Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
Sample name: | na.elf |
Analysis ID: | 1527155 |
MD5: | b62608fc8c70ed0fe3c94d4d5f9a5e3b |
SHA1: | 0654354e24aa5569e186e1d1803ee89a26499620 |
SHA256: | 572aa55da45135ec9af20112ba11837f04fba996a5abd6c0832ba24c4737fd5e |
Tags: | elfMiraiuser-abuse_ch |
Infos: |
Detection
Mirai, Moobot
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Detected Mirai
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Moobot
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1527155 |
Start date and time: | 2024-10-06 21:34:14 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal84.troj.evad.linELF@0/0@16/0 |
- VT rate limit hit for: na.elf
Command: | /tmp/na.elf |
PID: | 6228 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | listening to tun0 |
Standard Error: |
- system is lnxubuntu20
- na.elf New Fork (PID: 6232, Parent: 6228)
- dash New Fork (PID: 6236, Parent: 4331)
- dash New Fork (PID: 6237, Parent: 4331)
- dash New Fork (PID: 6238, Parent: 4331)
- dash New Fork (PID: 6239, Parent: 4331)
- dash New Fork (PID: 6240, Parent: 4331)
- dash New Fork (PID: 6241, Parent: 4331)
- dash New Fork (PID: 6242, Parent: 4331)
- dash New Fork (PID: 6243, Parent: 4331)
- dash New Fork (PID: 6244, Parent: 4331)
- dash New Fork (PID: 6245, Parent: 4331)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
MooBot | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Moobot | Yara detected Moobot | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Moobot | Yara detected Moobot | Joe Security | ||
JoeSecurity_Moobot | Yara detected Moobot | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-06T21:35:07.462181+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39194 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:15.072793+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39196 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:20.716404+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39198 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:26.406642+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39200 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:37.041572+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39202 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:40.671372+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39204 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:48.316492+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39206 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:55.949278+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39208 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:04.641419+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39210 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:13.731409+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39212 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:19.403568+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39214 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:31.269637+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39216 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:38.900624+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39218 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:49.562204+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39220 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:59.198461+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39222 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:37:10.824477+0200 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 39224 | 158.220.114.75 | 55650 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | LINUX/Mirai.bonb |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dump.hduak.site | 158.220.114.75 | true | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
158.220.114.75 | dump.hduak.site | Switzerland | 8556 | LEVANTISCH | true | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54.171.230.55 | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | ||
Get hash | malicious | Moobot | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Xmrig | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
158.220.114.75 | Get hash | malicious | Mirai, Moobot | Browse | ||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Mirai, Moobot | Browse | |||
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
dump.hduak.site | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
LEVANTISCH | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PikaBot | Browse |
| ||
Get hash | malicious | PikaBot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
AMAZON-02US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Porn Scam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.799023461744131 |
TrID: |
|
File name: | na.elf |
File size: | 47'220 bytes |
MD5: | b62608fc8c70ed0fe3c94d4d5f9a5e3b |
SHA1: | 0654354e24aa5569e186e1d1803ee89a26499620 |
SHA256: | 572aa55da45135ec9af20112ba11837f04fba996a5abd6c0832ba24c4737fd5e |
SHA512: | 538406b6dfb8f890c85375938e69dbfa00369b48a4d409790009116db8f7af13f4ae0c0967050034ae85b78ae093413610ec3466e3a7ebe1860a06cbad9f3b72 |
SSDEEP: | 768:0ad/hnrsPxgOH59EEvo9Nhq/lJPtsqFa/xDPzC7o+CqEprCrf:0ad/tsFZ/o9Nhs4Jvz+EhCr |
TLSH: | 1E239EF3C02DDD98C54902797A285E3D5723F50086272EFB5E9A86A59007EECF50A7F1 |
File Content Preview: | .ELF..............*.......@.4...........4. ...(...............@...@.x...x...............|...|.A.|.A.(...0...........Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 46820 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0xa9e0 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x40aac0 | 0xaac0 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40aae4 | 0xaae4 | 0x994 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x41b47c | 0xb47c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x41b484 | 0xb484 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x41b490 | 0xb490 | 0x214 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x41b6a4 | 0xb6a4 | 0x308 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xb6a4 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0xb478 | 0xb478 | 6.8459 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xb47c | 0x41b47c | 0x41b47c | 0x228 | 0x530 | 2.9928 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-06T21:35:07.462181+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39194 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:15.072793+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39196 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:20.716404+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39198 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:26.406642+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39200 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:37.041572+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39202 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:40.671372+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39204 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:48.316492+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39206 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:35:55.949278+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39208 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:04.641419+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39210 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:13.731409+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39212 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:19.403568+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39214 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:31.269637+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39216 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:38.900624+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39218 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:49.562204+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39220 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:36:59.198461+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39222 | 158.220.114.75 | 55650 | TCP |
2024-10-06T21:37:10.824477+0200 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.23 | 39224 | 158.220.114.75 | 55650 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 6, 2024 21:35:00.451812983 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 6, 2024 21:35:05.827069044 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 6, 2024 21:35:07.362848043 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 6, 2024 21:35:07.429359913 CEST | 39194 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:07.434304953 CEST | 55650 | 39194 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:07.434412956 CEST | 39194 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:07.462181091 CEST | 39194 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:07.467247009 CEST | 55650 | 39194 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:09.056268930 CEST | 55650 | 39194 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:09.056829929 CEST | 39194 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:09.061703920 CEST | 55650 | 39194 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:10.419879913 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.419900894 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.419913054 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.420021057 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.420022011 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.420022011 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.420795918 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.425693989 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.613645077 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.613770008 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.613954067 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.618886948 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.810775042 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.810980082 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.812105894 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:10.817435026 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Oct 6, 2024 21:35:10.817478895 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Oct 6, 2024 21:35:15.066945076 CEST | 39196 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:15.071860075 CEST | 55650 | 39196 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:15.071935892 CEST | 39196 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:15.072793007 CEST | 39196 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:15.077749968 CEST | 55650 | 39196 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:16.699542046 CEST | 55650 | 39196 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:16.699779987 CEST | 39196 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:16.704797029 CEST | 55650 | 39196 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:20.710575104 CEST | 39198 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:20.715507984 CEST | 55650 | 39198 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:20.715652943 CEST | 39198 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:20.716403961 CEST | 39198 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:20.721189022 CEST | 55650 | 39198 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:22.208900928 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 6, 2024 21:35:22.336365938 CEST | 55650 | 39198 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:22.336677074 CEST | 39198 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:22.341413975 CEST | 55650 | 39198 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:26.400934935 CEST | 39200 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:26.405896902 CEST | 55650 | 39200 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:26.405971050 CEST | 39200 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:26.406641960 CEST | 39200 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:26.411516905 CEST | 55650 | 39200 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:28.025041103 CEST | 55650 | 39200 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:28.025378942 CEST | 39200 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:28.030292988 CEST | 55650 | 39200 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:32.447551966 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 6, 2024 21:35:37.035239935 CEST | 39202 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:37.040131092 CEST | 55650 | 39202 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:37.040226936 CEST | 39202 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:37.041572094 CEST | 39202 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:37.046411991 CEST | 55650 | 39202 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:38.590711117 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 6, 2024 21:35:38.653481960 CEST | 55650 | 39202 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:38.653723001 CEST | 39202 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:38.658720016 CEST | 55650 | 39202 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:40.664963961 CEST | 39204 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:40.669867992 CEST | 55650 | 39204 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:40.669954062 CEST | 39204 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:40.671371937 CEST | 39204 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:40.676148891 CEST | 55650 | 39204 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:42.290216923 CEST | 55650 | 39204 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:42.290461063 CEST | 39204 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:42.295361042 CEST | 55650 | 39204 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:48.309956074 CEST | 39206 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:48.315393925 CEST | 55650 | 39206 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:48.315494061 CEST | 39206 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:48.316492081 CEST | 39206 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:48.321291924 CEST | 55650 | 39206 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:49.932660103 CEST | 55650 | 39206 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:49.932845116 CEST | 39206 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:49.937835932 CEST | 55650 | 39206 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:55.943449974 CEST | 39208 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:55.948282957 CEST | 55650 | 39208 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:55.948415041 CEST | 39208 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:55.949278116 CEST | 39208 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:55.954935074 CEST | 55650 | 39208 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:57.592699051 CEST | 55650 | 39208 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:35:57.592912912 CEST | 39208 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:35:57.597745895 CEST | 55650 | 39208 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:03.163170099 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 6, 2024 21:36:04.635149956 CEST | 39210 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:04.640055895 CEST | 55650 | 39210 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:04.640156984 CEST | 39210 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:04.641418934 CEST | 39210 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:04.646270037 CEST | 55650 | 39210 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:06.284204006 CEST | 55650 | 39210 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:06.284632921 CEST | 39210 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:06.289554119 CEST | 55650 | 39210 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:13.725126028 CEST | 39212 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:13.729964018 CEST | 55650 | 39212 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:13.730206013 CEST | 39212 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:13.731409073 CEST | 39212 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:13.736234903 CEST | 55650 | 39212 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:15.355652094 CEST | 55650 | 39212 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:15.355860949 CEST | 39212 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:15.360785007 CEST | 55650 | 39212 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:19.397485971 CEST | 39214 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:19.402462006 CEST | 55650 | 39214 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:19.402537107 CEST | 39214 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:19.403568029 CEST | 39214 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:19.408385992 CEST | 55650 | 39214 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:21.025449991 CEST | 55650 | 39214 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:21.025712967 CEST | 39214 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:21.030589104 CEST | 55650 | 39214 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:31.263326883 CEST | 39216 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:31.268421888 CEST | 55650 | 39216 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:31.268500090 CEST | 39216 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:31.269637108 CEST | 39216 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:31.274451971 CEST | 55650 | 39216 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:32.885205984 CEST | 55650 | 39216 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:32.885387897 CEST | 39216 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:32.890259027 CEST | 55650 | 39216 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:38.894514084 CEST | 39218 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:38.899584055 CEST | 55650 | 39218 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:38.899672031 CEST | 39218 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:38.900624037 CEST | 39218 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:38.905533075 CEST | 55650 | 39218 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:40.543015003 CEST | 55650 | 39218 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:40.543282032 CEST | 39218 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:40.548121929 CEST | 55650 | 39218 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:49.556140900 CEST | 39220 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:49.561119080 CEST | 55650 | 39220 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:49.561188936 CEST | 39220 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:49.562203884 CEST | 39220 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:49.567049026 CEST | 55650 | 39220 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:51.181760073 CEST | 55650 | 39220 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:51.181996107 CEST | 39220 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:51.186965942 CEST | 55650 | 39220 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:59.191915035 CEST | 39222 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:59.196885109 CEST | 55650 | 39222 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:36:59.197022915 CEST | 39222 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:59.198461056 CEST | 39222 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:36:59.203315020 CEST | 55650 | 39222 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:37:00.807594061 CEST | 55650 | 39222 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:37:00.808120012 CEST | 39222 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:37:00.813056946 CEST | 55650 | 39222 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:37:10.818320990 CEST | 39224 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:37:10.823309898 CEST | 55650 | 39224 | 158.220.114.75 | 192.168.2.23 |
Oct 6, 2024 21:37:10.823432922 CEST | 39224 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:37:10.824476957 CEST | 39224 | 55650 | 192.168.2.23 | 158.220.114.75 |
Oct 6, 2024 21:37:10.829508066 CEST | 55650 | 39224 | 158.220.114.75 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 6, 2024 21:35:07.390213013 CEST | 44545 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:07.397396088 CEST | 53 | 44545 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:15.058753014 CEST | 58654 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:15.066023111 CEST | 53 | 58654 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:20.702138901 CEST | 46047 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:20.709974051 CEST | 53 | 46047 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:26.339240074 CEST | 40952 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:26.400208950 CEST | 53 | 40952 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:37.027434111 CEST | 35565 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:37.034415007 CEST | 53 | 35565 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:40.657156944 CEST | 50193 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:40.664371014 CEST | 53 | 50193 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:48.293682098 CEST | 46002 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:48.309053898 CEST | 53 | 46002 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:35:55.934926987 CEST | 51104 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:35:55.942770958 CEST | 53 | 51104 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:04.595731974 CEST | 51616 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:04.633924961 CEST | 53 | 51616 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:13.286860943 CEST | 46436 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:13.723704100 CEST | 53 | 46436 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:19.357673883 CEST | 51940 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:19.396744013 CEST | 53 | 51940 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:31.028254986 CEST | 44356 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:31.262442112 CEST | 53 | 44356 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:38.887082100 CEST | 45503 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:38.894025087 CEST | 53 | 45503 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:49.544950008 CEST | 37520 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:49.555378914 CEST | 53 | 37520 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:36:59.184128046 CEST | 40694 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:36:59.191241980 CEST | 53 | 40694 | 8.8.8.8 | 192.168.2.23 |
Oct 6, 2024 21:37:10.810172081 CEST | 42089 | 53 | 192.168.2.23 | 8.8.8.8 |
Oct 6, 2024 21:37:10.817651987 CEST | 53 | 42089 | 8.8.8.8 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 6, 2024 21:35:07.390213013 CEST | 192.168.2.23 | 8.8.8.8 | 0x8fc4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:15.058753014 CEST | 192.168.2.23 | 8.8.8.8 | 0x82d8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:20.702138901 CEST | 192.168.2.23 | 8.8.8.8 | 0xc683 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:26.339240074 CEST | 192.168.2.23 | 8.8.8.8 | 0x262e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:37.027434111 CEST | 192.168.2.23 | 8.8.8.8 | 0xd4ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:40.657156944 CEST | 192.168.2.23 | 8.8.8.8 | 0x87cf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:48.293682098 CEST | 192.168.2.23 | 8.8.8.8 | 0x92b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:35:55.934926987 CEST | 192.168.2.23 | 8.8.8.8 | 0xd78e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:04.595731974 CEST | 192.168.2.23 | 8.8.8.8 | 0xb885 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:13.286860943 CEST | 192.168.2.23 | 8.8.8.8 | 0x385d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:19.357673883 CEST | 192.168.2.23 | 8.8.8.8 | 0x7b94 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:31.028254986 CEST | 192.168.2.23 | 8.8.8.8 | 0x1425 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:38.887082100 CEST | 192.168.2.23 | 8.8.8.8 | 0x4fef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:49.544950008 CEST | 192.168.2.23 | 8.8.8.8 | 0x5a6f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:36:59.184128046 CEST | 192.168.2.23 | 8.8.8.8 | 0x17f1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 21:37:10.810172081 CEST | 192.168.2.23 | 8.8.8.8 | 0x48ac | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 6, 2024 21:35:07.397396088 CEST | 8.8.8.8 | 192.168.2.23 | 0x8fc4 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:15.066023111 CEST | 8.8.8.8 | 192.168.2.23 | 0x82d8 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:20.709974051 CEST | 8.8.8.8 | 192.168.2.23 | 0xc683 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:26.400208950 CEST | 8.8.8.8 | 192.168.2.23 | 0x262e | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:37.034415007 CEST | 8.8.8.8 | 192.168.2.23 | 0xd4ee | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:40.664371014 CEST | 8.8.8.8 | 192.168.2.23 | 0x87cf | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:48.309053898 CEST | 8.8.8.8 | 192.168.2.23 | 0x92b9 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:35:55.942770958 CEST | 8.8.8.8 | 192.168.2.23 | 0xd78e | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:04.633924961 CEST | 8.8.8.8 | 192.168.2.23 | 0xb885 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:13.723704100 CEST | 8.8.8.8 | 192.168.2.23 | 0x385d | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:19.396744013 CEST | 8.8.8.8 | 192.168.2.23 | 0x7b94 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:31.262442112 CEST | 8.8.8.8 | 192.168.2.23 | 0x1425 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:38.894025087 CEST | 8.8.8.8 | 192.168.2.23 | 0x4fef | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:49.555378914 CEST | 8.8.8.8 | 192.168.2.23 | 0x5a6f | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:36:59.191241980 CEST | 8.8.8.8 | 192.168.2.23 | 0x17f1 | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 21:37:10.817651987 CEST | 8.8.8.8 | 192.168.2.23 | 0x48ac | No error (0) | 158.220.114.75 | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Oct 6, 2024 21:35:10.419913054 CEST | 54.171.230.55 | 443 | 192.168.2.23 | 33606 | CN=motd.ubuntu.com CN=R10, O=Let's Encrypt, C=US | CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | Tue Aug 06 10:27:48 CEST 2024 Wed Mar 13 01:00:00 CET 2024 | Mon Nov 04 09:27:47 CET 2024 Sat Mar 13 00:59:59 CET 2027 | ||
CN=R10, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Wed Mar 13 01:00:00 CET 2024 | Sat Mar 13 00:59:59 CET 2027 |
System Behavior
Start time (UTC): | 19:34:59 |
Start date (UTC): | 06/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 19:35:06 |
Start date (UTC): | 06/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.oS3FoE8Jb0 /tmp/tmp.4mzvJzgfA7 /tmp/tmp.4d3NucQSd1 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.oS3FoE8Jb0 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.oS3FoE8Jb0 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 19:35:09 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.oS3FoE8Jb0 /tmp/tmp.4mzvJzgfA7 /tmp/tmp.4d3NucQSd1 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |