Linux Analysis Report
MY69DoYgp5.elf

Overview

General Information

Sample name: MY69DoYgp5.elf
renamed because original name is a hash value
Original sample name: 4362c850d7c29898c3ccbf8fe7314f7d.elf
Analysis ID: 1427780
MD5: 4362c850d7c29898c3ccbf8fe7314f7d
SHA1: 2a1605fb2a0fffe0c8fdcfb8b14703b1223debf8
SHA256: 348683f24dc13e4d8c299f2aff2c68e2b57ca50f86a84427b9a3dfd7d731b4ab
Tags: 32elfmiraisparc
Infos:

Detection

Mirai
Score: 88
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Contains symbols with names commonly found in malware
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara detected Mirai
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: MY69DoYgp5.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: MY69DoYgp5.elf ReversingLabs: Detection: 65%
Source: MY69DoYgp5.elf Virustotal: Detection: 61% Perma Link

Networking
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52848
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52850
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52854
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52858
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52874
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52880
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52890
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52886
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52900
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52908
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52910
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52916
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52918
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52926
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52928
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57108
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52934
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52936
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57118
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52946
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57126
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52952
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57130
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52956
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57136
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52962
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57142
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52972
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57150
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57156
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57160
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57166
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52986
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52996
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52998
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53004
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53036
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53040
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40920
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40920
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40930
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40952
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40962
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40964
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40970
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40974
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40980
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59856
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59860
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59864
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59872
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59874
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59878
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59880
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59886
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59888
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59894
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59898
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59892
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59902
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59908
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59914
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59918
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59944
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59954
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59960
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59962
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59966
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59970
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59976
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59988
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59994
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59934
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60014
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35698
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35698
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60070
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35724
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35736
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35748
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35764
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35792
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35820
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35850
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35874
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35888
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59074
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59142
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59156
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59190
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59198
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59218
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59236
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59264
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40588
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40616
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40636
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40670
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40766
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54476
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40782
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54496
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54514
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40782
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40804
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40846
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40862
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40862
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.15:55308 -> 87.120.84.160:1312
Sample listens on a socket
Source: /tmp/MY69DoYgp5.elf (PID: 5520) Socket: 0.0.0.0::0 Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) Socket: 0.0.0.0::23 Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) Socket: 0.0.0.0::53413 Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) Socket: 0.0.0.0::80 Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) Socket: 0.0.0.0::52869 Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) Socket: 0.0.0.0::37215 Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) Socket: 0.0.0.0::0 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.160
Source: unknown TCP traffic detected without corresponding DNS query: 65.54.175.96
Source: unknown TCP traffic detected without corresponding DNS query: 212.82.12.99
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.176.164
Source: unknown TCP traffic detected without corresponding DNS query: 198.138.72.88
Source: unknown TCP traffic detected without corresponding DNS query: 202.40.41.130
Source: unknown TCP traffic detected without corresponding DNS query: 223.224.202.146
Source: unknown TCP traffic detected without corresponding DNS query: 109.241.251.150
Source: unknown TCP traffic detected without corresponding DNS query: 95.94.242.116
Source: unknown TCP traffic detected without corresponding DNS query: 192.218.93.159
Source: unknown TCP traffic detected without corresponding DNS query: 69.217.30.218
Source: unknown TCP traffic detected without corresponding DNS query: 53.3.140.255
Source: unknown TCP traffic detected without corresponding DNS query: 2.94.131.9
Source: unknown TCP traffic detected without corresponding DNS query: 251.194.65.121
Source: unknown TCP traffic detected without corresponding DNS query: 185.47.246.199
Source: unknown TCP traffic detected without corresponding DNS query: 163.241.179.186
Source: unknown TCP traffic detected without corresponding DNS query: 203.42.74.96
Source: unknown TCP traffic detected without corresponding DNS query: 200.244.91.7
Source: unknown TCP traffic detected without corresponding DNS query: 152.23.35.141
Source: unknown TCP traffic detected without corresponding DNS query: 92.35.95.233
Source: unknown TCP traffic detected without corresponding DNS query: 188.191.35.141
Source: unknown TCP traffic detected without corresponding DNS query: 69.195.205.252
Source: unknown TCP traffic detected without corresponding DNS query: 79.23.107.188
Source: unknown TCP traffic detected without corresponding DNS query: 87.93.89.88
Source: unknown TCP traffic detected without corresponding DNS query: 165.189.139.246
Source: unknown TCP traffic detected without corresponding DNS query: 104.203.179.77
Source: unknown TCP traffic detected without corresponding DNS query: 221.232.175.191
Source: unknown TCP traffic detected without corresponding DNS query: 184.89.184.45
Source: unknown TCP traffic detected without corresponding DNS query: 187.222.35.156
Source: unknown TCP traffic detected without corresponding DNS query: 14.158.163.102
Source: unknown TCP traffic detected without corresponding DNS query: 145.15.21.128
Source: unknown TCP traffic detected without corresponding DNS query: 123.147.198.58
Source: unknown TCP traffic detected without corresponding DNS query: 244.255.179.30
Source: unknown TCP traffic detected without corresponding DNS query: 118.174.126.255
Source: unknown TCP traffic detected without corresponding DNS query: 118.4.83.105
Source: unknown TCP traffic detected without corresponding DNS query: 135.194.148.128
Source: unknown TCP traffic detected without corresponding DNS query: 202.43.170.120
Source: unknown TCP traffic detected without corresponding DNS query: 171.0.116.119
Source: unknown TCP traffic detected without corresponding DNS query: 166.6.15.187
Source: unknown TCP traffic detected without corresponding DNS query: 155.159.50.251
Source: unknown TCP traffic detected without corresponding DNS query: 216.106.138.183
Source: unknown TCP traffic detected without corresponding DNS query: 152.236.12.222
Source: unknown TCP traffic detected without corresponding DNS query: 143.234.238.213
Source: unknown TCP traffic detected without corresponding DNS query: 75.255.134.162
Source: unknown TCP traffic detected without corresponding DNS query: 199.5.83.177
Source: unknown TCP traffic detected without corresponding DNS query: 36.226.78.145
Source: unknown TCP traffic detected without corresponding DNS query: 192.114.181.39
Source: unknown TCP traffic detected without corresponding DNS query: 97.159.125.28
Source: unknown TCP traffic detected without corresponding DNS query: 217.179.171.151
Source: unknown TCP traffic detected without corresponding DNS query: 208.139.56.88
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: wget/1.20.3-1ubuntu1 Ubuntu/20.04.2/LTS GNU/Linux/5.4.0-72-generic/x86_64 Intel(R)/Xeon(R)/Silver/4210/CPU/@/2.20GHz cloud_id/noneAccept: */*Accept-Encoding: identityHost: motd.ubuntu.comConnection: Keep-Alive
Source: unknown DNS traffic detected: queries for: daisy.ubuntu.com
Source: unknown Network traffic detected: HTTP traffic on port 44586 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 44586

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: MY69DoYgp5.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: MY69DoYgp5.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5527.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5527.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5666.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5666.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5693.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5693.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5518.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5518.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5521.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5521.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5674.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5674.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5665.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5665.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5520.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5520.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5518, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5518, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5520, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5520, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5521, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5521, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5527, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5527, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5665, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5665, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5666, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5666, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5674, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5674, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5693, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: MY69DoYgp5.elf PID: 5693, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Contains symbols with names commonly found in malware
Source: ELF static info symbol of initial sample Name: attack.c
Source: ELF static info symbol of initial sample Name: attack_get_opt_int
Source: ELF static info symbol of initial sample Name: attack_get_opt_ip
Source: ELF static info symbol of initial sample Name: attack_get_opt_str
Source: ELF static info symbol of initial sample Name: attack_init
Source: ELF static info symbol of initial sample Name: attack_method.c
Source: ELF static info symbol of initial sample Name: attack_method_asyn
Source: ELF static info symbol of initial sample Name: attack_method_greeth
Source: ELF static info symbol of initial sample Name: attack_method_greip
Source: ELF static info symbol of initial sample Name: attack_method_ice
Sample and/or dropped files contains symbols with suspicious names
Source: MY69DoYgp5.elf ELF static info symbol of initial sample: hnap_scanner.c
Source: MY69DoYgp5.elf ELF static info symbol of initial sample: scanner.c
Source: MY69DoYgp5.elf ELF static info symbol of initial sample: scanner_init
Source: MY69DoYgp5.elf ELF static info symbol of initial sample: scanner_pid
Source: MY69DoYgp5.elf ELF static info symbol of initial sample: scanner_rawpkt
Sample tries to kill a process (SIGKILL)
Source: /tmp/MY69DoYgp5.elf (PID: 5520) SIGKILL sent: pid: 933, result: successful Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) SIGKILL sent: pid: 933, result: successful Jump to behavior
Yara signature match
Source: MY69DoYgp5.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: MY69DoYgp5.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5527.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5527.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5666.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5666.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5693.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5693.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5518.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5518.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5521.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5521.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5674.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5674.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5665.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5665.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5520.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5520.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5518, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5518, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5520, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5520, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5521, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5521, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5527, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5527, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5665, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5665, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5666, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5666, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5674, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5674, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5693, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: MY69DoYgp5.elf PID: 5693, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: classification engine Classification label: mal88.troj.linELF@0/0@2/0
Enumerates processes within the "proc" file system
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/490/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/793/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/794/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/850/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/796/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/777/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/931/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/658/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/779/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/812/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/933/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/917/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/782/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/1/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/764/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/766/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/723/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/789/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/800/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/888/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/724/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/802/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/803/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5520) File opened: /proc/804/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/490/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/793/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/794/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/850/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/796/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/777/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/931/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/658/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/779/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/812/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/933/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/917/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/782/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/1/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/764/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/766/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/723/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/789/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/800/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/888/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/724/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/802/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/803/fd Jump to behavior
Source: /tmp/MY69DoYgp5.elf (PID: 5526) File opened: /proc/804/fd Jump to behavior
Executes the "rm" command used to delete files or directories
Source: /usr/bin/dash (PID: 5570) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.REkfsGq63L /tmp/tmp.3plJnCTati /tmp/tmp.lYxO7n55x9 Jump to behavior
Source: /usr/bin/dash (PID: 5579) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.REkfsGq63L /tmp/tmp.3plJnCTati /tmp/tmp.lYxO7n55x9 Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52848
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52850
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52854
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52858
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52874
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52880
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52890
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52886
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52900
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52908
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52910
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52916
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52918
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52926
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52928
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57108
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52934
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52936
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57118
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52946
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57126
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52952
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57130
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52956
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57136
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52962
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57142
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52972
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57150
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57156
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57160
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57166
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52986
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52996
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 52998
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53004
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53036
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53040
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40920
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40920
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40930
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40952
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40962
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40964
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40970
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40974
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40980
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40978
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59856
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59860
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59864
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59872
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59874
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59878
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59880
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59886
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59888
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59894
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59898
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59892
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59902
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59908
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59914
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59918
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59944
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59954
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59960
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59962
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59966
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59970
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59976
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59988
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59994
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59934
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60014
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35698
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35698
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60070
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35724
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35736
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35748
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35764
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35792
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35820
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35850
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35874
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35888
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59074
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59142
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59156
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59190
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59198
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59218
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59236
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 59264
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40588
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40616
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40636
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40670
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40766
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54476
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40782
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54496
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54514
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40782
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40804
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40846
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40862
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40862
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/MY69DoYgp5.elf (PID: 5518) Queries kernel information via 'uname': Jump to behavior
Source: MY69DoYgp5.elf, 5518.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5520.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5666.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5693.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5674.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5521.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5665.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5527.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp Binary or memory string: 5x86_64/usr/bin/qemu-sparc/tmp/MY69DoYgp5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/MY69DoYgp5.elf
Source: MY69DoYgp5.elf, 5518.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5520.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5666.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5693.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5674.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5521.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5665.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5527.1.00005580f8539000.00005580f859e000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sparc
Source: MY69DoYgp5.elf, 5518.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5520.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5666.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5693.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5674.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5521.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5665.1.00005580f8539000.00005580f859e000.rw-.sdmp, MY69DoYgp5.elf, 5527.1.00005580f8539000.00005580f859e000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/sparc
Source: MY69DoYgp5.elf, 5518.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5520.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5666.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5693.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5674.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5521.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5665.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp, MY69DoYgp5.elf, 5527.1.00007ffe183fa000.00007ffe1841b000.rw-.sdmp Binary or memory string: /usr/bin/qemu-sparc
Yara detected Mirai
Source: Yara match File source: MY69DoYgp5.elf, type: SAMPLE
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 5527.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5666.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5693.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5518.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5521.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5674.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5665.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5520.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Yara detected Mirai
Source: Yara match File source: MY69DoYgp5.elf, type: SAMPLE
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 5527.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5666.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5693.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5518.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5521.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5674.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5665.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5520.1.00007f38c4011000.00007f38c4028000.r-x.sdmp, type: MEMORY
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
167.247.227.140
 unknown United States
22808 RESOURCES-22808US false
100.49.11.84
 unknown United States
701 UUNETUS false
199.43.111.155
 unknown Canada
15290 ALLST-15290CA false
36.166.30.157
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
191.254.186.176
 unknown Brazil
27699 TELEFONICABRASILSABR false
9.223.118.196
 unknown United States
3356 LEVEL3US false
205.154.236.0
 unknown United States
2152 CSUNET-NWUS false
118.5.14.233
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
119.131.240.33
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
158.57.32.188
 unknown United States
1932 CONEDUS false
192.68.97.98
 unknown Norway
5619 EVRY-NO false
123.69.92.192
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
36.121.253.233
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
101.131.11.151
 unknown China
58519 CHINATELECOM-CTCLOUDCloudComputingCorporationCN false
87.206.176.43
 unknown Poland
6830 LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding false
17.66.80.64
 unknown United States
714 APPLE-ENGINEERINGUS false
88.16.182.165
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
9.107.33.240
 unknown United States
3356 LEVEL3US false
101.184.224.117
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
150.92.186.166
 unknown Japan 6400 CompaniaDominicanadeTelefonosSADO false
76.18.177.110
 unknown United States
7922 COMCAST-7922US false
156.79.67.35
 unknown United States
11363 FUJITSU-USAUS false
210.217.73.157
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
60.255.103.64
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
246.64.252.74
 unknown Reserved
unknown unknown false
83.148.115.209
 unknown Bulgaria
8866 BTC-ASBULGARIABG false
98.131.25.121
 unknown United States
46606 UNIFIEDLAYER-AS-1US false
44.153.229.73
 unknown United States
62383 LDS-ASBE false
152.39.18.165
 unknown United States
81 NCRENUS false
41.14.214.59
 unknown South Africa
29975 VODACOM-ZA false
185.108.193.66
 unknown Russian Federation
204276 EUTELSATRU false
139.22.127.198
 unknown Germany
680 DFNVereinzurFoerderungeinesDeutschenForschungsnetzese false
32.225.78.45
 unknown United States
2686 ATGS-MMD-ASUS false
37.16.45.246
 unknown Saudi Arabia
35819 MOBILY-ASEtihadEtisalatCompanyMobilySA false
190.250.243.76
 unknown Colombia
13489 EPMTelecomunicacionesSAESPCO false
212.24.4.160
 unknown Italy
8612 TISCALI-IT false
83.177.132.162
 unknown Sweden
1257 TELE2EU false
130.216.57.0
 unknown New Zealand
9431 AKUNI-NZTheUniversityofAucklandNZ false
65.138.34.28
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
209.146.51.71
 unknown United States
395753 KKRUS false
148.174.30.171
 unknown United States
7068 PFIZERNETUS false
68.161.94.8
 unknown United States
701 UUNETUS false
96.23.124.86
 unknown Canada
5769 VIDEOTRONCA false
170.0.229.177
 unknown Mexico
265510 EJATELECOMMSDERLMX false
111.148.30.96
 unknown China
38370 CTTNETChinaTieTongTelecommunicationsCorporationCN false
206.61.188.172
 unknown United States
11280 SNAPPYDSL-ASN1US false
180.201.226.223
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
125.187.16.176
 unknown Korea Republic of
17858 POWERVIS-AS-KRLGPOWERCOMMKR false
88.189.183.19
 unknown France
12322 PROXADFR false
98.250.136.75
 unknown United States
7922 COMCAST-7922US false
168.91.51.114
 unknown United States
397029 IA-OCIOUS false
87.233.205.90
 unknown Netherlands
15703 TRUESERVER-ASTrueServerBVASnumberNL false
217.95.63.152
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
23.7.233.82
 unknown United States
16625 AKAMAI-ASUS false
35.114.58.250
 unknown United States
237 MERIT-AS-14US false
13.156.87.57
 unknown United States
7018 ATT-INTERNET4US false
110.141.66.225
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
117.83.109.76
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
217.42.122.165
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
241.54.2.242
 unknown Reserved
unknown unknown false
95.250.228.227
 unknown Italy
3269 ASN-IBSNAZIT false
116.88.13.27
 unknown Singapore
10091 STARHUB-CABLEStarHubLtdSG false
211.188.255.125
 unknown Korea Republic of
9644 SKTELECOM-NET-ASSKTelecomKR false
2.113.108.44
 unknown Italy
3269 ASN-IBSNAZIT false
53.65.54.183
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
85.71.161.34
 unknown Czech Republic
5610 O2-CZECH-REPUBLICCZ false
58.12.166.234
 unknown Japan 17506 UCOMARTERIANetworksCorporationJP false
47.222.229.250
 unknown United States
19108 SUDDENLINK-COMMUNICATIONSUS false
159.229.251.211
 unknown United States
13188 TRIOLANUA false
134.249.51.217
 unknown Ukraine
15895 KSNET-ASUA false
14.236.143.111
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
171.204.130.132
 unknown United States
10794 BANKAMERICAUS false
118.93.122.127
 unknown New Zealand
9500 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ false
1.15.80.127
 unknown China
13335 CLOUDFLARENETUS false
111.226.87.100
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
58.73.244.7
 unknown Korea Republic of
3786 LGDACOMLGDACOMCorporationKR false
202.56.113.61
 unknown India
24251 ICNTV-NETIwakuniCableNetworkCorporationJP false
82.177.144.30
 unknown Poland
206093 SILICON_SOFTWARE-ASPL false
85.218.240.23
 unknown Denmark
197288 STOFANETDK false
42.176.82.50
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
24.158.162.22
 unknown United States
20115 CHARTER-20115US false
118.23.107.5
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
106.77.63.118
 unknown India
45271 ICLNET-AS-APIdeaCellularLimitedIN false
79.94.185.210
 unknown France
15557 LDCOMNETFR false
176.138.181.5
 unknown France
5410 BOUYGTEL-ISPFR false
81.75.58.70
 unknown Italy
3269 ASN-IBSNAZIT false
159.157.219.156
 unknown United States
34578 BEDAGCH false
121.188.109.205
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
122.48.76.19
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
247.190.66.208
 unknown Reserved
unknown unknown false
87.198.117.216
 unknown Ireland
34245 MAGNET-ASIE false
27.206.182.216
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
241.110.61.141
 unknown Reserved
unknown unknown false
116.39.18.135
 unknown Korea Republic of
17858 POWERVIS-AS-KRLGPOWERCOMMKR false
106.161.213.146
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
223.122.67.246
 unknown China
58453 CMI-INT-HKLevel30Tower1HK false
119.54.139.127
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
59.113.102.203
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
157.215.94.72
 unknown United States
4704 SANNETRakutenMobileIncJP false
132.1.23.23
 unknown United States
385 AFCONC-BLOCK1-ASUS false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.25 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://motd.ubuntu.com/ false
    		high