Linux Analysis Report d8dgn3wGJL

Overview

General Information

Sample Name:	d8dgn3wGJL
Analysis ID:	452442
MD5:	7c8ff25ee476a1cd89bbf529e0ac6af4
SHA1:	71e15a4c42d920302925c7d5ba05ca9f0c27a998
SHA256:	fcafcefe3e66e811cdf3362820d2a7a6f6ae6005374b535357bad4ff349fd4ec
Tags:	32elfmiraisparc
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: d8dgn3wGJL

Virustotal: Detection: 52%

Perma Link

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.149.119.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.217.150.42: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.171.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.247.122.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.93.207.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.226.91.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.143.81.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.93.123.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.200.163.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.80.250.104: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.94.210.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 71.93.5.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.93.12.45: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 124.156.224.152: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 58.84.7.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.122.254.223: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.125.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.12.198.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 212.114.226.172: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.4.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.11.163.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.41.32.46: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 68.149.236.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.227.232.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.157.128.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.141.64.89: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.113.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.144.146.49: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.81.151.59: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.192.60.227: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.118.250: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.74.191.190: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.146.155.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.166.216.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.80.250.78: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.135.119.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 47.229.222.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.6.30.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.195.240.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 23.231.80.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 27.29.140.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 218.97.37.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.97.24.113: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.12.217.155: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.74.42.184: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 75.227.207.59:23 -> 192.168.2.20:45260
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 153.120.21.35: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.224.216.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.151.127.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 160.121.107.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.53.189.144: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.69.105.153: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.55.27.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 184.164.65.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 107.10.249.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 150.95.47.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.78.248.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.169.106: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.194.133.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 5.183.225.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.249.71.25: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.216.40.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.78.97.142: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.73.64.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.163.109.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.47.20.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.207.133.219: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 135.148.4.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.82.111.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.255.161.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 18.144.83.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.103.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.130.39.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.118.176.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.52.55.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.6.124.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.95.2.194: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.213.197: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.51.177.222: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.56.14.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.195.137.51: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.33.155.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.18.214.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.194.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.156.248.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.135.213.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.189.141.182: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 5.8.126.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.132.46.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 4.53.160.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 23.28.89.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.71.79.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.75.17.147: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.9.191.152: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.130.161.75: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 121.5.175.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.187.46.27:23 -> 192.168.2.20:60006
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.174.41.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 45.149.0.193: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.104.174.184: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.156.206.75: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.234.1.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.73.148.255: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.150.160.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 164.106.225.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.35.100.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.160.66.100: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.59.214.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.102.75.137: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.51.53.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.10.4.32: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.29.131.179: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 176.53.159.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.56.244.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.164.230: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.171.89: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 1.234.41.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.187.33: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 158.43.20.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.183.249.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.211.25.72: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.153.62.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 176.119.33.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.83.176.57: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 75.64.225.7: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.111.109: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.156.46.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.101.46.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.127.145: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.94.92.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.201.150.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.188.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.1.105.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.75.119.231: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.95.115.34: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 203.218.44.111: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.4.218.157: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.172.248.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.6.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.102.194.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 189.90.240.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.223.196.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.245.10.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.136.94.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.11.240.179: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.69.214.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 61.213.90.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.204.99.251: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.128.47.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.247.61.41: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.77.240.189: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.232.138.116: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.171.180.78: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.150.196.172: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.83.188: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.142.212.167: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.157.93.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.103.216.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.151.106: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.16.241.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.19.78.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.162.201.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.41.242.192: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 149.172.24.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.240.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.20.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 156.251.132.34: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 156.251.133.58: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.92.112.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.72.11.195: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.77.64.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.202.238.220: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 65.199.0.219: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 91.235.136.87: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.213.54.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.97.23.35: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 160.16.149.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.201.125.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.6.159.228: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 89.252.188.73: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.152.56.101: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.209.255.222: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.76.192.206: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.10.0.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 86.66.74.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.179.68.223: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.3.57.111: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.96.179.123: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 32.141.71.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.188.205.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.213.61.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.139.255.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.79.152.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.54.120.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 83.68.16.199:23 -> 192.168.2.20:44360
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.135.122.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.9.42.169: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 69.51.31.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.127.90.145:23 -> 192.168.2.20:48594
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.196.181.239: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 173.10.70.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 32.114.112.26: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 119.28.161.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.62.166.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.114.68.119: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.154.247.82: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.210.1.21: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.10.101.4: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.222.150.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.22.5.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.210.27.80: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.219.3.173: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.207.240.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.165.197.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 41.182.18.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.232.160.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.22.102.132: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.122.92.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 122.254.113.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.115.178.173: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 194.102.118.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 59.158.46.180:23 -> 192.168.2.20:44532
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.205.47.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.75.172.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.53.106.103: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 195.21.45.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.172.81.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.12.144.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.217.87.115: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.173.75.25: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.17.220.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.116.255.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.14.78.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.214.64.254: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.9.83.117: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 149.87.185.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 161.8.23.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 172.80.33.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.199.107.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.52.113.254:23 -> 192.168.2.20:49058
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.246.154.113: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.9.3.15: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.153.89.187: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 193.234.156.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.86.54.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.201.167.244: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.28.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.195.145.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 40.134.62.141: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 63.241.135.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.54.146.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 10.201.61.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.61.56.65: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.214.182.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.233.211.194: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.228.166.230: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 192.3.221.15: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.155.185.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.220.252.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.71.153.91: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.186.8.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.19.243.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.244.187.227: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.135.108.1:23 -> 192.168.2.20:55136
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.76.33.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.130.66: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.46.228.99: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.251.65.120: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.142.59.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.150.125.155: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.104.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.171.25.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.201.131.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.13.24.92: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.214.16.94: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.162.159.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.85.55: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.158.231.238: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 119.254.62.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.87.171.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.98.224.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.212.209.112: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.212.200.250: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 176.95.180.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.33.49.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.22.6.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.222.109.36: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.232.35.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 103.3.189.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.199.54.26: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.73.81.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.246.171.232: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 79.110.188.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 128.136.244.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.222.183.71: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.91.143.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.150.25.148: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 136.0.240.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.149.17.73: -> 192.168.2.20:

Uses known network protocols on non-standard ports

Source: unknown

Network traffic detected: HTTP traffic on port 23 -> 39270

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.20:35686 -> 37.230.137.227:1312

Source: unknown	TCP traffic detected without corresponding DNS query: 37.230.137.227
Source: unknown	TCP traffic detected without corresponding DNS query: 180.130.46.34
Source: unknown	TCP traffic detected without corresponding DNS query: 105.236.132.34
Source: unknown	TCP traffic detected without corresponding DNS query: 92.234.236.52
Source: unknown	TCP traffic detected without corresponding DNS query: 212.164.101.30
Source: unknown	TCP traffic detected without corresponding DNS query: 18.77.169.252
Source: unknown	TCP traffic detected without corresponding DNS query: 147.97.26.63
Source: unknown	TCP traffic detected without corresponding DNS query: 53.197.153.131
Source: unknown	TCP traffic detected without corresponding DNS query: 201.84.142.86
Source: unknown	TCP traffic detected without corresponding DNS query: 109.195.99.194
Source: unknown	TCP traffic detected without corresponding DNS query: 188.32.88.90
Source: unknown	TCP traffic detected without corresponding DNS query: 112.35.99.249
Source: unknown	TCP traffic detected without corresponding DNS query: 158.172.106.31
Source: unknown	TCP traffic detected without corresponding DNS query: 192.195.79.108
Source: unknown	TCP traffic detected without corresponding DNS query: 188.23.44.229
Source: unknown	TCP traffic detected without corresponding DNS query: 31.136.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 183.190.202.216
Source: unknown	TCP traffic detected without corresponding DNS query: 166.15.179.195
Source: unknown	TCP traffic detected without corresponding DNS query: 194.240.107.221
Source: unknown	TCP traffic detected without corresponding DNS query: 101.143.149.34
Source: unknown	TCP traffic detected without corresponding DNS query: 219.11.157.6
Source: unknown	TCP traffic detected without corresponding DNS query: 198.146.131.193
Source: unknown	TCP traffic detected without corresponding DNS query: 223.124.4.251
Source: unknown	TCP traffic detected without corresponding DNS query: 166.8.0.125
Source: unknown	TCP traffic detected without corresponding DNS query: 101.249.202.153
Source: unknown	TCP traffic detected without corresponding DNS query: 157.255.7.1
Source: unknown	TCP traffic detected without corresponding DNS query: 220.251.220.39
Source: unknown	TCP traffic detected without corresponding DNS query: 36.69.14.93
Source: unknown	TCP traffic detected without corresponding DNS query: 200.112.47.141
Source: unknown	TCP traffic detected without corresponding DNS query: 46.113.34.200
Source: unknown	TCP traffic detected without corresponding DNS query: 78.236.158.44
Source: unknown	TCP traffic detected without corresponding DNS query: 27.53.243.194
Source: unknown	TCP traffic detected without corresponding DNS query: 93.84.215.82
Source: unknown	TCP traffic detected without corresponding DNS query: 255.91.13.229
Source: unknown	TCP traffic detected without corresponding DNS query: 109.233.55.61
Source: unknown	TCP traffic detected without corresponding DNS query: 17.175.65.191
Source: unknown	TCP traffic detected without corresponding DNS query: 161.42.0.250
Source: unknown	TCP traffic detected without corresponding DNS query: 24.56.58.134
Source: unknown	TCP traffic detected without corresponding DNS query: 170.9.38.57
Source: unknown	TCP traffic detected without corresponding DNS query: 120.102.96.94
Source: unknown	TCP traffic detected without corresponding DNS query: 114.89.56.214
Source: unknown	TCP traffic detected without corresponding DNS query: 103.179.83.227
Source: unknown	TCP traffic detected without corresponding DNS query: 178.25.145.67
Source: unknown	TCP traffic detected without corresponding DNS query: 74.150.165.252
Source: unknown	TCP traffic detected without corresponding DNS query: 12.113.97.251
Source: unknown	TCP traffic detected without corresponding DNS query: 195.47.85.209
Source: unknown	TCP traffic detected without corresponding DNS query: 217.49.133.15
Source: unknown	TCP traffic detected without corresponding DNS query: 31.80.111.48
Source: unknown	TCP traffic detected without corresponding DNS query: 240.85.153.239
Source: unknown	TCP traffic detected without corresponding DNS query: 116.50.227.1

System Summary:

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.lin@0/0@0/0

Source: submitted sample

Stderr: pc: 0001daa8 npc: 0001daac%g0-7: 00000000 00000018 00000000 00000001 000306bc 00000000 00000070 00000000%o0-7: 000306b7 f6ffad53 00000400 0000002c 0001c170 00000000 f6fface0 0001cab4 %l0-7: f6ffad40 f6ffad40 00000000 00000001 000003f0 00000004 00000000 00000000 %i0-7: 000306a4 000306a4 00000400 0000003c 0001c160 00000000 f6ffb148 0001d958 %f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000%f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000%f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000%f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000psr: 04900001 (icc: N--C SPE: ---) wim: 00000001fsr: 00000000 y: 00000000: exit code = 0

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown

Network traffic detected: HTTP traffic on port 23 -> 39270

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/d8dgn3wGJL (PID: 4577)

Queries kernel information via 'uname':

Jump to behavior

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
96.80.119.73	unknown	United States	7922	COMCAST-7922US	false
110.220.205.165	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
186.8.103.81	unknown	Uruguay	19422	TelefonicaMovilesdelUruguaySAUY	false
9.151.73.175	unknown	United States	3356	LEVEL3US	false
244.41.150.76	unknown	Reserved	unknown	unknown	false
159.169.253.102	unknown	United States	28686	AVECTRIS-ASCH	false
110.91.165.153	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
100.138.149.140	unknown	United States	21928	T-MOBILE-AS21928US	false
31.136.150.35	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
172.188.114.229	unknown	United States	7018	ATT-INTERNET4US	false
43.152.190.246	unknown	Japan	4249	LILLY-ASUS	false
173.97.209.95	unknown	United States	1239	SPRINTLINKUS	false
170.70.84.141	unknown	Mexico	10420	BancodeMexicoMX	false
208.179.154.138	unknown	United States	11509	TIERZERO-AS11509US	false
255.248.130.166	unknown	Reserved	unknown	unknown	false
59.23.230.78	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
63.139.108.31	unknown	United States	7029	WINDSTREAMUS	false
16.40.26.19	unknown	United States	unknown	unknown	false
93.171.110.72	unknown	Czech Republic	42772	A1-BY-ASBY	false
58.173.90.103	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
154.44.177.227	unknown	United States	174	COGENT-174US	false
203.54.53.98	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
210.37.80.135	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
162.128.14.245	unknown	United States	14566	AS14566US	false
152.0.189.16	unknown	Dominican Republic	6400	CompaniaDominicanadeTelefonosSADO	false
91.102.26.204	unknown	Norway	41741	BBS-ASNO	false
163.166.98.3	unknown	United Kingdom	15914	BritishAirwaysGB	false
202.135.117.234	unknown	Japan	2687	ATGS-MMD-ASUS	false
62.23.12.103	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
70.210.119.248	unknown	United States	6167	CELLCO-PARTUS	false
208.41.125.41	unknown	United States	4565	MEGAPATH2-US	false
202.146.43.79	unknown	Indonesia	38754	PRIMENET-AS-IDPRIMEDIAARMOEKADATAINTERNETPTID	false
195.225.82.230	unknown	unknown	25148	BASEFARM-ASNOslo-NorwayNO	false
96.161.248.210	unknown	United States	7922	COMCAST-7922US	false
106.79.68.135	unknown	India	45271	ICLNET-AS-APIdeaCellularLimitedIN	false
109.2.36.81	unknown	France	15557	LDCOMNETFR	false
251.25.165.77	unknown	Reserved	unknown	unknown	false
193.116.228.182	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
74.52.27.62	unknown	United States	36351	SOFTLAYERUS	false
191.103.96.36	unknown	Argentina	262932	COMPANIADECIRCUITOSCERRADOSSAAR	false
9.66.92.155	unknown	United States	3356	LEVEL3US	false
147.171.5.176	unknown	France	1942	FR-TIGREToileInformatiqueGREnobloiseEU	false
108.66.209.194	unknown	United States	7018	ATT-INTERNET4US	false
39.1.255.121	unknown	Taiwan; Republic of China (ROC)	18182	SONET-TWSonyNetworkTaiwanLimitedTW	false
60.101.227.11	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
74.140.211.184	unknown	United States	10796	TWC-10796-MIDWESTUS	false
149.147.37.110	unknown	Kuwait	42961	GPRS-ASZAINKW	false
71.94.21.166	unknown	United States	20115	CHARTER-20115US	false
217.244.187.227	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	true
158.193.29.18	unknown	Slovakia (SLOVAK Republic)	2607	SANETSlovakAcademicNetworkSK	false
177.201.129.228	unknown	Brazil	8167	BrasilTelecomSA-FilialDistritoFederalBR	false
79.66.22.135	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
94.213.158.119	unknown	Netherlands	33915	TNF-ASNL	false
73.75.1.216	unknown	United States	7922	COMCAST-7922US	false
47.225.65.210	unknown	United States	20115	CHARTER-20115US	false
13.185.102.49	unknown	United States	7018	ATT-INTERNET4US	false
39.151.168.116	unknown	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
98.185.68.245	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
14.231.69.168	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
65.136.64.248	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
67.135.133.193	unknown	United States	23409	AS-FOFCOSUS	false
71.101.97.146	unknown	United States	701	UUNETUS	false
121.62.40.189	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
34.92.28.213	unknown	United States	15169	GOOGLEUS	false
192.215.126.28	unknown	United States	4266	CERNET-ASN-BLOCKUS	false
34.178.238.199	unknown	United States	2686	ATGS-MMD-ASUS	false
168.252.211.92	unknown	Australia	7474	OPTUSCOM-AS01-AUSingTelOptusPtyLtdAU	false
247.40.238.252	unknown	Reserved	unknown	unknown	false
189.238.52.156	unknown	Mexico	8151	UninetSAdeCVMX	false
211.41.228.12	unknown	Korea Republic of	9943	KNCTV-ASKangNamCableTVKR	false
85.190.130.159	unknown	Germany	199610	MARBISDE	false
5.17.148.25	unknown	Russian Federation	41733	ZTELECOM-ASRU	false
45.173.189.214	unknown	Brazil	268886	WILLYNETPROVEDORBR	false
254.4.121.201	unknown	Reserved	unknown	unknown	false
74.123.239.183	unknown	United States	17030	PRIMERICA-17030US	false
153.58.29.209	unknown	United States	14962	NCR-252US	false
194.232.154.71	unknown	Austria	5403	AS5403AT	false
13.178.149.151	unknown	United States	7018	ATT-INTERNET4US	false
251.91.166.212	unknown	Reserved	unknown	unknown	false
122.9.23.116	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
210.182.182.179	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
58.231.59.184	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
75.106.120.33	unknown	United States	7155	VIASAT-SP-BACKBONEUS	false
175.252.45.55	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
195.222.62.194	unknown	Bosnia and Herzegowina	9146	BIHNETBIHNETAutonomusSystemBA	false
181.242.187.203	unknown	Colombia	26611	COMCELSACO	false
36.69.14.93	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	false
14.180.45.48	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
221.207.216.133	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
145.87.165.122	unknown	Netherlands	29396	EUROFIBER-UNETEUROFIBERUNETNetworkNL	false
152.77.92.14	unknown	France	1942	FR-TIGREToileInformatiqueGREnobloiseEU	false
162.125.189.94	unknown	United States	19679	DROPBOXUS	false
168.37.109.99	unknown	United States	1761	TDIR-CAPNETUS	false
253.207.80.50	unknown	Reserved	unknown	unknown	false
67.66.161.97	unknown	United States	7018	ATT-INTERNET4US	false
180.85.234.147	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
73.229.102.52	unknown	United States	7922	COMCAST-7922US	false
250.156.175.16	unknown	Reserved	unknown	unknown	false
198.247.229.28	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
152.124.52.200	unknown	United States	29992	VA-TMP-COREUS	false

AV Detection:

Multi AV Scanner detection for submitted file

Source: d8dgn3wGJL

Virustotal: Detection: 52%

Perma Link

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.149.119.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.217.150.42: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.171.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.247.122.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.93.207.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.226.91.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.143.81.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.93.123.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.200.163.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.80.250.104: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.94.210.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 71.93.5.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.93.12.45: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 124.156.224.152: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 58.84.7.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.122.254.223: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.125.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.12.198.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 212.114.226.172: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.4.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.11.163.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.41.32.46: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 68.149.236.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.227.232.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.157.128.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.141.64.89: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.113.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.144.146.49: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.81.151.59: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.192.60.227: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.118.250: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.74.191.190: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.146.155.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.166.216.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.80.250.78: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.135.119.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 47.229.222.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.6.30.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.195.240.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 23.231.80.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 27.29.140.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 218.97.37.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.97.24.113: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.12.217.155: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.74.42.184: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 75.227.207.59:23 -> 192.168.2.20:45260
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 153.120.21.35: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.224.216.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.151.127.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 160.121.107.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.53.189.144: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.69.105.153: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.55.27.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 184.164.65.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 107.10.249.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 150.95.47.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.78.248.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.169.106: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.194.133.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 5.183.225.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.249.71.25: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.216.40.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.78.97.142: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.73.64.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.163.109.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.47.20.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.207.133.219: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 135.148.4.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.82.111.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.255.161.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 18.144.83.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.103.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.130.39.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.118.176.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.52.55.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.6.124.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.95.2.194: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.213.197: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.51.177.222: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.56.14.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.195.137.51: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.33.155.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.18.214.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.194.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.156.248.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.135.213.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.189.141.182: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 5.8.126.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.132.46.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 4.53.160.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 23.28.89.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.71.79.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.75.17.147: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.9.191.152: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.130.161.75: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 121.5.175.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.187.46.27:23 -> 192.168.2.20:60006
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.174.41.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 45.149.0.193: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.104.174.184: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.156.206.75: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.234.1.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.73.148.255: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.150.160.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 164.106.225.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.35.100.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.160.66.100: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.59.214.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.102.75.137: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.51.53.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.10.4.32: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.29.131.179: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 176.53.159.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.56.244.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.164.230: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.171.89: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 1.234.41.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.187.33: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 158.43.20.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.183.249.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.211.25.72: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.153.62.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 176.119.33.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.83.176.57: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 75.64.225.7: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.111.109: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.156.46.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.101.46.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.127.145: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.94.92.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.201.150.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.188.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.1.105.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.75.119.231: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.95.115.34: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 203.218.44.111: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.4.218.157: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.172.248.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.6.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.102.194.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 189.90.240.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.223.196.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.245.10.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.136.94.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.11.240.179: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.69.214.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 61.213.90.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.204.99.251: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.128.47.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.247.61.41: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.77.240.189: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.232.138.116: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.171.180.78: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.150.196.172: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.83.188: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.142.212.167: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.157.93.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.103.216.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.151.106: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.16.241.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.19.78.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.162.201.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.41.242.192: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 149.172.24.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.240.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.20.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 156.251.132.34: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 156.251.133.58: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.92.112.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.72.11.195: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.77.64.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.202.238.220: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 65.199.0.219: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 91.235.136.87: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.213.54.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.97.23.35: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 160.16.149.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.201.125.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.6.159.228: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 89.252.188.73: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.152.56.101: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.209.255.222: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.76.192.206: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.10.0.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 86.66.74.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.179.68.223: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.3.57.111: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.96.179.123: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 32.141.71.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.188.205.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.213.61.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.139.255.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.79.152.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.54.120.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 83.68.16.199:23 -> 192.168.2.20:44360
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.135.122.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.9.42.169: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 69.51.31.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.127.90.145:23 -> 192.168.2.20:48594
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.196.181.239: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 173.10.70.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 32.114.112.26: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 119.28.161.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.62.166.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.114.68.119: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.154.247.82: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.210.1.21: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.10.101.4: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.222.150.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.22.5.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.210.27.80: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.219.3.173: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.207.240.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.165.197.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 41.182.18.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.232.160.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.22.102.132: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.122.92.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 122.254.113.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.115.178.173: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 194.102.118.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 59.158.46.180:23 -> 192.168.2.20:44532
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.205.47.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.75.172.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.53.106.103: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 195.21.45.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.172.81.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.12.144.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.217.87.115: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.173.75.25: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.17.220.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.116.255.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.14.78.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.214.64.254: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.9.83.117: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 149.87.185.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 161.8.23.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 172.80.33.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.199.107.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.52.113.254:23 -> 192.168.2.20:49058
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.246.154.113: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.9.3.15: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.153.89.187: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 193.234.156.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.86.54.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.201.167.244: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.28.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.195.145.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 40.134.62.141: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 63.241.135.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.54.146.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 10.201.61.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.61.56.65: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.214.182.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.233.211.194: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.228.166.230: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 192.3.221.15: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.155.185.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.220.252.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.71.153.91: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.186.8.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.19.243.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.244.187.227: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.135.108.1:23 -> 192.168.2.20:55136
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.76.33.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.130.66: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.46.228.99: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.251.65.120: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.142.59.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.150.125.155: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.104.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.171.25.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.201.131.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.13.24.92: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.214.16.94: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.162.159.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.85.55: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.158.231.238: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 119.254.62.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.87.171.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.98.224.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.212.209.112: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.212.200.250: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 176.95.180.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.33.49.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.22.6.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.222.109.36: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.232.35.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 103.3.189.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.199.54.26: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.73.81.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.246.171.232: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 79.110.188.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 128.136.244.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.222.183.71: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.91.143.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.150.25.148: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 136.0.240.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.149.17.73: -> 192.168.2.20:

Uses known network protocols on non-standard ports

Source: unknown

Network traffic detected: HTTP traffic on port 23 -> 39270

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.20:35686 -> 37.230.137.227:1312

Source: unknown	TCP traffic detected without corresponding DNS query: 37.230.137.227
Source: unknown	TCP traffic detected without corresponding DNS query: 180.130.46.34
Source: unknown	TCP traffic detected without corresponding DNS query: 105.236.132.34
Source: unknown	TCP traffic detected without corresponding DNS query: 92.234.236.52
Source: unknown	TCP traffic detected without corresponding DNS query: 212.164.101.30
Source: unknown	TCP traffic detected without corresponding DNS query: 18.77.169.252
Source: unknown	TCP traffic detected without corresponding DNS query: 147.97.26.63
Source: unknown	TCP traffic detected without corresponding DNS query: 53.197.153.131
Source: unknown	TCP traffic detected without corresponding DNS query: 201.84.142.86
Source: unknown	TCP traffic detected without corresponding DNS query: 109.195.99.194
Source: unknown	TCP traffic detected without corresponding DNS query: 188.32.88.90
Source: unknown	TCP traffic detected without corresponding DNS query: 112.35.99.249
Source: unknown	TCP traffic detected without corresponding DNS query: 158.172.106.31
Source: unknown	TCP traffic detected without corresponding DNS query: 192.195.79.108
Source: unknown	TCP traffic detected without corresponding DNS query: 188.23.44.229
Source: unknown	TCP traffic detected without corresponding DNS query: 31.136.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 183.190.202.216
Source: unknown	TCP traffic detected without corresponding DNS query: 166.15.179.195
Source: unknown	TCP traffic detected without corresponding DNS query: 194.240.107.221
Source: unknown	TCP traffic detected without corresponding DNS query: 101.143.149.34
Source: unknown	TCP traffic detected without corresponding DNS query: 219.11.157.6
Source: unknown	TCP traffic detected without corresponding DNS query: 198.146.131.193
Source: unknown	TCP traffic detected without corresponding DNS query: 223.124.4.251
Source: unknown	TCP traffic detected without corresponding DNS query: 166.8.0.125
Source: unknown	TCP traffic detected without corresponding DNS query: 101.249.202.153
Source: unknown	TCP traffic detected without corresponding DNS query: 157.255.7.1
Source: unknown	TCP traffic detected without corresponding DNS query: 220.251.220.39
Source: unknown	TCP traffic detected without corresponding DNS query: 36.69.14.93
Source: unknown	TCP traffic detected without corresponding DNS query: 200.112.47.141
Source: unknown	TCP traffic detected without corresponding DNS query: 46.113.34.200
Source: unknown	TCP traffic detected without corresponding DNS query: 78.236.158.44
Source: unknown	TCP traffic detected without corresponding DNS query: 27.53.243.194
Source: unknown	TCP traffic detected without corresponding DNS query: 93.84.215.82
Source: unknown	TCP traffic detected without corresponding DNS query: 255.91.13.229
Source: unknown	TCP traffic detected without corresponding DNS query: 109.233.55.61
Source: unknown	TCP traffic detected without corresponding DNS query: 17.175.65.191
Source: unknown	TCP traffic detected without corresponding DNS query: 161.42.0.250
Source: unknown	TCP traffic detected without corresponding DNS query: 24.56.58.134
Source: unknown	TCP traffic detected without corresponding DNS query: 170.9.38.57
Source: unknown	TCP traffic detected without corresponding DNS query: 120.102.96.94
Source: unknown	TCP traffic detected without corresponding DNS query: 114.89.56.214
Source: unknown	TCP traffic detected without corresponding DNS query: 103.179.83.227
Source: unknown	TCP traffic detected without corresponding DNS query: 178.25.145.67
Source: unknown	TCP traffic detected without corresponding DNS query: 74.150.165.252
Source: unknown	TCP traffic detected without corresponding DNS query: 12.113.97.251
Source: unknown	TCP traffic detected without corresponding DNS query: 195.47.85.209
Source: unknown	TCP traffic detected without corresponding DNS query: 217.49.133.15
Source: unknown	TCP traffic detected without corresponding DNS query: 31.80.111.48
Source: unknown	TCP traffic detected without corresponding DNS query: 240.85.153.239
Source: unknown	TCP traffic detected without corresponding DNS query: 116.50.227.1

System Summary:

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.lin@0/0@0/0

Source: submitted sample

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown

Network traffic detected: HTTP traffic on port 23 -> 39270

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/d8dgn3wGJL (PID: 4577)

Queries kernel information via 'uname':

Jump to behavior

ID:	452442
Product:	CloudBasic
Start time:	11:13:15
Start date:	22.07.2021
Sample:	d8dgn3wGJL
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Architecture:	LINUX
MD5:	7c8ff25ee476a1cd89bbf529e0ac6af4
SHA1:	71e15a4c42d920302925c7d5ba05ca9f0c27a998
SHA256:	fcafcefe3e66e811cdf3362820d2a7a6f6ae6005374b535357bad4ff349fd4ec
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report d8dgn3wGJL

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Screenshots

Network Map

Contacted Public IPs