Linux Analysis Report QX4Kudvf1x

Overview

General Information

Sample Name:	QX4Kudvf1x
Analysis ID:	514643
MD5:	5fe33cf30e900cb2903960d16f1f3ace
SHA1:	92f9cdbf6ca4efdb09a48714907913a74b70bf9e
SHA256:	5be14a462004f551c39bae8155098090695e6dc2ad48219a7792bf4d28a364f9
Tags:	32elfmiraimotorola
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: QX4Kudvf1x	Virustotal: Detection: 49%			Perma Link
Source: QX4Kudvf1x	ReversingLabs: Detection: 48%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45424
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45424
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45466
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45466
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45516
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45516
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45576
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45576
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45662
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45662
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:40098

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:36892 -> 137.184.153.228:9931
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 126.129.54.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.7.152.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.61.106.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.167.40.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.248.147.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.181.200.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 207.177.191.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 133.92.228.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.238.144.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 118.198.166.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.102.148.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.37.111.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 20.141.6.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.6.236.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 221.255.236.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 36.246.54.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.130.31.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 34.48.255.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 148.65.79.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 179.228.111.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.118.214.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 78.118.11.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 36.97.22.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.22.141.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.185.63.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.230.50.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 61.173.82.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 76.19.124.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.174.218.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.123.28.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 2.137.98.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.22.72.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.152.38.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 120.39.236.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 100.250.171.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.129.251.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 98.163.130.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.169.110.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 37.220.82.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 169.132.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.239.132.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.156.55.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.146.215.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 144.67.148.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.106.65.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.239.90.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.68.55.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.96.34.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.101.81.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.51.2.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.138.71.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.198.197.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.215.75.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.189.196.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.120.208.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 85.44.210.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.11.179.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 134.133.254.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.36.134.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 161.226.201.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.205.211.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 119.137.180.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.42.24.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.18.25.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 92.154.6.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.41.136.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.183.70.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 13.22.77.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.194.141.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 49.148.227.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.189.185.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.4.108.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.178.245.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.213.15.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.239.149.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.177.143.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.189.126.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.247.104.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.3.38.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.177.126.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 186.203.158.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.152.90.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 72.30.112.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.31.5.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 1.28.124.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.228.155.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.160.22.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.149.171.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 19.253.99.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.90.36.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 119.226.5.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 146.123.166.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.115.185.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 51.37.120.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.25.27.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.21.84.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.162.243.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 111.57.137.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.251.59.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.4.130.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.148.172.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 193.70.147.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.152.50.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 109.179.10.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.134.90.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.81.220.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.32.158.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.143.103.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 218.104.163.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 125.87.76.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.202.169.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.221.34.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.21.196.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 117.103.162.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 203.55.225.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.188.244.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.7.126.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 150.239.61.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 95.200.7.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.173.47.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 135.65.79.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 179.227.76.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.187.222.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.227.43.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 83.22.231.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 199.128.219.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 132.6.95.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.119.74.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.20.54.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 199.227.143.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.76.53.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.43.243.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.218.123.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.124.207.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.114.88.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.254.85.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.234.74.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.144.68.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.49.184.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.42.91.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.7.49.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.82.254.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 19.55.6.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.171.15.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.62.10.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 133.231.168.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.242.214.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 67.155.95.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.160.165.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.30.138.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.41.152.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.179.249.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.206.72.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.249.226.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.102.113.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.0.177.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.25.235.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 42.186.189.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.192.166.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.211.55.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.94.197.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 203.197.36.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.58.64.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.200.197.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 50.153.105.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.81.244.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.77.72.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.205.30.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.126.16.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 102.3.160.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.202.44.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.29.2.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 120.2.100.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.23.78.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.220.215.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.119.95.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.170.27.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.202.194.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.44.78.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.24.188.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.124.186.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 50.190.242.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.254.235.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 210.48.212.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.82.132.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.0.138.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.9.206.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.150.30.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 183.53.145.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.116.31.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 100.234.113.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.38.208.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.250.156.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.132.197.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.244.30.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.251.233.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.112.140.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.218.152.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.246.164.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.242.71.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.230.113.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.11.144.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 4.132.170.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.18.179.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.215.63.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 193.211.69.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.253.77.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.63.17.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 17.46.235.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 208.54.128.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.238.242.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.242.212.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.14.117.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.183.33.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.163.43.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 117.216.146.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 150.6.153.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.79.146.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.183.216.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 108.209.94.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.80.134.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.188.90.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.129.126.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 65.38.213.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.30.138.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 146.19.236.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.143.110.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.223.75.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 9.6.217.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.196.211.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.243.193.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 201.219.131.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.49.133.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.210.111.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 143.130.81.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.58.65.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.67.240.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 111.112.92.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 58.57.177.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.255.26.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.198.234.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.120.217.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.243.122.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.75.240.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.231.167.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.114.35.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.77.23.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.194.57.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.19.137.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 149.78.204.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.19.84.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.11.131.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.121.227.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 108.24.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.61.132.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.84.52.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.39.66.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.109.229.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 72.229.0.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 68.237.138.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 38.214.98.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.251.249.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.140.183.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.88.228.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.188.80.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.189.120.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.215.96.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.103.75.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 14.13.184.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 54.156.208.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 208.60.53.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.34.215.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 174.199.158.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.21.39.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.30.145.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.143.5.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 151.240.94.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 211.216.5.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.128.230.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.186.64.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.223.94.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.149.19.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.201.60.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 174.200.185.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 84.46.163.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.58.182.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 113.232.63.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.77.133.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.157.59.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.202.235.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.213.214.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.38.55.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 195.114.217.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.100.243.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 105.105.161.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 201.151.2.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.105.52.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.29.71.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 210.217.9.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 105.68.55.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 123.234.234.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.201.115.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.124.95.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.133.75.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 73.202.80.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.194.41.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.48.68.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.163.220.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 13.139.28.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.187.229.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.8.115.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.83.253.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 70.20.94.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 41.182.86.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.187.178.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.18.144.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.126.53.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.173.55.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.95.244.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 207.38.53.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.216.88.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 98.85.163.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.179.11.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 1.128.71.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.47.210.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.96.85.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.75.232.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.68.253.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.177.28.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 161.115.17.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.10.152.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.86.63.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.137.232.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 118.139.4.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 218.58.48.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.75.173.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.0.25.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.83.59.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.238.15.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.1.81.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 44.2.67.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.73.241.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.184.188.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.194.14.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.30.124.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.192.60.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.87.177.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 142.165.179.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.107.177.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.61.91.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 107.205.164.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 42.197.169.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 9.97.40.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.56.30.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.14.189.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.173.58.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.122.243.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.252.29.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.250.94.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.83.157.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.230.6.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 17.28.114.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 140.213.8.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.155.152.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.80.140.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 125.247.88.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 167.141.51.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.187.62.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.171.240.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.55.225.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.194.63.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 41.99.142.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.151.100.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 165.176.106.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.211.72.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.136.219.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.14.188.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 152.55.83.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 35.74.107.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.59.20.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.14.195.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 178.199.111.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 134.76.154.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 46.216.160.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.66.106.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 216.84.39.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.81.195.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.167.254.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.136.72.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 37.225.229.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.240.10.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.137.24.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 126.121.218.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.91.247.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.208.196.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.134.98.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.105.241.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.199.150.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 169.117.152.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.33.37.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 51.143.208.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 195.97.132.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.11.106.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 222.175.83.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.151.73.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.147.113.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 14.17.22.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.219.53.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 176.122.204.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.131.175.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.126.234.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 152.117.172.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 173.69.75.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 114.88.247.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.221.65.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.38.122.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.207.11.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.199.87.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 67.212.106.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 44.2.19.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.76.62.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.187.35.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 92.195.176.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.98.207.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.159.239.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.116.203.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.121.250.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.91.150.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 142.169.244.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 43.104.202.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.85.33.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 113.34.69.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.27.91.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.229.36.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.62.27.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 35.12.182.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.114.230.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.164.166.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.252.3.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 205.100.51.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.140.205.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.132.131.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.230.70.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.191.164.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 104.160.49.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 65.7.231.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 178.181.233.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 78.192.166.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 46.9.148.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.197.69.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.143.236.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.187.66.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.44.91.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.60.171.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.48.37.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.186.71.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.22.185.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.41.46.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 2.203.99.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.142.155.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.83.210.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.231.161.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.53.140.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.137.208.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 4.28.187.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.35.225.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 84.131.38.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.111.223.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 176.255.43.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.201.182.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.112.8.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 149.136.209.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.226.125.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.112.182.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.61.97.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.186.27.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.248.102.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.116.95.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.42.214.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.42.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.153.35.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.74.183.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 216.209.158.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.143.34.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.94.64.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.157.61.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.170.197.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.24.150.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.207.26.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.94.206.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.196.81.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.151.218.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 173.96.134.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 27.231.42.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.163.75.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 143.62.31.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 167.235.85.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.59.245.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 110.161.137.147:2323

Sample listens on a socket

Source: /tmp/QX4Kudvf1x (PID: 5239)

Socket: 127.0.0.1::1926

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 137.184.153.228
Source: unknown	TCP traffic detected without corresponding DNS query: 126.129.54.116
Source: unknown	TCP traffic detected without corresponding DNS query: 129.182.67.117
Source: unknown	TCP traffic detected without corresponding DNS query: 64.77.18.238
Source: unknown	TCP traffic detected without corresponding DNS query: 88.170.214.34
Source: unknown	TCP traffic detected without corresponding DNS query: 134.238.52.231
Source: unknown	TCP traffic detected without corresponding DNS query: 87.211.153.91
Source: unknown	TCP traffic detected without corresponding DNS query: 39.147.216.157
Source: unknown	TCP traffic detected without corresponding DNS query: 81.239.255.217
Source: unknown	TCP traffic detected without corresponding DNS query: 124.225.101.187
Source: unknown	TCP traffic detected without corresponding DNS query: 187.189.89.209
Source: unknown	TCP traffic detected without corresponding DNS query: 177.7.152.225
Source: unknown	TCP traffic detected without corresponding DNS query: 173.100.96.103
Source: unknown	TCP traffic detected without corresponding DNS query: 183.37.79.101
Source: unknown	TCP traffic detected without corresponding DNS query: 18.170.40.192
Source: unknown	TCP traffic detected without corresponding DNS query: 9.179.173.172
Source: unknown	TCP traffic detected without corresponding DNS query: 156.49.205.211
Source: unknown	TCP traffic detected without corresponding DNS query: 90.179.51.76
Source: unknown	TCP traffic detected without corresponding DNS query: 70.233.104.243
Source: unknown	TCP traffic detected without corresponding DNS query: 113.63.36.247
Source: unknown	TCP traffic detected without corresponding DNS query: 185.61.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 68.134.119.133
Source: unknown	TCP traffic detected without corresponding DNS query: 51.100.89.86
Source: unknown	TCP traffic detected without corresponding DNS query: 109.54.56.224
Source: unknown	TCP traffic detected without corresponding DNS query: 153.86.43.142
Source: unknown	TCP traffic detected without corresponding DNS query: 136.180.153.166
Source: unknown	TCP traffic detected without corresponding DNS query: 169.173.220.49
Source: unknown	TCP traffic detected without corresponding DNS query: 201.205.149.128
Source: unknown	TCP traffic detected without corresponding DNS query: 192.213.191.12
Source: unknown	TCP traffic detected without corresponding DNS query: 79.201.148.209
Source: unknown	TCP traffic detected without corresponding DNS query: 111.32.117.47
Source: unknown	TCP traffic detected without corresponding DNS query: 212.167.40.170
Source: unknown	TCP traffic detected without corresponding DNS query: 212.83.218.70
Source: unknown	TCP traffic detected without corresponding DNS query: 9.25.123.233
Source: unknown	TCP traffic detected without corresponding DNS query: 200.176.255.75
Source: unknown	TCP traffic detected without corresponding DNS query: 51.48.54.114
Source: unknown	TCP traffic detected without corresponding DNS query: 178.37.70.8
Source: unknown	TCP traffic detected without corresponding DNS query: 105.212.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 112.199.11.131
Source: unknown	TCP traffic detected without corresponding DNS query: 62.163.134.138
Source: unknown	TCP traffic detected without corresponding DNS query: 213.203.45.233
Source: unknown	TCP traffic detected without corresponding DNS query: 155.248.147.70
Source: unknown	TCP traffic detected without corresponding DNS query: 25.151.69.240
Source: unknown	TCP traffic detected without corresponding DNS query: 88.42.70.73
Source: unknown	TCP traffic detected without corresponding DNS query: 102.45.103.110
Source: unknown	TCP traffic detected without corresponding DNS query: 193.173.101.66
Source: unknown	TCP traffic detected without corresponding DNS query: 32.253.4.10
Source: unknown	TCP traffic detected without corresponding DNS query: 90.195.25.133
Source: unknown	TCP traffic detected without corresponding DNS query: 34.225.21.165
Source: unknown	TCP traffic detected without corresponding DNS query: 91.98.197.117

System Summary:

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/0@0/0

Source: QX4Kudvf1x

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/QX4Kudvf1x (PID: 5239)

Queries kernel information via 'uname':

Jump to behavior

Source: QX4Kudvf1x, 5239.1.00000000389dc556.00000000c6185993.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: QX4Kudvf1x, 5239.1.0000000071255f45.00000000d77771f1.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: QX4Kudvf1x, 5239.1.0000000071255f45.00000000d77771f1.rw-.sdmp	Binary or memory string: Gx86_64/usr/bin/qemu-m68k/tmp/QX4Kudvf1xSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/QX4Kudvf1x
Source: QX4Kudvf1x, 5239.1.00000000389dc556.00000000c6185993.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
207.252.253.15	unknown	United States	10844	VASTNETUS	false
87.174.170.218	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
170.215.1.123	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
64.215.59.186	unknown	United States	3549	LVLT-3549US	false
209.188.192.81	unknown	United States	2152	CSUNET-NWUS	false
12.248.178.247	unknown	United States	7018	ATT-INTERNET4US	false
69.8.94.83	unknown	United States	8025	BRIGHTOK-ASUS	false
42.93.143.143	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
71.9.12.218	unknown	United States	20115	CHARTER-20115US	false
19.113.39.80	unknown	United States	3	MIT-GATEWAYSUS	false
140.12.77.152	unknown	United States	23700	FASTNET-AS-IDLinknet-FastnetASNID	false
187.114.120.15	unknown	Brazil	18881	TELEFONICABRASILSABR	false
99.207.129.35	unknown	United States	10507	SPCSUS	false
104.144.45.85	unknown	Canada	55286	SERVER-MANIACA	false
186.27.91.17	unknown	Bolivia	28024	NuevatelPCSdeBoliviaSABO	false
150.163.105.17	unknown	Brazil	1916	AssociacaoRedeNacionaldeEnsinoePesquisaBR	false
194.136.239.177	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
93.173.196.81	unknown	Israel	1680	NV-ASNCELLCOMltdIL	false
149.209.248.84	unknown	Norway	2830	MCI-DUAL-HOMED-CUSTOMERSGB	false
161.108.200.86	unknown	United States	3955	WANG-US-1US	false
46.172.91.173	unknown	Ukraine	48422	IT-STARCOM-AShttpwwwitstarcomnetUA	false
61.179.183.141	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
82.239.146.208	unknown	France	12322	PROXADFR	false
17.153.147.49	unknown	United States	714	APPLE-ENGINEERINGUS	false
1.61.30.168	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
36.212.52.156	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
90.17.49.162	unknown	France	3215	FranceTelecom-OrangeFR	false
219.47.227.225	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
178.192.115.23	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
153.14.218.209	unknown	United States	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
82.27.173.98	unknown	United Kingdom	5089	NTLGB	false
84.46.182.188	unknown	Lithuania	15419	LRTC-ASLT	false
92.117.4.8	unknown	Germany	8881	VERSATELDE	false
106.117.45.97	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
143.146.199.87	unknown	United States	399	AFCONC-BLOCK1-ASUS	false
37.177.110.215	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
178.24.145.59	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
212.79.253.142	unknown	Germany	203507	AVIRADEKaplaneiweg1DE	false
210.48.212.143	unknown	Australia	38084	ETHAN-AU-APEthanGroupAU	false
94.241.196.54	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
165.166.229.161	unknown	United States	2711	SPIRITTEL-ASUS	false
139.39.35.7	unknown	United States	5972	DNIC-ASBLK-05800-06055US	false
138.185.157.196	unknown	Brazil	264342	UPNETPROVEDORDEACESSOETELECOMBR	false
24.142.43.136	unknown	Canada	32233	PERSONACA	false
86.210.197.248	unknown	France	3215	FranceTelecom-OrangeFR	false
125.136.218.237	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
192.36.40.33	unknown	Sweden	25176	AC-NETSE	false
173.25.184.131	unknown	United States	30036	MEDIACOM-ENTERPRISE-BUSINESSUS	false
57.249.89.90	unknown	Belgium	2686	ATGS-MMD-ASUS	false
110.19.130.27	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
150.142.226.27	unknown	United States	14223	NYSDOHUS	false
14.1.253.124	unknown	Malaysia	45960	YTLCOMMS-AS-APYTLCOMMUNICATIONSSDNBHDMY	false
31.40.126.0	unknown	Russian Federation	56761	MULTINEX-MIASS-ASRU	false
213.5.165.223	unknown	Russian Federation	15673	TELESETI-PLUS-ASRU	false
135.248.152.229	unknown	United States	10455	LUCENT-CIOUS	false
46.215.117.92	unknown	Poland	8374	PLUSNETPlusnetworkoperatorinPolandPL	false
118.123.103.213	unknown	China	38283	CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData	false
209.15.189.55	unknown	Canada	11290	CC-3272CA	false
191.160.73.87	unknown	Brazil	26615	TIMSABR	false
206.116.23.4	unknown	Canada	852	ASN852CA	false
36.173.8.143	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
122.202.143.12	unknown	Korea Republic of	9946	CABLENET-AS-KRKCTVJEJUBROADCASTINGKR	false
172.132.121.255	unknown	United States	7018	ATT-INTERNET4US	false
125.227.201.219	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
132.213.80.133	unknown	Canada	376	RISQ-ASCA	false
142.10.232.203	unknown	Canada	13576	SDNW-13576US	false
111.48.103.28	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
208.254.25.78	unknown	United States	11486	COLO-PREM-VZBUS	false
161.64.39.252	unknown	Macau	7582	UMAC-AS-APUniversityofMacauMO	false
82.32.247.245	unknown	United Kingdom	5089	NTLGB	false
61.197.166.78	unknown	Japan	2514	INFOSPHERENTTPCCommunicationsIncJP	false
12.16.138.186	unknown	United States	7018	ATT-INTERNET4US	false
83.47.191.245	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
168.76.73.116	unknown	South Africa	265240	ULTRANETSERVICOSEMINTERNETLTDABR	false
179.138.235.187	unknown	Brazil	26599	TELEFONICABRASILSABR	false
94.79.60.224	unknown	Russian Federation	8732	COMCOR-ASMoscowRU	false
131.44.242.127	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
104.19.61.172	unknown	United States	13335	CLOUDFLARENETUS	false
148.22.80.216	unknown	United States	6400	CompaniaDominicanadeTelefonosSADO	false
114.99.197.138	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
162.32.169.48	unknown	United States	35893	ACPCA	false
86.173.157.118	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
216.51.94.169	unknown	United States	2828	XO-AS15US	false
206.249.88.101	unknown	United States	174	COGENT-174US	false
204.29.221.41	unknown	United States	13325	STOMIUS	false
2.98.162.245	unknown	United Kingdom	13285	OPALTELECOM-ASTalkTalkCommunicationsLimitedGB	false
19.71.89.200	unknown	United States	3	MIT-GATEWAYSUS	false
70.74.179.170	unknown	Canada	6327	SHAWCA	false
64.148.234.59	unknown	United States	7018	ATT-INTERNET4US	false
150.170.41.46	unknown	United States	26438	MONROE-COMMUNITY-COLLEGEUS	false
97.61.226.168	unknown	United States	22394	CELLCOUS	false
149.214.42.119	unknown	Germany	5605	NETUSEDE	false
176.251.72.11	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
69.199.77.191	unknown	United States	17184	ATL-CBEYONDUS	false
87.17.71.206	unknown	Italy	3269	ASN-IBSNAZIT	false
161.16.200.200	unknown	United States	19512	LYONDELLUS	false
207.82.211.10	unknown	United States	10584	TRADEWEBUS	false
73.207.81.13	unknown	United States	7922	COMCAST-7922US	false
221.246.215.107	unknown	Japan	17506	UCOMARTERIANetworksCorporationJP	false
38.52.110.100	unknown	United States	174	COGENT-174US	false

AV Detection:

Multi AV Scanner detection for submitted file

Source: QX4Kudvf1x	Virustotal: Detection: 49%			Perma Link
Source: QX4Kudvf1x	ReversingLabs: Detection: 48%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45424
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45424
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45466
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45466
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45516
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45516
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45576
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45576
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45662
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45662
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:40098

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:36892 -> 137.184.153.228:9931
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 126.129.54.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.7.152.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.61.106.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.167.40.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.248.147.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.181.200.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 207.177.191.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 133.92.228.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.238.144.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 118.198.166.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.102.148.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.37.111.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 20.141.6.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.6.236.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 221.255.236.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 36.246.54.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.130.31.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 34.48.255.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 148.65.79.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 179.228.111.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.118.214.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 78.118.11.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 36.97.22.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.22.141.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.185.63.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.230.50.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 61.173.82.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 76.19.124.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.174.218.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.123.28.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 2.137.98.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.22.72.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.152.38.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 120.39.236.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 100.250.171.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.129.251.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 98.163.130.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.169.110.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 37.220.82.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 169.132.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.239.132.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.156.55.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.146.215.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 144.67.148.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.106.65.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.239.90.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.68.55.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.96.34.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.101.81.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.51.2.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.138.71.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.198.197.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.215.75.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.189.196.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.120.208.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 85.44.210.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.11.179.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 134.133.254.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.36.134.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 161.226.201.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.205.211.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 119.137.180.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.42.24.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.18.25.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 92.154.6.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.41.136.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.183.70.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 13.22.77.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.194.141.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 49.148.227.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.189.185.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.4.108.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.178.245.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.213.15.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.239.149.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.177.143.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.189.126.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.247.104.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.3.38.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.177.126.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 186.203.158.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.152.90.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 72.30.112.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.31.5.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 1.28.124.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.228.155.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.160.22.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.149.171.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 19.253.99.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.90.36.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 119.226.5.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 146.123.166.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.115.185.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 51.37.120.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.25.27.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.21.84.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.162.243.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 111.57.137.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.251.59.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.4.130.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.148.172.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 193.70.147.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.152.50.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 109.179.10.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.134.90.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.81.220.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.32.158.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.143.103.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 218.104.163.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 125.87.76.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.202.169.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.221.34.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.21.196.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 117.103.162.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 203.55.225.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.188.244.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.7.126.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 150.239.61.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 95.200.7.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.173.47.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 135.65.79.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 179.227.76.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.187.222.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.227.43.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 83.22.231.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 199.128.219.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 132.6.95.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.119.74.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.20.54.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 199.227.143.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.76.53.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.43.243.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.218.123.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.124.207.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.114.88.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.254.85.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.234.74.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.144.68.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.49.184.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.42.91.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.7.49.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.82.254.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 19.55.6.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.171.15.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.62.10.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 133.231.168.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.242.214.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 67.155.95.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.160.165.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.30.138.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.41.152.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.179.249.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.206.72.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.249.226.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.102.113.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.0.177.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.25.235.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 42.186.189.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.192.166.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.211.55.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.94.197.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 203.197.36.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.58.64.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.200.197.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 50.153.105.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.81.244.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.77.72.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.205.30.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.126.16.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 102.3.160.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.202.44.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.29.2.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 120.2.100.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.23.78.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.220.215.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.119.95.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.170.27.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.202.194.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.44.78.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.24.188.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.124.186.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 50.190.242.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.254.235.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 210.48.212.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.82.132.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.0.138.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.9.206.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.150.30.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 183.53.145.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.116.31.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 100.234.113.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.38.208.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.250.156.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.132.197.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.244.30.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.251.233.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.112.140.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.218.152.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.246.164.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.242.71.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.230.113.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.11.144.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 4.132.170.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.18.179.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.215.63.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 193.211.69.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.253.77.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.63.17.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 17.46.235.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 208.54.128.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.238.242.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.242.212.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.14.117.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.183.33.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.163.43.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 117.216.146.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 150.6.153.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.79.146.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.183.216.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 108.209.94.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.80.134.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.188.90.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.129.126.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 65.38.213.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.30.138.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 146.19.236.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.143.110.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.223.75.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 9.6.217.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.196.211.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.243.193.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 201.219.131.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.49.133.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.210.111.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 143.130.81.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.58.65.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.67.240.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 111.112.92.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 58.57.177.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.255.26.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.198.234.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.120.217.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.243.122.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.75.240.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.231.167.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.114.35.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.77.23.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.194.57.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.19.137.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 149.78.204.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.19.84.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.11.131.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.121.227.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 108.24.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.61.132.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.84.52.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.39.66.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.109.229.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 72.229.0.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 68.237.138.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 38.214.98.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.251.249.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.140.183.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.88.228.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.188.80.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.189.120.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.215.96.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.103.75.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 14.13.184.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 54.156.208.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 208.60.53.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.34.215.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 174.199.158.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.21.39.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.30.145.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.143.5.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 151.240.94.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 211.216.5.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.128.230.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.186.64.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.223.94.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.149.19.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.201.60.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 174.200.185.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 84.46.163.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.58.182.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 113.232.63.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.77.133.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.157.59.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.202.235.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.213.214.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.38.55.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 195.114.217.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.100.243.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 105.105.161.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 201.151.2.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.105.52.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.29.71.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 210.217.9.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 105.68.55.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 123.234.234.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.201.115.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.124.95.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.133.75.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 73.202.80.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.194.41.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.48.68.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.163.220.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 13.139.28.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.187.229.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.8.115.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.83.253.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 70.20.94.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 41.182.86.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.187.178.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.18.144.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.126.53.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.173.55.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.95.244.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 207.38.53.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.216.88.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 98.85.163.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.179.11.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 1.128.71.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.47.210.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.96.85.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.75.232.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.68.253.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.177.28.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 161.115.17.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.10.152.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.86.63.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.137.232.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 118.139.4.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 218.58.48.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.75.173.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.0.25.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.83.59.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.238.15.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.1.81.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 44.2.67.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.73.241.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.184.188.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.194.14.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.30.124.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.192.60.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.87.177.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 142.165.179.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.107.177.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.61.91.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 107.205.164.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 42.197.169.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 9.97.40.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.56.30.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.14.189.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.173.58.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.122.243.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.252.29.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.250.94.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.83.157.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.230.6.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 17.28.114.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 140.213.8.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.155.152.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.80.140.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 125.247.88.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 167.141.51.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.187.62.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.171.240.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.55.225.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.194.63.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 41.99.142.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.151.100.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 165.176.106.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.211.72.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.136.219.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.14.188.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 152.55.83.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 35.74.107.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.59.20.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.14.195.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 178.199.111.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 134.76.154.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 46.216.160.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.66.106.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 216.84.39.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.81.195.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.167.254.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.136.72.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 37.225.229.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.240.10.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.137.24.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 126.121.218.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.91.247.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.208.196.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.134.98.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.105.241.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.199.150.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 169.117.152.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.33.37.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 51.143.208.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 195.97.132.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.11.106.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 222.175.83.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.151.73.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.147.113.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 14.17.22.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.219.53.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 176.122.204.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.131.175.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.126.234.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 152.117.172.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 173.69.75.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 114.88.247.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.221.65.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.38.122.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.207.11.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.199.87.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 67.212.106.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 44.2.19.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.76.62.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.187.35.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 92.195.176.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.98.207.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.159.239.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.116.203.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.121.250.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.91.150.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 142.169.244.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 43.104.202.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.85.33.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 113.34.69.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.27.91.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.229.36.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.62.27.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 35.12.182.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.114.230.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.164.166.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.252.3.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 205.100.51.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.140.205.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.132.131.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.230.70.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.191.164.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 104.160.49.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 65.7.231.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 178.181.233.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 78.192.166.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 46.9.148.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.197.69.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.143.236.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.187.66.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.44.91.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.60.171.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.48.37.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.186.71.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.22.185.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.41.46.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 2.203.99.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.142.155.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.83.210.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.231.161.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.53.140.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.137.208.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 4.28.187.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.35.225.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 84.131.38.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.111.223.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 176.255.43.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.201.182.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.112.8.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 149.136.209.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.226.125.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.112.182.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.61.97.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.186.27.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.248.102.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.116.95.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.42.214.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.42.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.153.35.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.74.183.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 216.209.158.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.143.34.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.94.64.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.157.61.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.170.197.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.24.150.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.207.26.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.94.206.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.196.81.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.151.218.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 173.96.134.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 27.231.42.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.163.75.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 143.62.31.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 167.235.85.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.59.245.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 110.161.137.147:2323

Sample listens on a socket

Source: /tmp/QX4Kudvf1x (PID: 5239)

Socket: 127.0.0.1::1926

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 137.184.153.228
Source: unknown	TCP traffic detected without corresponding DNS query: 126.129.54.116
Source: unknown	TCP traffic detected without corresponding DNS query: 129.182.67.117
Source: unknown	TCP traffic detected without corresponding DNS query: 64.77.18.238
Source: unknown	TCP traffic detected without corresponding DNS query: 88.170.214.34
Source: unknown	TCP traffic detected without corresponding DNS query: 134.238.52.231
Source: unknown	TCP traffic detected without corresponding DNS query: 87.211.153.91
Source: unknown	TCP traffic detected without corresponding DNS query: 39.147.216.157
Source: unknown	TCP traffic detected without corresponding DNS query: 81.239.255.217
Source: unknown	TCP traffic detected without corresponding DNS query: 124.225.101.187
Source: unknown	TCP traffic detected without corresponding DNS query: 187.189.89.209
Source: unknown	TCP traffic detected without corresponding DNS query: 177.7.152.225
Source: unknown	TCP traffic detected without corresponding DNS query: 173.100.96.103
Source: unknown	TCP traffic detected without corresponding DNS query: 183.37.79.101
Source: unknown	TCP traffic detected without corresponding DNS query: 18.170.40.192
Source: unknown	TCP traffic detected without corresponding DNS query: 9.179.173.172
Source: unknown	TCP traffic detected without corresponding DNS query: 156.49.205.211
Source: unknown	TCP traffic detected without corresponding DNS query: 90.179.51.76
Source: unknown	TCP traffic detected without corresponding DNS query: 70.233.104.243
Source: unknown	TCP traffic detected without corresponding DNS query: 113.63.36.247
Source: unknown	TCP traffic detected without corresponding DNS query: 185.61.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 68.134.119.133
Source: unknown	TCP traffic detected without corresponding DNS query: 51.100.89.86
Source: unknown	TCP traffic detected without corresponding DNS query: 109.54.56.224
Source: unknown	TCP traffic detected without corresponding DNS query: 153.86.43.142
Source: unknown	TCP traffic detected without corresponding DNS query: 136.180.153.166
Source: unknown	TCP traffic detected without corresponding DNS query: 169.173.220.49
Source: unknown	TCP traffic detected without corresponding DNS query: 201.205.149.128
Source: unknown	TCP traffic detected without corresponding DNS query: 192.213.191.12
Source: unknown	TCP traffic detected without corresponding DNS query: 79.201.148.209
Source: unknown	TCP traffic detected without corresponding DNS query: 111.32.117.47
Source: unknown	TCP traffic detected without corresponding DNS query: 212.167.40.170
Source: unknown	TCP traffic detected without corresponding DNS query: 212.83.218.70
Source: unknown	TCP traffic detected without corresponding DNS query: 9.25.123.233
Source: unknown	TCP traffic detected without corresponding DNS query: 200.176.255.75
Source: unknown	TCP traffic detected without corresponding DNS query: 51.48.54.114
Source: unknown	TCP traffic detected without corresponding DNS query: 178.37.70.8
Source: unknown	TCP traffic detected without corresponding DNS query: 105.212.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 112.199.11.131
Source: unknown	TCP traffic detected without corresponding DNS query: 62.163.134.138
Source: unknown	TCP traffic detected without corresponding DNS query: 213.203.45.233
Source: unknown	TCP traffic detected without corresponding DNS query: 155.248.147.70
Source: unknown	TCP traffic detected without corresponding DNS query: 25.151.69.240
Source: unknown	TCP traffic detected without corresponding DNS query: 88.42.70.73
Source: unknown	TCP traffic detected without corresponding DNS query: 102.45.103.110
Source: unknown	TCP traffic detected without corresponding DNS query: 193.173.101.66
Source: unknown	TCP traffic detected without corresponding DNS query: 32.253.4.10
Source: unknown	TCP traffic detected without corresponding DNS query: 90.195.25.133
Source: unknown	TCP traffic detected without corresponding DNS query: 34.225.21.165
Source: unknown	TCP traffic detected without corresponding DNS query: 91.98.197.117

System Summary:

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/0@0/0

Source: QX4Kudvf1x

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/QX4Kudvf1x (PID: 5239)

Queries kernel information via 'uname':

Jump to behavior

Source: QX4Kudvf1x, 5239.1.00000000389dc556.00000000c6185993.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: QX4Kudvf1x, 5239.1.0000000071255f45.00000000d77771f1.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: QX4Kudvf1x, 5239.1.0000000071255f45.00000000d77771f1.rw-.sdmp	Binary or memory string: Gx86_64/usr/bin/qemu-m68k/tmp/QX4Kudvf1xSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/QX4Kudvf1x
Source: QX4Kudvf1x, 5239.1.00000000389dc556.00000000c6185993.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	514643
Product:	CloudBasic
Start time:	14:01:57
Start date:	03.11.2021
Sample:	QX4Kudvf1x
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	5fe33cf30e900cb2903960d16f1f3ace
SHA1:	92f9cdbf6ca4efdb09a48714907913a74b70bf9e
SHA256:	5be14a462004f551c39bae8155098090695e6dc2ad48219a7792bf4d28a364f9
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report QX4Kudvf1x

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs