Edit tour
Linux
Analysis Report
Zz4JCR594d.elf
Overview
General Information
Sample name: | Zz4JCR594d.elfrenamed because original name is a hash value |
Original sample name: | 847c9f05128358bec5a7a17e6a3524ea.elf |
Analysis ID: | 1431631 |
MD5: | 847c9f05128358bec5a7a17e6a3524ea |
SHA1: | 361b9fcd3d943c9a087a9971ddb5b28f2f8b977a |
SHA256: | 83385e26348583a9ab161170f825065e9dc7ead718d31b68207cdd31f842bfc4 |
Tags: | 32elfintelmirai |
Infos: |
Detection
Mirai, Okiru
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Yara detected Okiru
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431631 |
Start date and time: | 2024-04-25 14:48:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | Zz4JCR594d.elfrenamed because original name is a hash value |
Original Sample Name: | 847c9f05128358bec5a7a17e6a3524ea.elf |
Detection: | MAL |
Classification: | mal100.troj.linELF@0/0@22/0 |
Command: | /tmp/Zz4JCR594d.elf |
PID: | 5493 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | done. |
Standard Error: |
- system is lnxubuntu20
- Zz4JCR594d.elf New Fork (PID: 5494, Parent: 5493)
- Zz4JCR594d.elf New Fork (PID: 5495, Parent: 5494)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_5f7b67b8 | unknown | unknown |
| |
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_5f7b67b8 | unknown | unknown |
| |
Click to see the 7 entries |
Timestamp: | 04/25/24-14:49:08.054304 |
SID: | 2030490 |
Source Port: | 45982 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:26.385035 |
SID: | 2030490 |
Source Port: | 46006 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:42.656784 |
SID: | 2030490 |
Source Port: | 45990 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:44.466416 |
SID: | 2030490 |
Source Port: | 45992 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:51:00.432590 |
SID: | 2030490 |
Source Port: | 46018 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:21.971789 |
SID: | 2030490 |
Source Port: | 45984 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:17.774534 |
SID: | 2030490 |
Source Port: | 46002 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:51:05.317940 |
SID: | 2030490 |
Source Port: | 46022 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:21.579535 |
SID: | 2030490 |
Source Port: | 46004 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:38.009874 |
SID: | 2030490 |
Source Port: | 46010 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:54.541250 |
SID: | 2030490 |
Source Port: | 46016 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:51:03.373324 |
SID: | 2030490 |
Source Port: | 46020 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:35.194257 |
SID: | 2030490 |
Source Port: | 46008 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:46.663569 |
SID: | 2030490 |
Source Port: | 46014 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:41.842391 |
SID: | 2030490 |
Source Port: | 46012 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:34.838365 |
SID: | 2030490 |
Source Port: | 45988 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:11.970056 |
SID: | 2030490 |
Source Port: | 46000 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:31.793186 |
SID: | 2030490 |
Source Port: | 45986 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:50:06.165554 |
SID: | 2030490 |
Source Port: | 45998 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:56.358212 |
SID: | 2030490 |
Source Port: | 45996 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-14:49:49.271102 |
SID: | 2030490 |
Source Port: | 45994 |
Destination Port: | 2509 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | Direct Volume Access | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
59% | Virustotal | Browse | ||
65% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
17% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
eclp8oz0m8mxouv96hc9p7k2btydt3iv.click | 103.97.132.194 | true | true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.97.132.194 | eclp8oz0m8mxouv96hc9p7k2btydt3iv.click | Viet Nam | 55933 | CLOUDIE-AS-APCloudieLimitedHK | true |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
eclp8oz0m8mxouv96hc9p7k2btydt3iv.click | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDIE-AS-APCloudieLimitedHK | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.713672284145757 |
TrID: |
|
File name: | Zz4JCR594d.elf |
File size: | 89'576 bytes |
MD5: | 847c9f05128358bec5a7a17e6a3524ea |
SHA1: | 361b9fcd3d943c9a087a9971ddb5b28f2f8b977a |
SHA256: | 83385e26348583a9ab161170f825065e9dc7ead718d31b68207cdd31f842bfc4 |
SHA512: | 2cad9ee486cc0cb41a8ac18e0136396f7d11630ad19ffaecf662a5a07978d463f53351be586116618a4ecd0e672426c61e1a439f7cfee971c53a887041af7766 |
SSDEEP: | 1536:xpmWc2AcighsZ8+1JxNc/HL1mSsM8emsJgBQ9TnkISGtAdL0xZ:xpmX2riED+1rNAHZmLFsCQ9kVTL0x |
TLSH: | 56937DC5F643D4F5E89704B1213AEB339B33F0B52019EA43D7799932ECA2511EA16B9C |
File Content Preview: | .ELF....................d...4...X\......4. ...(......................................................G..8...........Q.td............................U..S........$...h........[]...$.............U......= ....t..5...................u........t....h............ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 89176 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8048094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80480b0 | 0xb0 | 0xf136 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x80571e6 | 0xf1e6 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x8057200 | 0xf200 | 0x2290 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x805a494 | 0x11494 | 0xc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x805a4a0 | 0x114a0 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x805a4c0 | 0x114c0 | 0x4758 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x805ec20 | 0x15c18 | 0x49ac | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x15c18 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8048000 | 0x8048000 | 0x11490 | 0x11490 | 6.5877 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0x11494 | 0x805a494 | 0x805a494 | 0x4784 | 0x9138 | 0.3635 | 0x6 | RW | 0x1000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/25/24-14:49:08.054304 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45982 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:26.385035 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46006 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:42.656784 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45990 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:44.466416 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45992 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:51:00.432590 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46018 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:21.971789 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:17.774534 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46002 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:51:05.317940 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46022 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:21.579535 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46004 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:38.009874 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46010 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:54.541250 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46016 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:51:03.373324 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46020 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:35.194257 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46008 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:46.663569 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46014 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:41.842391 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46012 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:34.838365 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45988 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:11.970056 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 46000 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:31.793186 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45986 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:50:06.165554 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45998 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:56.358212 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
04/25/24-14:49:49.271102 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 14:49:07.705370903 CEST | 45982 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:08.054119110 CEST | 2509 | 45982 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:08.054198027 CEST | 45982 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:08.054303885 CEST | 45982 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:08.402697086 CEST | 2509 | 45982 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:08.402759075 CEST | 2509 | 45982 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:14.513561010 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:15.538676977 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:17.553962946 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:21.617850065 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:21.971513987 CEST | 2509 | 45984 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:21.971787930 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:21.971788883 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:22.326455116 CEST | 2509 | 45984 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:22.326632977 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:23.057924986 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:23.058605909 CEST | 2509 | 45984 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:23.058736086 CEST | 45984 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:23.411771059 CEST | 2509 | 45984 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:23.412256956 CEST | 2509 | 45984 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:31.437958002 CEST | 45986 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:31.792987108 CEST | 2509 | 45986 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:31.793138027 CEST | 45986 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:31.793185949 CEST | 45986 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:32.148081064 CEST | 2509 | 45986 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:32.148222923 CEST | 45986 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:32.502906084 CEST | 2509 | 45986 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:34.486565113 CEST | 45988 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:34.838191986 CEST | 2509 | 45988 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:34.838365078 CEST | 45988 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:34.838365078 CEST | 45988 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:35.190119028 CEST | 2509 | 45988 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:35.190148115 CEST | 2509 | 45988 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:42.301505089 CEST | 45990 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:42.656625032 CEST | 2509 | 45990 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:42.656740904 CEST | 45990 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:42.656784058 CEST | 45990 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:43.010582924 CEST | 2509 | 45990 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:43.010643959 CEST | 2509 | 45990 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:44.121495008 CEST | 45992 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:44.466047049 CEST | 2509 | 45992 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:44.466180086 CEST | 45992 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:44.466415882 CEST | 45992 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:44.810216904 CEST | 2509 | 45992 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:44.810272932 CEST | 2509 | 45992 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:48.921500921 CEST | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:49.270678997 CEST | 2509 | 45994 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:49.270999908 CEST | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:49.271101952 CEST | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:49.625174046 CEST | 2509 | 45994 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:49.625541925 CEST | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:50.352654934 CEST | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:50.358019114 CEST | 2509 | 45994 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:50.358102083 CEST | 45994 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:50.702676058 CEST | 2509 | 45994 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:50.708070993 CEST | 2509 | 45994 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:56.014444113 CEST | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:56.358017921 CEST | 2509 | 45996 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:56.358186007 CEST | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:56.358211994 CEST | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:56.703172922 CEST | 2509 | 45996 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:56.703306913 CEST | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:57.392385006 CEST | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:57.423882008 CEST | 2509 | 45996 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:57.424022913 CEST | 45996 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:49:57.736521006 CEST | 2509 | 45996 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:49:57.766921043 CEST | 2509 | 45996 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:05.813591003 CEST | 45998 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:06.165287971 CEST | 2509 | 45998 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:06.165473938 CEST | 45998 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:06.165554047 CEST | 45998 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:06.515477896 CEST | 2509 | 45998 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:06.515551090 CEST | 2509 | 45998 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:11.626645088 CEST | 46000 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:11.969850063 CEST | 2509 | 46000 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:11.970016003 CEST | 46000 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:11.970056057 CEST | 46000 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:12.313159943 CEST | 2509 | 46000 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:12.313275099 CEST | 2509 | 46000 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:17.424360037 CEST | 46002 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:17.774281025 CEST | 2509 | 46002 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:17.774503946 CEST | 46002 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:17.774533987 CEST | 46002 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:18.124331951 CEST | 2509 | 46002 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:18.124372959 CEST | 2509 | 46002 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:21.236459017 CEST | 46004 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:21.579365969 CEST | 2509 | 46004 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:21.579494953 CEST | 46004 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:21.579535007 CEST | 46004 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:21.924237013 CEST | 2509 | 46004 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:21.924309015 CEST | 2509 | 46004 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:26.035676956 CEST | 46006 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:26.384733915 CEST | 2509 | 46006 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:26.384943962 CEST | 46006 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:26.385035038 CEST | 46006 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:26.733810902 CEST | 2509 | 46006 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:26.733885050 CEST | 2509 | 46006 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:34.844753981 CEST | 46008 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:35.194046021 CEST | 2509 | 46008 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:35.194209099 CEST | 46008 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:35.194257021 CEST | 46008 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:35.543406010 CEST | 2509 | 46008 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:35.543473005 CEST | 2509 | 46008 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:37.654043913 CEST | 46010 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:38.009593964 CEST | 2509 | 46010 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:38.009795904 CEST | 46010 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:38.009874105 CEST | 46010 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:38.365226984 CEST | 2509 | 46010 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:38.365273952 CEST | 2509 | 46010 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:40.476398945 CEST | 46012 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:41.486588955 CEST | 46012 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:41.842227936 CEST | 2509 | 46012 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:41.842391014 CEST | 46012 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:41.842391014 CEST | 46012 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:42.194628954 CEST | 2509 | 46012 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:42.194653988 CEST | 2509 | 46012 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:46.306783915 CEST | 46014 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:46.663378954 CEST | 2509 | 46014 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:46.663568020 CEST | 46014 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:46.663568974 CEST | 46014 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:47.019774914 CEST | 2509 | 46014 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:47.019793034 CEST | 2509 | 46014 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:54.130198002 CEST | 46016 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:54.541059017 CEST | 2509 | 46016 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:54.541249037 CEST | 46016 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:54.541249990 CEST | 46016 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:54.954726934 CEST | 2509 | 46016 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:50:54.955085993 CEST | 46016 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:50:55.357327938 CEST | 2509 | 46016 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:00.066003084 CEST | 46018 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:00.432344913 CEST | 2509 | 46018 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:00.432526112 CEST | 46018 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:00.432590008 CEST | 46018 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:00.835263014 CEST | 2509 | 46018 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:00.835324049 CEST | 2509 | 46018 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:02.946482897 CEST | 46020 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:03.373048067 CEST | 2509 | 46020 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:03.373323917 CEST | 46020 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:03.373323917 CEST | 46020 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:03.787590027 CEST | 2509 | 46020 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:03.787616014 CEST | 2509 | 46020 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:04.898832083 CEST | 46022 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:05.317686081 CEST | 2509 | 46022 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:05.317895889 CEST | 46022 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:05.317939997 CEST | 46022 | 2509 | 192.168.2.14 | 103.97.132.194 |
Apr 25, 2024 14:51:05.747172117 CEST | 2509 | 46022 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:05.747196913 CEST | 2509 | 46022 | 103.97.132.194 | 192.168.2.14 |
Apr 25, 2024 14:51:12.857842922 CEST | 46024 | 2509 | 192.168.2.14 | 103.97.132.194 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 14:49:07.594655991 CEST | 35989 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:07.705249071 CEST | 53 | 35989 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:14.402731895 CEST | 38890 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:14.513447046 CEST | 53 | 38890 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:31.326630116 CEST | 34786 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:31.437711000 CEST | 53 | 34786 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:34.148322105 CEST | 58838 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:34.486382008 CEST | 53 | 58838 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:42.190171003 CEST | 36191 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:42.301135063 CEST | 53 | 36191 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:44.010824919 CEST | 48679 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:44.121356964 CEST | 53 | 48679 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:48.810484886 CEST | 41108 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:48.921243906 CEST | 53 | 41108 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:49:55.625511885 CEST | 48761 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:49:56.014255047 CEST | 53 | 48761 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:05.703217983 CEST | 42276 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:05.813421965 CEST | 53 | 42276 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:11.515695095 CEST | 39852 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:11.626302958 CEST | 53 | 39852 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:17.313421011 CEST | 48647 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:17.424216986 CEST | 53 | 48647 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:21.124655008 CEST | 41601 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:21.236323118 CEST | 53 | 41601 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:25.924396992 CEST | 41232 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:26.035533905 CEST | 53 | 41232 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:34.733855963 CEST | 60922 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:34.844578981 CEST | 53 | 60922 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:37.543596983 CEST | 44838 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:37.653836012 CEST | 53 | 44838 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:40.365468979 CEST | 50861 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:40.476202965 CEST | 53 | 50861 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:46.194844961 CEST | 37088 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:46.306596041 CEST | 53 | 37088 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:54.019746065 CEST | 34343 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:50:54.130012035 CEST | 53 | 34343 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:50:59.955142021 CEST | 60797 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:51:00.065675974 CEST | 53 | 60797 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:51:02.835488081 CEST | 41953 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:51:02.946331024 CEST | 53 | 41953 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:51:04.788008928 CEST | 46996 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:51:04.898698092 CEST | 53 | 46996 | 8.8.8.8 | 192.168.2.14 |
Apr 25, 2024 14:51:12.747287989 CEST | 56189 | 53 | 192.168.2.14 | 8.8.8.8 |
Apr 25, 2024 14:51:12.857678890 CEST | 53 | 56189 | 8.8.8.8 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 14:49:07.594655991 CEST | 192.168.2.14 | 8.8.8.8 | 0xf115 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:14.402731895 CEST | 192.168.2.14 | 8.8.8.8 | 0x631c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:31.326630116 CEST | 192.168.2.14 | 8.8.8.8 | 0x4874 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:34.148322105 CEST | 192.168.2.14 | 8.8.8.8 | 0x42d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:42.190171003 CEST | 192.168.2.14 | 8.8.8.8 | 0x7b74 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:44.010824919 CEST | 192.168.2.14 | 8.8.8.8 | 0x43ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:48.810484886 CEST | 192.168.2.14 | 8.8.8.8 | 0x4885 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:49:55.625511885 CEST | 192.168.2.14 | 8.8.8.8 | 0x604d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:05.703217983 CEST | 192.168.2.14 | 8.8.8.8 | 0xc63b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:11.515695095 CEST | 192.168.2.14 | 8.8.8.8 | 0x8b79 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:17.313421011 CEST | 192.168.2.14 | 8.8.8.8 | 0x8de2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:21.124655008 CEST | 192.168.2.14 | 8.8.8.8 | 0x9f8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:25.924396992 CEST | 192.168.2.14 | 8.8.8.8 | 0xce95 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:34.733855963 CEST | 192.168.2.14 | 8.8.8.8 | 0x9109 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:37.543596983 CEST | 192.168.2.14 | 8.8.8.8 | 0x7e90 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:40.365468979 CEST | 192.168.2.14 | 8.8.8.8 | 0xf6d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:46.194844961 CEST | 192.168.2.14 | 8.8.8.8 | 0xe875 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:54.019746065 CEST | 192.168.2.14 | 8.8.8.8 | 0xe811 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:50:59.955142021 CEST | 192.168.2.14 | 8.8.8.8 | 0x80d3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:51:02.835488081 CEST | 192.168.2.14 | 8.8.8.8 | 0xb91d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:51:04.788008928 CEST | 192.168.2.14 | 8.8.8.8 | 0xedd9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 14:51:12.747287989 CEST | 192.168.2.14 | 8.8.8.8 | 0x8621 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 14:49:07.705249071 CEST | 8.8.8.8 | 192.168.2.14 | 0xf115 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:14.513447046 CEST | 8.8.8.8 | 192.168.2.14 | 0x631c | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:31.437711000 CEST | 8.8.8.8 | 192.168.2.14 | 0x4874 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:34.486382008 CEST | 8.8.8.8 | 192.168.2.14 | 0x42d | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:42.301135063 CEST | 8.8.8.8 | 192.168.2.14 | 0x7b74 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:44.121356964 CEST | 8.8.8.8 | 192.168.2.14 | 0x43ce | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:48.921243906 CEST | 8.8.8.8 | 192.168.2.14 | 0x4885 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:49:56.014255047 CEST | 8.8.8.8 | 192.168.2.14 | 0x604d | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:05.813421965 CEST | 8.8.8.8 | 192.168.2.14 | 0xc63b | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:11.626302958 CEST | 8.8.8.8 | 192.168.2.14 | 0x8b79 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:17.424216986 CEST | 8.8.8.8 | 192.168.2.14 | 0x8de2 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:21.236323118 CEST | 8.8.8.8 | 192.168.2.14 | 0x9f8 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:26.035533905 CEST | 8.8.8.8 | 192.168.2.14 | 0xce95 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:34.844578981 CEST | 8.8.8.8 | 192.168.2.14 | 0x9109 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:37.653836012 CEST | 8.8.8.8 | 192.168.2.14 | 0x7e90 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:40.476202965 CEST | 8.8.8.8 | 192.168.2.14 | 0xf6d0 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:46.306596041 CEST | 8.8.8.8 | 192.168.2.14 | 0xe875 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:50:54.130012035 CEST | 8.8.8.8 | 192.168.2.14 | 0xe811 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:51:00.065675974 CEST | 8.8.8.8 | 192.168.2.14 | 0x80d3 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:51:02.946331024 CEST | 8.8.8.8 | 192.168.2.14 | 0xb91d | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:51:04.898698092 CEST | 8.8.8.8 | 192.168.2.14 | 0xedd9 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 14:51:12.857678890 CEST | 8.8.8.8 | 192.168.2.14 | 0x8621 | No error (0) | 103.97.132.194 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 12:49:06 |
Start date (UTC): | 25/04/2024 |
Path: | /tmp/Zz4JCR594d.elf |
Arguments: | /tmp/Zz4JCR594d.elf |
File size: | 89576 bytes |
MD5 hash: | 847c9f05128358bec5a7a17e6a3524ea |
Start time (UTC): | 12:49:06 |
Start date (UTC): | 25/04/2024 |
Path: | /tmp/Zz4JCR594d.elf |
Arguments: | - |
File size: | 89576 bytes |
MD5 hash: | 847c9f05128358bec5a7a17e6a3524ea |
Start time (UTC): | 12:49:06 |
Start date (UTC): | 25/04/2024 |
Path: | /tmp/Zz4JCR594d.elf |
Arguments: | - |
File size: | 89576 bytes |
MD5 hash: | 847c9f05128358bec5a7a17e6a3524ea |