Loading ...

Play interactive tourEdit tour

Analysis Report FJbeidnZOF.exe

Overview

General Information

Sample Name:FJbeidnZOF.exe
Analysis ID:399798
MD5:0b43c829af2eb773a3614b02ba5b8c5f
SHA1:bc55a69ca1a72f9f0761112c05b3938aebad1c43
SHA256:25b6f68e2bf505cfde67c533f5d12e869b30efe831fa82fd91c2c29f59fc77ac
Tags:exeLoki
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Lokibot
C2 URLs / IPs found in malware configuration
Found C&C like URL pattern
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Antivirus or Machine Learning detection for unpacked file
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • FJbeidnZOF.exe (PID: 5392 cmdline: 'C:\Users\user\Desktop\FJbeidnZOF.exe' MD5: 0B43C829AF2EB773A3614B02BA5B8C5F)
    • FJbeidnZOF.exe (PID: 5472 cmdline: C:\Users\user\Desktop\FJbeidnZOF.exe MD5: 0B43C829AF2EB773A3614B02BA5B8C5F)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://amrp.tw/kayo/gate.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
        • 0x2007af:$des3: 68 03 66 00 00
        • 0x204ba0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
        • 0x204c6c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
        00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 15 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
          • 0x28ecc:$s1: http://
          • 0x2c687:$s1: http://
          • 0x2d0e0:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
          • 0x28ed4:$s2: https://
          • 0x28ecc:$f1: http://
          • 0x2c687:$f1: http://
          • 0x28ed4:$f2: https://
          1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
              1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackLoki_1Loki Payloadkevoreilly
                • 0x28e08:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                • 0x29050:$a2: last_compatible_version
                Click to see the 21 entries

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Antivirus detection for URL or domainShow sources
                Source: http://amrp.tw/kayo/gate.phpAvira URL Cloud: Label: malware
                Found malware configurationShow sources
                Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://amrp.tw/kayo/gate.php"]}
                Multi AV Scanner detection for domain / URLShow sources
                Source: amrp.twVirustotal: Detection: 19%Perma Link
                Source: http://amrp.tw/kayo/gate.phpVirustotal: Detection: 20%Perma Link
                Multi AV Scanner detection for submitted fileShow sources
                Source: FJbeidnZOF.exeVirustotal: Detection: 22%Perma Link
                Source: FJbeidnZOF.exeReversingLabs: Detection: 27%
                Machine Learning detection for sampleShow sources
                Source: FJbeidnZOF.exeJoe Sandbox ML: detected
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: FJbeidnZOF.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: FJbeidnZOF.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,5_2_00403D74

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49818 -> 35.247.234.230:80
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                Source: Malware configuration extractorURLs: http://amrp.tw/kayo/gate.php
                Found C&C like URL patternShow sources
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php