic detected without corresponding DNS query: 109.253.252.137
Source: unknown	TCP traffic detected without corresponding DNS query: 64.14.175.12
Source: unknown	TCP traffic detected without corresponding DNS query: 17.65.47.188
Source: unknown	TCP traffic detected without corresponding DNS query: 155.136.129.234
Source: unknown	TCP traffic detected without corresponding DNS query: 186.252.1.210
Source: unknown	TCP traffic detected without corresponding DNS query: 204.28.106.19
Source: unknown	TCP traffic detected without corresponding DNS query: 158.143.25.34
Source: unknown	TCP traffic detected without corresponding DNS query: 24.40.42.84
Source: unknown	TCP traffic detected without corresponding DNS query: 126.112.115.52
Source: unknown	TCP traffic detected without corresponding DNS query: 156.163.106.228
Source: unknown	TCP traffic detected without corresponding DNS query: 24.104.21.201
Source: unknown	TCP traffic detected without corresponding DNS query: 112.167.52.9
Source: unknown	TCP traffic detected without corresponding DNS query: 177.136.245.176
Source: unknown	TCP traffic detected without corresponding DNS query: 181.35.27.125
Source: unknown	TCP traffic detected without corresponding DNS query: 66.158.252.83
Source: unknown	TCP traffic detected without corresponding DNS query: 46.124.196.135
Source: unknown	TCP traffic detected without corresponding DNS query: 60.117.107.80
Source: unknown	TCP traffic detected without corresponding DNS query: 52.158.121.230
Source: unknown	TCP traffic detected without corresponding DNS query: 76.120.137.198
Source: unknown	TCP traffic detected without corresponding DNS query: 161.96.182.157
Source: unknown	TCP traffic detected without corresponding DNS query: 41.85.33.128
Source: unknown	TCP traffic detected without corresponding DNS query: 115.147.120.61
Source: unknown	TCP traffic detected without corresponding DNS query: 44.243.19.229
Source: unknown	TCP traffic detected without corresponding DNS query: 32.159.247.166
Source: unknown	TCP traffic detected without corresponding DNS query: 211.149.218.170
Source: unknown	TCP traffic detected without corresponding DNS query: 106.86.30.44
Source: unknown	TCP traffic detected without corresponding DNS query: 146.13.181.184
Source: unknown	TCP traffic detected without corresponding DNS query: 51.109.159.140
Source: unknown	TCP traffic detected without corresponding DNS query: 189.207.59.251
Source: unknown	TCP traffic detected without corresponding DNS query: 128.83.231.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.250.220.121
Source: unknown	TCP traffic detected without corresponding DNS query: 160.91.82.176
Source: unknown	TCP traffic detected without corresponding DNS query: 89.251.167.59
Source: unknown	TCP traffic detected without corresponding DNS query: 62.174.200.35
Source: unknown	TCP traffic detected without corresponding DNS query: 43.206.72.34
Source: unknown	TCP traffic detected without corresponding DNS query: 96.170.114.187
Source: unknown	TCP traffic detected without corresponding DNS query: 197.106.45.223

System Summary:

Malicious sample detected (through community Yara rule)

Source: mipsel, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: mipsel, type: SAMPLE	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Yara signature match

Source: mipsel, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: mipsel, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal100.troj.evad.lin@0/0@1/0

Source: mipsel

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5030/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/761/cmdline	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2294/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2050/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1877/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1633/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1599/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1632/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1477/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1476/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2048/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2289/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1639/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1638/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2208/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2180/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1809/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1494/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1890/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2063/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2062/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1888/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1886/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1489/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1642/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1648/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2191/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2078/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2077/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2074/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2195/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/4490/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1656/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1654/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2226/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/1532/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2069/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2102/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2223/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2080/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5110/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5235/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5235/cmdline	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2242/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2084/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/2083/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5193/fd	Jump to behavior
Source: /tmp/mipsel (PID: 5238)	File opened: /proc/5194/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/mipsel (PID: 5233)

File: /tmp/mipsel

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36714
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36716
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36720
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36728
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36734
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36736
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36738
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36742

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/mipsel (PID: 5233)

Queries kernel information via 'uname':

Jump to behavior

Source: mipsel, 5233.1.00000000e91062d0.0000000089bb831f.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: mipsel, 5233.1.00000000890da8ff.000000004edb4864.rw-.sdmp	Binary or memory string: Mx86_64/usr/bin/qemu-mipsel/tmp/mipselSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mipsel
Source: mipsel, 5233.1.00000000e91062d0.0000000089bb831f.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mipsel, 5233.1.00000000890da8ff.000000004edb4864.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: mipsel, type: SAMPLE
Source: Yara match	File source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: mipsel, type: SAMPLE
Source: Yara match	File source: 5233.1.00000000e211a54b.00000000ea571adb.r-x.sdmp, type: MEMORY

ID:	513619
Product:	CloudBasic
Start time:	11:45:13
Start date:	02.11.2021
Sample:	mipsel
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	04b94c63425607f5f58ebd51578dd8e8
SHA1:	a2165f05ecfce4f95f6afc61574361e6db9b2a43
SHA256:	4fddb7884d4855b8b1864825992139fd2b29d46c198b4366ec33e2beb0a2f1e2
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report mipsel

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs

Contacted Domains