Linux Analysis Report HdZIgkO5be

Overview

General Information

Sample Name:	HdZIgkO5be
Analysis ID:	514677
MD5:	1b5dfd49454f3d7fe8e518f904c88bc7
SHA1:	560ba6f16c235b269669d8bb8c6367045e521617
SHA256:	743ebdcaf8b0255212578ac797f920df17daba5f8036fb2f6c942316a2524d22
Tags:	32elfmirairenesas
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample listens on a socket

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: HdZIgkO5be	Virustotal: Detection: 50%			Perma Link
Source: HdZIgkO5be	ReversingLabs: Detection: 48%

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39316 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44504
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44504
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39712
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39712
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44606
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44606
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 78.108.27.163:23 -> 192.168.2.23:54086
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39768
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 716 INFO TELNET access 24.35.148.69:23 -> 192.168.2.23:60932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.44.116.104:23 -> 192.168.2.23:49354
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.44.116.104:23 -> 192.168.2.23:49354
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44656
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44656
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39808
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39808
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33766
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33766
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44706
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44706
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39882
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39882
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33832
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33832
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44766
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44766
Source: Traffic	Snort IDS: 716 INFO TELNET access 36.91.71.101:23 -> 192.168.2.23:33196
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 716 INFO TELNET access 24.35.148.69:23 -> 192.168.2.23:32876
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33916
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33916
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44842
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39978
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.44.116.104:23 -> 192.168.2.23:49554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.44.116.104:23 -> 192.168.2.23:49554
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44874
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44874

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:36892 -> 137.184.153.228:9931
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.177.46.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.227.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.75.127.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 131.187.92.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 167.171.192.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.211.57.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.52.179.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.30.112.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.127.118.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.60.85.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.195.240.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.6.184.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.189.255.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 76.105.193.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.232.113.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.98.65.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.13.58.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 175.207.49.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.50.80.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.56.113.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.11.79.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.44.1.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.50.90.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.46.223.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.84.176.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 165.62.208.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.22.70.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.204.186.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.1.82.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 71.22.168.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.117.100.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 46.107.69.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.168.89.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.210.204.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 5.145.183.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.32.180.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.138.219.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 108.126.206.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 190.156.45.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.106.145.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.97.136.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 121.19.39.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.41.170.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.173.158.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.234.189.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 200.197.71.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.60.131.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.148.183.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.151.240.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.42.26.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.110.132.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 92.191.89.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 126.242.35.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.30.208.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 38.134.234.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 57.44.9.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 24.131.165.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.163.198.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.115.157.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.249.104.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.248.247.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.132.209.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 37.71.89.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.164.155.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.192.167.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.6.213.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.96.120.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.47.134.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 25.25.27.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.66.231.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 73.51.77.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.83.164.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 125.65.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.186.34.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.255.130.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.48.192.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 82.175.217.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 86.211.184.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.61.147.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 65.219.33.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 155.157.158.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.118.143.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.177.178.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.151.41.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 166.247.4.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.136.238.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.9.46.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.82.90.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.230.115.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.87.228.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 117.195.105.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.148.115.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.129.93.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.27.92.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.117.194.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.35.214.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.34.192.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.104.10.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.142.172.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.215.179.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.207.155.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 154.1.22.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.244.186.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 78.250.206.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.5.236.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.212.2.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 187.61.44.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 41.45.53.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.126.69.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.238.26.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.164.152.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.235.61.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.148.129.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.76.79.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.250.171.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.88.114.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.194.223.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.60.244.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.15.173.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 73.65.92.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.169.170.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.15.110.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.196.111.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 52.42.160.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 99.164.196.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.76.52.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.16.198.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.101.125.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.138.67.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 59.136.63.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.73.40.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 77.226.158.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.215.146.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 86.15.173.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 12.163.82.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.7.246.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 131.112.143.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 139.25.207.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.138.165.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.19.79.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.189.145.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.103.66.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 186.196.51.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.91.94.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 142.245.27.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 149.165.101.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.77.86.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.255.129.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.172.113.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 43.223.218.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.22.252.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.111.16.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.55.194.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.24.195.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.129.20.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 223.42.135.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.114.229.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.234.114.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.197.101.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.12.243.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.125.7.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.32.26.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.223.162.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 75.31.34.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 1.106.85.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.65.218.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.113.148.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.110.59.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 182.38.80.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.59.62.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.205.57.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.167.184.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.145.182.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 85.36.207.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.17.98.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.179.114.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 154.164.133.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.91.93.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.144.162.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.165.39.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 184.224.214.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.101.216.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.170.200.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.176.142.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 176.0.179.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 170.209.153.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.1.140.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.147.178.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.51.247.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.19.27.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 35.92.29.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 216.207.30.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.47.255.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.49.250.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.155.200.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.140.0.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.97.250.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.226.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.11.100.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 137.107.248.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 208.72.45.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.2.115.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.17.128.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.160.147.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.102.154.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.230.9.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.111.226.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.122.12.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.53.163.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 125.185.67.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.148.77.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 72.105.135.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.8.251.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.140.64.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.79.148.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.139.133.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.235.117.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.144.75.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.69.37.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 19.109.113.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.109.60.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 25.37.32.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 76.137.144.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.131.252.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.30.116.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 177.51.46.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.41.0.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.208.202.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.253.243.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 99.27.44.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.223.18.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.108.117.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.199.241.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.93.128.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 180.9.10.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.137.243.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.138.168.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 67.143.81.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.170.39.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 163.249.54.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.111.121.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.143.94.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.14.50.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.157.251.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.27.104.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.98.46.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.198.152.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.246.80.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 160.79.100.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.41.249.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.225.131.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.54.61.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 177.50.107.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 117.135.144.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 122.148.114.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.111.193.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.184.115.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 200.56.56.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.240.117.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 156.46.208.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.102.64.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 180.124.161.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.143.140.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.249.36.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.25.99.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 34.149.77.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.79.144.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.219.110.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.147.217.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.45.174.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 17.181.78.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 118.89.54.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.92.235.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 222.155.1.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.103.190.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 43.138.17.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 71.233.87.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.34.240.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 189.139.201.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.127.86.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.148.11.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.92.222.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.212.238.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.199.230.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.62.1.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.57.240.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 110.156.216.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.213.212.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.175.167.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.142.60.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.107.93.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 109.14.41.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.240.200.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 194.163.25.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 67.12.89.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.83.220.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.76.170.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 92.75.23.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.118.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.186.47.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 103.107.80.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.176.196.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.39.196.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 107.158.119.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.249.213.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.96.213.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.46.234.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.96.179.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.52.46.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.28.43.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.62.15.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 9.157.81.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.217.165.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.240.9.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.52.86.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.187.209.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.104.91.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 97.83.119.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.160.126.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 176.253.254.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 103.119.137.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.12.65.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 18.135.162.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 189.65.10.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 35.93.31.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 170.97.125.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.245.178.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.147.17.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 213.75.221.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 218.84.111.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.70.178.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.52.253.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.111.251.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.38.66.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.148.64.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.177.129.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.72.79.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 54.192.230.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.151.156.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.110.26.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.37.94.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.195.156.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.245.169.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 115.61.160.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.183.185.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.173.241.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 37.182.235.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.165.172.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 137.178.159.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.240.229.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.31.29.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 9.82.57.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.51.57.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.17.9.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 110.251.125.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 130.145.136.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.66.55.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.203.7.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.85.242.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.203.114.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.151.167.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 1.239.86.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.24.38.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.35.230.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.40.93.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.134.157.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.111.205.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.33.103.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.141.103.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 118.24.91.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.172.157.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.210.164.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.96.213.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 75.50.215.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.145.253.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.175.190.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 46.122.101.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.29.26.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.142.80.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.156.45.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 74.43.9.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.14.92.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.218.142.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.4.99.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.83.146.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.14.127.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.231.25.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.91.17.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.12.188.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 77.82.39.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.171.154.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.203.163.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 175.86.225.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 133.153.8.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.230.114.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 213.160.79.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.196.217.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.139.24.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 151.128.66.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.249.174.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.7.101.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.120.175.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.243.207.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 156.42.229.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.153.149.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.144.251.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.67.69.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.202.162.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 27.17.78.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 160.51.19.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.116.244.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.200.201.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.47.127.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.81.44.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.173.97.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 184.7.253.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.216.121.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.148.63.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.134.98.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.131.229.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.193.222.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.154.26.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.235.220.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.27.96.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.168.23.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 27.121.204.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.218.4.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.150.27.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.0.67.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.159.115.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.27.213.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.146.101.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.68.107.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.250.5.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.228.255.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.199.211.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.188.92.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.214.29.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.13.199.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 65.94.102.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.220.181.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.96.169.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.80.225.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.79.78.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.30.94.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.30.79.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 54.36.26.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.244.17.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.215.99.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 41.225.94.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.187.28.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.37.89.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.69.201.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.118.47.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.96.53.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.198.113.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.93.25.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.226.99.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.109.204.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.1.123.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.58.239.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 57.48.130.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.153.118.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.141.167.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.241.141.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 186.231.171.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.228.134.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.157.26.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.131.100.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.19.181.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 81.212.84.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 42.138.255.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.139.52.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 24.240.192.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.164.152.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.42.54.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 122.216.247.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.145.40.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 101.132.232.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.153.106.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.197.110.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 130.98.41.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.146.32.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 91.53.130.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 72.239.19.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.138.47.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.43.47.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.105.225.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.118.188.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.59.81.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.110.66.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 134.249.251.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.101.176.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.183.73.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.212.227.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.135.142.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 97.36.179.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 218.87.115.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.47.156.67:2323

Sample listens on a socket

Source: /tmp/HdZIgkO5be (PID: 5234)

Socket: 127.0.0.1::1926

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39316
Source: unknown	Network traffic detected: HTTP traffic on port 39316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 137.184.153.228
Source: unknown	TCP traffic detected without corresponding DNS query: 124.177.46.61
Source: unknown	TCP traffic detected without corresponding DNS query: 185.195.91.61
Source: unknown	TCP traffic detected without corresponding DNS query: 151.88.234.61
Source: unknown	TCP traffic detected without corresponding DNS query: 182.127.94.25
Source: unknown	TCP traffic detected without corresponding DNS query: 162.221.64.62
Source: unknown	TCP traffic detected without corresponding DNS query: 14.103.167.177
Source: unknown	TCP traffic detected without corresponding DNS query: 183.82.130.208
Source: unknown	TCP traffic detected without corresponding DNS query: 81.6.74.34
Source: unknown	TCP traffic detected without corresponding DNS query: 78.239.87.237
Source: unknown	TCP traffic detected without corresponding DNS query: 106.53.154.131
Source: unknown	TCP traffic detected without corresponding DNS query: 32.227.82.200
Source: unknown	TCP traffic detected without corresponding DNS query: 115.193.190.102
Source: unknown	TCP traffic detected without corresponding DNS query: 66.120.40.238
Source: unknown	TCP traffic detected without corresponding DNS query: 70.125.244.82
Source: unknown	TCP traffic detected without corresponding DNS query: 118.200.193.237
Source: unknown	TCP traffic detected without corresponding DNS query: 133.139.104.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.177.37.122
Source: unknown	TCP traffic detected without corresponding DNS query: 176.208.182.94
Source: unknown	TCP traffic detected without corresponding DNS query: 111.228.203.122
Source: unknown	TCP traffic detected without corresponding DNS query: 136.76.154.94
Source: unknown	TCP traffic detected without corresponding DNS query: 80.160.249.207
Source: unknown	TCP traffic detected without corresponding DNS query: 63.75.127.220
Source: unknown	TCP traffic detected without corresponding DNS query: 117.199.173.81
Source: unknown	TCP traffic detected without corresponding DNS query: 135.221.17.157
Source: unknown	TCP traffic detected without corresponding DNS query: 208.175.103.211
Source: unknown	TCP traffic detected without corresponding DNS query: 161.75.244.81
Source: unknown	TCP traffic detected without corresponding DNS query: 221.83.26.63
Source: unknown	TCP traffic detected without corresponding DNS query: 162.144.115.119
Source: unknown	TCP traffic detected without corresponding DNS query: 176.222.80.101
Source: unknown	TCP traffic detected without corresponding DNS query: 131.187.92.6
Source: unknown	TCP traffic detected without corresponding DNS query: 92.174.234.143
Source: unknown	TCP traffic detected without corresponding DNS query: 99.102.116.204
Source: unknown	TCP traffic detected without corresponding DNS query: 198.211.146.23
Source: unknown	TCP traffic detected without corresponding DNS query: 68.243.46.81
Source: unknown	TCP traffic detected without corresponding DNS query: 179.13.201.132
Source: unknown	TCP traffic detected without corresponding DNS query: 218.60.89.128
Source: unknown	TCP traffic detected without corresponding DNS query: 119.101.3.34
Source: unknown	TCP traffic detected without corresponding DNS query: 167.171.192.12
Source: unknown	TCP traffic detected without corresponding DNS query: 115.32.114.50
Source: unknown	TCP traffic detected without corresponding DNS query: 205.96.234.201
Source: unknown	TCP traffic detected without corresponding DNS query: 143.208.48.180
Source: unknown	TCP traffic detected without corresponding DNS query: 118.243.234.36
Source: unknown	TCP traffic detected without corresponding DNS query: 213.11.84.17
Source: unknown	TCP traffic detected without corresponding DNS query: 138.15.209.62
Source: unknown	TCP traffic detected without corresponding DNS query: 140.200.124.48
Source: unknown	TCP traffic detected without corresponding DNS query: 197.211.57.85
Source: unknown	TCP traffic detected without corresponding DNS query: 38.75.239.230
Source: unknown	TCP traffic detected without corresponding DNS query: 88.173.151.60

Source: motd-news.27.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39316 version: TLS 1.2

System Summary:

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/1@0/0

Source: HdZIgkO5be

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Executes the "rm" command used to delete files or directories

Source: /usr/bin/dash (PID: 5265)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.H4Yec3gXhs /tmp/tmp.fjoJ0veOxV /tmp/tmp.nPTMpkeekC

Jump to behavior

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/HdZIgkO5be (PID: 5234)

Queries kernel information via 'uname':

Jump to behavior

Source: HdZIgkO5be, 5234.1.0000000031f49b14.00000000b5a8aa79.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: HdZIgkO5be, 5234.1.0000000092d8783c.0000000073ca24fd.rw-.sdmp	Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: HdZIgkO5be, 5234.1.0000000092d8783c.0000000073ca24fd.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: HdZIgkO5be, 5234.1.0000000031f49b14.00000000b5a8aa79.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/HdZIgkO5beSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HdZIgkO5be

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
64.133.121.28	unknown	United States	1239	SPRINTLINKUS	false
110.4.132.88	unknown	Japan	4685	ASAHI-NETAsahiNetJP	false
192.20.120.87	unknown	United States	14153	EDGECAST-IRUS	false
13.163.22.158	unknown	United States	7018	ATT-INTERNET4US	false
48.76.175.244	unknown	United States	2686	ATGS-MMD-ASUS	false
64.155.235.85	unknown	United States	3356	LEVEL3US	false
206.141.247.32	unknown	United States	7132	SBIS-ASUS	false
42.128.68.101	unknown	China	4249	LILLY-ASUS	false
131.22.137.74	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
42.30.112.85	unknown	Korea Republic of	9644	SKTELECOM-NET-ASSKTelecomKR	false
80.138.21.138	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
74.39.79.11	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
106.146.245.154	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
140.246.119.194	unknown	China	58519	CHINATELECOM-CTCLOUDCloudComputingCorporationCN	false
156.152.214.245	unknown	United States	71	HP-INTERNET-ASUS	false
45.220.66.178	unknown	Seychelles	22769	DDOSING-BGP-NETWORKUS	false
59.146.137.204	unknown	Japan	2527	SO-NETSo-netEntertainmentCorporationJP	false
54.209.193.64	unknown	United States	14618	AMAZON-AESUS	false
57.75.159.6	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
139.34.57.100	unknown	United States	9905	LINKNET-ID-APLinknetASNID	false
88.39.187.28	unknown	Italy	3269	ASN-IBSNAZIT	false
109.49.71.237	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
178.201.60.193	unknown	Germany	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
98.55.87.226	unknown	United States	7922	COMCAST-7922US	false
108.163.174.131	unknown	Canada	32613	IWEB-ASCA	false
209.158.237.86	unknown	United States	701	UUNETUS	false
211.80.251.197	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
103.227.88.150	unknown	Hong Kong	134078	NETPLUZ-AS-APNETPLUZHOLDINGSPRIVATELIMITEDSG	false
80.247.97.154	unknown	Russian Federation	21365	INTELECA-ASRussiaBarnaulRU	false
97.211.140.133	unknown	United States	6167	CELLCO-PARTUS	false
37.2.172.136	unknown	Sweden	1257	TELE2EU	false
153.176.2.177	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
153.173.231.69	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
77.179.253.44	unknown	Germany	6805	TDDE-ASN1DE	false
206.24.109.11	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
192.227.172.222	unknown	United States	36352	AS-COLOCROSSINGUS	false
42.180.134.40	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
134.218.234.55	unknown	United States	22586	AS22586US	false
97.185.107.185	unknown	United States	6167	CELLCO-PARTUS	false
42.54.69.60	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
2.53.80.24	unknown	Israel	12400	PARTNER-ASIL	false
17.125.181.191	unknown	United States	714	APPLE-ENGINEERINGUS	false
138.118.91.230	unknown	Brazil	262485	SCRIOTELECOMUNICACOESEINFORMATICALTDABR	false
96.43.47.102	unknown	United States	23404	RITTERNETUS	false
5.55.222.216	unknown	Greece	3329	HOL-GRAthensGreeceGR	false
12.139.76.108	unknown	United States	7018	ATT-INTERNET4US	false
66.40.171.253	unknown	Canada	13768	COGECO-PEER1CA	false
119.161.182.40	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	false
45.53.108.14	unknown	United States	5650	FRONTIER-FRTRUS	false
121.165.152.110	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
139.34.113.220	unknown	United States	9905	LINKNET-ID-APLinknetASNID	false
40.151.134.6	unknown	United States	4249	LILLY-ASUS	false
2.53.79.49	unknown	Israel	12400	PARTNER-ASIL	false
25.94.196.216	unknown	United Kingdom	7922	COMCAST-7922US	false
51.110.38.67	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
63.43.226.219	unknown	United States	22394	CELLCOUS	false
43.52.108.99	unknown	Japan	4249	LILLY-ASUS	false
154.235.180.205	unknown	Cote D'ivoire	36974	AFNET-ASCI	false
13.209.107.25	unknown	United States	16509	AMAZON-02US	false
27.221.202.131	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
176.202.208.137	unknown	Qatar	8781	QA-ISPQA	false
38.31.207.157	unknown	United States	174	COGENT-174US	false
134.158.112.54	unknown	France	789	IN2P3IN2P3AutonomousSystemEU	false
82.116.89.3	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
63.88.124.112	unknown	United States	701	UUNETUS	false
13.181.20.246	unknown	United States	7018	ATT-INTERNET4US	false
159.15.172.185	unknown	United Kingdom	8897	KCOM-SPNService-ProviderNetworkex-MistralGB	false
174.126.143.65	unknown	United States	11492	CABLEONEUS	false
61.38.180.140	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
204.216.163.145	unknown	United States	4544	CONXION-AUS	false
206.74.116.46	unknown	United States	12208	TRUVISTAUS	false
13.106.20.155	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
67.28.217.149	unknown	United States	202818	LEVEL3COMMUNICATIONSFR	false
123.143.60.52	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
93.73.21.206	unknown	Ukraine	25229	VOLIA-ASUA	false
67.219.84.252	unknown	United States	11492	CABLEONEUS	false
103.101.14.43	unknown	China	23734	NETROUTINGINC-AS-APNetroutingIncUS	false
52.233.156.230	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.60.165.23	unknown	United States	2686	ATGS-MMD-ASUS	false
138.7.41.118	unknown	Australia	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
113.236.231.12	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
88.125.199.114	unknown	France	12322	PROXADFR	false
117.35.190.95	unknown	China	4835	CHINANET-IDC-SNChinaTelecomGroupCN	false
87.198.85.91	unknown	Ireland	34245	MAGNET-ASIE	false
44.140.71.217	unknown	United States	1653	SUNETSUNETSwedishUniversityNetworkEU	false
195.231.25.126	unknown	Italy	202242	ARUBA-CLOUDIT	false
118.28.235.118	unknown	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
73.37.39.244	unknown	United States	7922	COMCAST-7922US	false
89.41.195.75	unknown	Iran (ISLAMIC Republic Of)	57218	RIGHTELIR	false
106.252.34.137	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
162.237.151.226	unknown	United States	7018	ATT-INTERNET4US	false
51.108.249.23	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
168.11.100.139	unknown	United States	3480	PEACHNET-AS2US	false
199.172.104.169	unknown	United States	701	UUNETUS	false
46.63.231.119	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
120.99.177.30	unknown	Taiwan; Republic of China (ROC)	17716	NTU-TWNationalTaiwanUniversityTW	false
132.28.253.212	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
94.184.96.7	unknown	Iran (ISLAMIC Republic Of)	6736	IRANET-IPMInstituteforResearchinFundamentalSciencesI	false
44.25.148.202	unknown	United States	63479	HAMWANUS	false
76.15.160.88	unknown	United States	12271	TWC-12271-NYCUS	false

Name	Type	MD5	SHA1	SHA256
/var/cache/motd-news	ASCII text	DD514F892B5F93ED615D366E58AC58AF	BA75EDB3C2232CC260BC187F604DC8F25AA72C11	F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF

AV Detection:

Multi AV Scanner detection for submitted file

Source: HdZIgkO5be	Virustotal: Detection: 50%			Perma Link
Source: HdZIgkO5be	ReversingLabs: Detection: 48%

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39316 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44504
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44504
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39712
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39712
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44606
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44606
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 78.108.27.163:23 -> 192.168.2.23:54086
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39768
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 716 INFO TELNET access 24.35.148.69:23 -> 192.168.2.23:60932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.44.116.104:23 -> 192.168.2.23:49354
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.44.116.104:23 -> 192.168.2.23:49354
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44656
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44656
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39808
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39808
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33766
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33766
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44706
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44706
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39882
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39882
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33832
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33832
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44766
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44766
Source: Traffic	Snort IDS: 716 INFO TELNET access 36.91.71.101:23 -> 192.168.2.23:33196
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 716 INFO TELNET access 24.35.148.69:23 -> 192.168.2.23:32876
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33916
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33916
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44842
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39978
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.44.116.104:23 -> 192.168.2.23:49554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.44.116.104:23 -> 192.168.2.23:49554
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44874
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44874

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:36892 -> 137.184.153.228:9931
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.177.46.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.227.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.75.127.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 131.187.92.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 167.171.192.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.211.57.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.52.179.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.30.112.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.127.118.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.60.85.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.195.240.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.6.184.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.189.255.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 76.105.193.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.232.113.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.98.65.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.13.58.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 175.207.49.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.50.80.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.56.113.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.11.79.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.44.1.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.50.90.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.46.223.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.84.176.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 165.62.208.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.22.70.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.204.186.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.1.82.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 71.22.168.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.117.100.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 46.107.69.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.168.89.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.210.204.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 5.145.183.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.32.180.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.138.219.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 108.126.206.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 190.156.45.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.106.145.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.97.136.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 121.19.39.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.41.170.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.173.158.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.234.189.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 200.197.71.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.60.131.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.148.183.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.151.240.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.42.26.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.110.132.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 92.191.89.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 126.242.35.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.30.208.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 38.134.234.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 57.44.9.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 24.131.165.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.163.198.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.115.157.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.249.104.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.248.247.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.132.209.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 37.71.89.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.164.155.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.192.167.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.6.213.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.96.120.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.47.134.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 25.25.27.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.66.231.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 73.51.77.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.83.164.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 125.65.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.186.34.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.255.130.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.48.192.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 82.175.217.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 86.211.184.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.61.147.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 65.219.33.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 155.157.158.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.118.143.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.177.178.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.151.41.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 166.247.4.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.136.238.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.9.46.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.82.90.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.230.115.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.87.228.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 117.195.105.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.148.115.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.129.93.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.27.92.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.117.194.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.35.214.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.34.192.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.104.10.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.142.172.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.215.179.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.207.155.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 154.1.22.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.244.186.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 78.250.206.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.5.236.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.212.2.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 187.61.44.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 41.45.53.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.126.69.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.238.26.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.164.152.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.235.61.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.148.129.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.76.79.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.250.171.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.88.114.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.194.223.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.60.244.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.15.173.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 73.65.92.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.169.170.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.15.110.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.196.111.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 52.42.160.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 99.164.196.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.76.52.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.16.198.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.101.125.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.138.67.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 59.136.63.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.73.40.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 77.226.158.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.215.146.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 86.15.173.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 12.163.82.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.7.246.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 131.112.143.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 139.25.207.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.138.165.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.19.79.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.189.145.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.103.66.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 186.196.51.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.91.94.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 142.245.27.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 149.165.101.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.77.86.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.255.129.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.172.113.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 43.223.218.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.22.252.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.111.16.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.55.194.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.24.195.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.129.20.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 223.42.135.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.114.229.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.234.114.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.197.101.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.12.243.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.125.7.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.32.26.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.223.162.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 75.31.34.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 1.106.85.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.65.218.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.113.148.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.110.59.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 182.38.80.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.59.62.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.205.57.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.167.184.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.145.182.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 85.36.207.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.17.98.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.179.114.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 154.164.133.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.91.93.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.144.162.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.165.39.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 184.224.214.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.101.216.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.170.200.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.176.142.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 176.0.179.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 170.209.153.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.1.140.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.147.178.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.51.247.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.19.27.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 35.92.29.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 216.207.30.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.47.255.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.49.250.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.155.200.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.140.0.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.97.250.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.226.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.11.100.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 137.107.248.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 208.72.45.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.2.115.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.17.128.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.160.147.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.102.154.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.230.9.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.111.226.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.122.12.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.53.163.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 125.185.67.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.148.77.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 72.105.135.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.8.251.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.140.64.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.79.148.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.139.133.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.235.117.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.144.75.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.69.37.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 19.109.113.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.109.60.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 25.37.32.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 76.137.144.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.131.252.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.30.116.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 177.51.46.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.41.0.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.208.202.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.253.243.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 99.27.44.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.223.18.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.108.117.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.199.241.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.93.128.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 180.9.10.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.137.243.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.138.168.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 67.143.81.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.170.39.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 163.249.54.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.111.121.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.143.94.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.14.50.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.157.251.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.27.104.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.98.46.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.198.152.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.246.80.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 160.79.100.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.41.249.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.225.131.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.54.61.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 177.50.107.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 117.135.144.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 122.148.114.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.111.193.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.184.115.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 200.56.56.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.240.117.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 156.46.208.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.102.64.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 180.124.161.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.143.140.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.249.36.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.25.99.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 34.149.77.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.79.144.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.219.110.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.147.217.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.45.174.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 17.181.78.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 118.89.54.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.92.235.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 222.155.1.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.103.190.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 43.138.17.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 71.233.87.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.34.240.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 189.139.201.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.127.86.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.148.11.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.92.222.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.212.238.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.199.230.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.62.1.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.57.240.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 110.156.216.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.213.212.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.175.167.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.142.60.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.107.93.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 109.14.41.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.240.200.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 194.163.25.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 67.12.89.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.83.220.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.76.170.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 92.75.23.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.118.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.186.47.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 103.107.80.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.176.196.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.39.196.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 107.158.119.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.249.213.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.96.213.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.46.234.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.96.179.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.52.46.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.28.43.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.62.15.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 9.157.81.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.217.165.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.240.9.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.52.86.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.187.209.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.104.91.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 97.83.119.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.160.126.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 176.253.254.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 103.119.137.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.12.65.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 18.135.162.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 189.65.10.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 35.93.31.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 170.97.125.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.245.178.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.147.17.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 213.75.221.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 218.84.111.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.70.178.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.52.253.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.111.251.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.38.66.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.148.64.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.177.129.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.72.79.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 54.192.230.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.151.156.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.110.26.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.37.94.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.195.156.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.245.169.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 115.61.160.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.183.185.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.173.241.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 37.182.235.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.165.172.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 137.178.159.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.240.229.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.31.29.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 9.82.57.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.51.57.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.17.9.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 110.251.125.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 130.145.136.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.66.55.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.203.7.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.85.242.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.203.114.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.151.167.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 1.239.86.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.24.38.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.35.230.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.40.93.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.134.157.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.111.205.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.33.103.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.141.103.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 118.24.91.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.172.157.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.210.164.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.96.213.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 75.50.215.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.145.253.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.175.190.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 46.122.101.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.29.26.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.142.80.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.156.45.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 74.43.9.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.14.92.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.218.142.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.4.99.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.83.146.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.14.127.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.231.25.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.91.17.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.12.188.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 77.82.39.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.171.154.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.203.163.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 175.86.225.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 133.153.8.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.230.114.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 213.160.79.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.196.217.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.139.24.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 151.128.66.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.249.174.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.7.101.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.120.175.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.243.207.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 156.42.229.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.153.149.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.144.251.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.67.69.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.202.162.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 27.17.78.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 160.51.19.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.116.244.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.200.201.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.47.127.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.81.44.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.173.97.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 184.7.253.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.216.121.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.148.63.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.134.98.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.131.229.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.193.222.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.154.26.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.235.220.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.27.96.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.168.23.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 27.121.204.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.218.4.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.150.27.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.0.67.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.159.115.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.27.213.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.146.101.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.68.107.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.250.5.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.228.255.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.199.211.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.188.92.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.214.29.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.13.199.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 65.94.102.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.220.181.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.96.169.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.80.225.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.79.78.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.30.94.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.30.79.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 54.36.26.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.244.17.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.215.99.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 41.225.94.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.187.28.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.37.89.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.69.201.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.118.47.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.96.53.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.198.113.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.93.25.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.226.99.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.109.204.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.1.123.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.58.239.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 57.48.130.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.153.118.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.141.167.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.241.141.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 186.231.171.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.228.134.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.157.26.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.131.100.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.19.181.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 81.212.84.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 42.138.255.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.139.52.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 24.240.192.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.164.152.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.42.54.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 122.216.247.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.145.40.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 101.132.232.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.153.106.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.197.110.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 130.98.41.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.146.32.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 91.53.130.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 72.239.19.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.138.47.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.43.47.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.105.225.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.118.188.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.59.81.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.110.66.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 134.249.251.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.101.176.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.183.73.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.212.227.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.135.142.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 97.36.179.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 218.87.115.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.47.156.67:2323

Sample listens on a socket

Source: /tmp/HdZIgkO5be (PID: 5234)

Socket: 127.0.0.1::1926

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39316
Source: unknown	Network traffic detected: HTTP traffic on port 39316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 137.184.153.228
Source: unknown	TCP traffic detected without corresponding DNS query: 124.177.46.61
Source: unknown	TCP traffic detected without corresponding DNS query: 185.195.91.61
Source: unknown	TCP traffic detected without corresponding DNS query: 151.88.234.61
Source: unknown	TCP traffic detected without corresponding DNS query: 182.127.94.25
Source: unknown	TCP traffic detected without corresponding DNS query: 162.221.64.62
Source: unknown	TCP traffic detected without corresponding DNS query: 14.103.167.177
Source: unknown	TCP traffic detected without corresponding DNS query: 183.82.130.208
Source: unknown	TCP traffic detected without corresponding DNS query: 81.6.74.34
Source: unknown	TCP traffic detected without corresponding DNS query: 78.239.87.237
Source: unknown	TCP traffic detected without corresponding DNS query: 106.53.154.131
Source: unknown	TCP traffic detected without corresponding DNS query: 32.227.82.200
Source: unknown	TCP traffic detected without corresponding DNS query: 115.193.190.102
Source: unknown	TCP traffic detected without corresponding DNS query: 66.120.40.238
Source: unknown	TCP traffic detected without corresponding DNS query: 70.125.244.82
Source: unknown	TCP traffic detected without corresponding DNS query: 118.200.193.237
Source: unknown	TCP traffic detected without corresponding DNS query: 133.139.104.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.177.37.122
Source: unknown	TCP traffic detected without corresponding DNS query: 176.208.182.94
Source: unknown	TCP traffic detected without corresponding DNS query: 111.228.203.122
Source: unknown	TCP traffic detected without corresponding DNS query: 136.76.154.94
Source: unknown	TCP traffic detected without corresponding DNS query: 80.160.249.207
Source: unknown	TCP traffic detected without corresponding DNS query: 63.75.127.220
Source: unknown	TCP traffic detected without corresponding DNS query: 117.199.173.81
Source: unknown	TCP traffic detected without corresponding DNS query: 135.221.17.157
Source: unknown	TCP traffic detected without corresponding DNS query: 208.175.103.211
Source: unknown	TCP traffic detected without corresponding DNS query: 161.75.244.81
Source: unknown	TCP traffic detected without corresponding DNS query: 221.83.26.63
Source: unknown	TCP traffic detected without corresponding DNS query: 162.144.115.119
Source: unknown	TCP traffic detected without corresponding DNS query: 176.222.80.101
Source: unknown	TCP traffic detected without corresponding DNS query: 131.187.92.6
Source: unknown	TCP traffic detected without corresponding DNS query: 92.174.234.143
Source: unknown	TCP traffic detected without corresponding DNS query: 99.102.116.204
Source: unknown	TCP traffic detected without corresponding DNS query: 198.211.146.23
Source: unknown	TCP traffic detected without corresponding DNS query: 68.243.46.81
Source: unknown	TCP traffic detected without corresponding DNS query: 179.13.201.132
Source: unknown	TCP traffic detected without corresponding DNS query: 218.60.89.128
Source: unknown	TCP traffic detected without corresponding DNS query: 119.101.3.34
Source: unknown	TCP traffic detected without corresponding DNS query: 167.171.192.12
Source: unknown	TCP traffic detected without corresponding DNS query: 115.32.114.50
Source: unknown	TCP traffic detected without corresponding DNS query: 205.96.234.201
Source: unknown	TCP traffic detected without corresponding DNS query: 143.208.48.180
Source: unknown	TCP traffic detected without corresponding DNS query: 118.243.234.36
Source: unknown	TCP traffic detected without corresponding DNS query: 213.11.84.17
Source: unknown	TCP traffic detected without corresponding DNS query: 138.15.209.62
Source: unknown	TCP traffic detected without corresponding DNS query: 140.200.124.48
Source: unknown	TCP traffic detected without corresponding DNS query: 197.211.57.85
Source: unknown	TCP traffic detected without corresponding DNS query: 38.75.239.230
Source: unknown	TCP traffic detected without corresponding DNS query: 88.173.151.60

Source: motd-news.27.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39316 version: TLS 1.2

System Summary:

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/1@0/0

Source: HdZIgkO5be

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Executes the "rm" command used to delete files or directories

Source: /usr/bin/dash (PID: 5265)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.H4Yec3gXhs /tmp/tmp.fjoJ0veOxV /tmp/tmp.nPTMpkeekC

Jump to behavior

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/HdZIgkO5be (PID: 5234)

Queries kernel information via 'uname':

Jump to behavior

Source: HdZIgkO5be, 5234.1.0000000031f49b14.00000000b5a8aa79.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: HdZIgkO5be, 5234.1.0000000092d8783c.0000000073ca24fd.rw-.sdmp	Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: HdZIgkO5be, 5234.1.0000000092d8783c.0000000073ca24fd.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: HdZIgkO5be, 5234.1.0000000031f49b14.00000000b5a8aa79.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/HdZIgkO5beSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HdZIgkO5be

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	514677
Product:	CloudBasic
Start time:	14:34:03
Start date:	03.11.2021
Sample:	HdZIgkO5be
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	1b5dfd49454f3d7fe8e518f904c88bc7
SHA1:	560ba6f16c235b269669d8bb8c6367045e521617
SHA256:	743ebdcaf8b0255212578ac797f920df17daba5f8036fb2f6c942316a2524d22
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report HdZIgkO5be

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs