Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
qFhgp7xLT7

Overview

General Information

Sample Name:qFhgp7xLT7
Analysis ID:635076
MD5:60c16bbdea70d058618c85e3e7d5a7c5
SHA1:333cc469a02c21fdde6206127bc0656919f7d05c
SHA256:3d8b14056393a46c2f3b2c2db245f3d3bef205eae544ab7a01cb47d56cbb8e8c
Tags:32elfintelmirai
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Sample tries to kill multiple processes (SIGKILL)
Sample has stripped symbol table
HTTP GET or POST without a user agent
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:635076
Start date and time: 27/05/202212:30:062022-05-27 12:30:06 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 19s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:qFhgp7xLT7
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal76.spre.troj.lin@0/0@0/0
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://102.129.143.42:45766/
Command:/tmp/qFhgp7xLT7
PID:6237
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected By Cult
Standard Error:
  • system is lnxubuntu20
  • qFhgp7xLT7 (PID: 6237, Parent: 6125, MD5: 60c16bbdea70d058618c85e3e7d5a7c5) Arguments: /tmp/qFhgp7xLT7
  • cleanup
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    Timestamp:192.168.2.23112.72.202.7037234802839471 05/27/22-12:33:25.144916
    SID:2839471
    Source Port:37234
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.248.3.1233844802839471 05/27/22-12:32:09.515172
    SID:2839471
    Source Port:33844
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.67.12845550802839471 05/27/22-12:31:17.612604
    SID:2839471
    Source Port:45550
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.95.5834904802839471 05/27/22-12:33:19.894224
    SID:2839471
    Source Port:34904
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.157.13536388802839471 05/27/22-12:31:45.532082
    SID:2839471
    Source Port:36388
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.80.187.2054684802839471 05/27/22-12:31:48.571853
    SID:2839471
    Source Port:54684
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.186.20.3843052802839471 05/27/22-12:32:37.328412
    SID:2839471
    Source Port:43052
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.142.154.3538450802839471 05/27/22-12:33:45.996466
    SID:2839471
    Source Port:38450
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.119.176.7846082802839471 05/27/22-12:31:17.602521
    SID:2839471
    Source Port:46082
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.202.185.3443256802839471 05/27/22-12:31:48.544252
    SID:2839471
    Source Port:43256
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.213.144.23458586802839471 05/27/22-12:31:56.949860
    SID:2839471
    Source Port:58586
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.55.5240524802839471 05/27/22-12:33:51.607828
    SID:2839471
    Source Port:40524
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.182.10450788802839471 05/27/22-12:32:43.974254
    SID:2839471
    Source Port:50788
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.181.216.18845576802839471 05/27/22-12:31:45.532015
    SID:2839471
    Source Port:45576
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.46.5638706802839471 05/27/22-12:30:59.349797
    SID:2839471
    Source Port:38706
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.197.186.6934248802839471 05/27/22-12:34:15.486204
    SID:2839471
    Source Port:34248
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.85.49.12557494802839471 05/27/22-12:31:01.042653
    SID:2839471
    Source Port:57494
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.51.17833806802839471 05/27/22-12:34:11.712649
    SID:2839471
    Source Port:33806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.248.97.4251404802839471 05/27/22-12:31:19.756383
    SID:2839471
    Source Port:51404
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.211.86.22251576802839471 05/27/22-12:31:28.539011
    SID:2839471
    Source Port:51576
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.234.59.4957624372152835222 05/27/22-12:33:52.815817
    SID:2835222
    Source Port:57624
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.223.8845340802839471 05/27/22-12:31:01.059678
    SID:2839471
    Source Port:45340
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.80.109.20545624802839471 05/27/22-12:33:44.241244
    SID:2839471
    Source Port:45624
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.183.11.6060636802839471 05/27/22-12:31:33.291681
    SID:2839471
    Source Port:60636
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.153.193.10557226802839471 05/27/22-12:33:32.506696
    SID:2839471
    Source Port:57226
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.186.70.8049836802839471 05/27/22-12:31:46.023807
    SID:2839471
    Source Port:49836
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.110.179.22947442802839471 05/27/22-12:32:12.681029
    SID:2839471
    Source Port:47442
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.166.221.9432838802839471 05/27/22-12:32:39.180234
    SID:2839471
    Source Port:32838
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.212.1.16633040802839471 05/27/22-12:32:16.185110
    SID:2839471
    Source Port:33040
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.14.86.19846290802839471 05/27/22-12:31:33.281866
    SID:2839471
    Source Port:46290
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.167.174.10546562802839471 05/27/22-12:31:50.944811
    SID:2839471
    Source Port:46562
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.186.20.3843220802839471 05/27/22-12:32:47.374861
    SID:2839471
    Source Port:43220
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.119.146.2644976802839471 05/27/22-12:33:27.528059
    SID:2839471
    Source Port:44976
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.225.227.24433820802839471 05/27/22-12:31:06.463207
    SID:2839471
    Source Port:33820
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.81.130.6753396802839471 05/27/22-12:31:51.424495
    SID:2839471
    Source Port:53396
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.61.339992802839471 05/27/22-12:31:33.483422
    SID:2839471
    Source Port:39992
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.175.41.18034328802839471 05/27/22-12:32:13.340256
    SID:2839471
    Source Port:34328
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.93.13439556802839471 05/27/22-12:32:02.442088
    SID:2839471
    Source Port:39556
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.40.18858726802839471 05/27/22-12:31:54.763991
    SID:2839471
    Source Port:58726
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.210.23144612802839471 05/27/22-12:31:00.444715
    SID:2839471
    Source Port:44612
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.211.24.21636048802839471 05/27/22-12:34:29.393344
    SID:2839471
    Source Port:36048
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.202.3455820802839471 05/27/22-12:31:35.237352
    SID:2839471
    Source Port:55820
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.218.28.7358892802839471 05/27/22-12:32:18.783163
    SID:2839471
    Source Port:58892
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.7.13456148802839471 05/27/22-12:33:06.960464
    SID:2839471
    Source Port:56148
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.174.197.18435646802839471 05/27/22-12:31:11.849947
    SID:2839471
    Source Port:35646
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.79.4439520802839471 05/27/22-12:31:50.936841
    SID:2839471
    Source Port:39520
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.149.226.20155834802839471 05/27/22-12:32:37.572523
    SID:2839471
    Source Port:55834
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.186.20.3843104802839471 05/27/22-12:32:41.687023
    SID:2839471
    Source Port:43104
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.168.210.3346156802839471 05/27/22-12:32:06.984091
    SID:2839471
    Source Port:46156
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.211.152.13753944802839471 05/27/22-12:32:18.728402
    SID:2839471
    Source Port:53944
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.142.205.21235762802839471 05/27/22-12:31:34.926249
    SID:2839471
    Source Port:35762
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.238.152.22358532802839471 05/27/22-12:32:22.621176
    SID:2839471
    Source Port:58532
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.70.24736802802839471 05/27/22-12:32:30.210014
    SID:2839471
    Source Port:36802
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.244.6440006802839471 05/27/22-12:32:30.316788
    SID:2839471
    Source Port:40006
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.151.10550458802839471 05/27/22-12:31:23.849032
    SID:2839471
    Source Port:50458
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.65.82.20149266802839471 05/27/22-12:34:15.312931
    SID:2839471
    Source Port:49266
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.87.122.4440572802839471 05/27/22-12:31:54.832677
    SID:2839471
    Source Port:40572
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.20.119.9339774802839471 05/27/22-12:33:53.002379
    SID:2839471
    Source Port:39774
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.214.91.943860802839471 05/27/22-12:34:06.593929
    SID:2839471
    Source Port:43860
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.124.202.5949088802839471 05/27/22-12:32:30.928386
    SID:2839471
    Source Port:49088
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.154.219.6738350802839471 05/27/22-12:32:36.726942
    SID:2839471
    Source Port:38350
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.84.18252118802839471 05/27/22-12:31:38.667115
    SID:2839471
    Source Port:52118
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.235.105.20446940802839471 05/27/22-12:33:12.901640
    SID:2839471
    Source Port:46940
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.178.147.9751130802839471 05/27/22-12:31:28.520517
    SID:2839471
    Source Port:51130
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.204.11037574802839471 05/27/22-12:31:00.396025
    SID:2839471
    Source Port:37574
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.137.15253476802839471 05/27/22-12:31:42.335689
    SID:2839471
    Source Port:53476
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.154.221.17751686802839471 05/27/22-12:32:22.567031
    SID:2839471
    Source Port:51686
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.84.4244326802839471 05/27/22-12:31:54.754494
    SID:2839471
    Source Port:44326
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.82.746910802839471 05/27/22-12:31:19.799558
    SID:2839471
    Source Port:46910
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.164.173.2357754802839471 05/27/22-12:32:02.457344
    SID:2839471
    Source Port:57754
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.169.182.14540522802839471 05/27/22-12:31:28.532451
    SID:2839471
    Source Port:40522
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.211.189.20459478802839471 05/27/22-12:33:00.977962
    SID:2839471
    Source Port:59478
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.171.40.22351266802839471 05/27/22-12:34:26.065722
    SID:2839471
    Source Port:51266
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.98.181.15749770802839471 05/27/22-12:33:01.043025
    SID:2839471
    Source Port:49770
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.161.2857428802839471 05/27/22-12:31:33.308821
    SID:2839471
    Source Port:57428
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.113.559516802839471 05/27/22-12:32:19.026650
    SID:2839471
    Source Port:59516
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.208.214.8354508802839471 05/27/22-12:33:14.819620
    SID:2839471
    Source Port:54508
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.59.245.2043218802839471 05/27/22-12:32:30.308154
    SID:2839471
    Source Port:43218
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.208.220.547198802839471 05/27/22-12:31:23.868712
    SID:2839471
    Source Port:47198
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.39.140.1534816802839471 05/27/22-12:31:38.557073
    SID:2839471
    Source Port:34816
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.22.247.17554798802839471 05/27/22-12:32:16.218137
    SID:2839471
    Source Port:54798
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.80.16635368802839471 05/27/22-12:31:19.815486
    SID:2839471
    Source Port:35368
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.165.255.538992802839471 05/27/22-12:34:00.476246
    SID:2839471
    Source Port:38992
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.179.7247718802839471 05/27/22-12:33:45.559487
    SID:2839471
    Source Port:47718
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.31.233.346718802839471 05/27/22-12:31:20.193652
    SID:2839471
    Source Port:46718
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.138.128.7836584802839471 05/27/22-12:31:54.758519
    SID:2839471
    Source Port:36584
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.59.33.16151250802839471 05/27/22-12:32:24.240623
    SID:2839471
    Source Port:51250
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.163.26.19238608802839471 05/27/22-12:32:18.792798
    SID:2839471
    Source Port:38608
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.46.13850426802839471 05/27/22-12:31:51.214773
    SID:2839471
    Source Port:50426
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.26.9340238802839471 05/27/22-12:32:22.579519
    SID:2839471
    Source Port:40238
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.117.8556186802839471 05/27/22-12:31:15.088619
    SID:2839471
    Source Port:56186
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.159.47.2739312802839471 05/27/22-12:31:19.910781
    SID:2839471
    Source Port:39312
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.12.46.21853806802839471 05/27/22-12:31:23.930863
    SID:2839471
    Source Port:53806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.14.20760674802839471 05/27/22-12:33:11.611379
    SID:2839471
    Source Port:60674
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.80.20.16059264802839471 05/27/22-12:31:31.124184
    SID:2839471
    Source Port:59264
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.129.59.5441168802839471 05/27/22-12:31:54.808552
    SID:2839471
    Source Port:41168
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.162.8249118802839471 05/27/22-12:32:12.671842
    SID:2839471
    Source Port:49118
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.154.232.18054160802839471 05/27/22-12:31:19.786814
    SID:2839471
    Source Port:54160
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.210.11343142802839471 05/27/22-12:31:56.914233
    SID:2839471
    Source Port:43142
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.247.209.7656418802839471 05/27/22-12:32:44.011426
    SID:2839471
    Source Port:56418
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.78.21536224802839471 05/27/22-12:32:22.566529
    SID:2839471
    Source Port:36224
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.111.194.23152466802839471 05/27/22-12:31:33.671458
    SID:2839471
    Source Port:52466
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.242.25248898802839471 05/27/22-12:32:00.067857
    SID:2839471
    Source Port:48898
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.239.15650468802839471 05/27/22-12:32:19.018154
    SID:2839471
    Source Port:50468
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.174.1043504802839471 05/27/22-12:33:58.075621
    SID:2839471
    Source Port:43504
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.148.4654120802839471 05/27/22-12:31:23.853653
    SID:2839471
    Source Port:54120
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.38.192.9948692802839471 05/27/22-12:31:34.995858
    SID:2839471
    Source Port:48692
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.143.188.16843516802839471 05/27/22-12:31:45.547396
    SID:2839471
    Source Port:43516
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.77.1557238802839471 05/27/22-12:33:39.992640
    SID:2839471
    Source Port:57238
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.222.19559234802839471 05/27/22-12:31:17.577531
    SID:2839471
    Source Port:59234
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.157.17757174802839471 05/27/22-12:31:38.540240
    SID:2839471
    Source Port:57174
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.142.3459320802839471 05/27/22-12:31:23.802886
    SID:2839471
    Source Port:59320
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.186.17755934802839471 05/27/22-12:31:19.783764
    SID:2839471
    Source Port:55934
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.197.186.6934232802839471 05/27/22-12:34:15.264649
    SID:2839471
    Source Port:34232
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.225.19342160802839471 05/27/22-12:31:43.544055
    SID:2839471
    Source Port:42160
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.213.207.446980802839471 05/27/22-12:31:48.561691
    SID:2839471
    Source Port:46980
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.167.1339100802839471 05/27/22-12:31:17.554715
    SID:2839471
    Source Port:39100
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.169.212.14050382802839471 05/27/22-12:33:09.361075
    SID:2839471
    Source Port:50382
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.122.156.19160710802839471 05/27/22-12:32:09.446158
    SID:2839471
    Source Port:60710
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.181.216.13439360802839471 05/27/22-12:33:56.676376
    SID:2839471
    Source Port:39360
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.39.11039044802839471 05/27/22-12:31:34.961644
    SID:2839471
    Source Port:39044
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.165.103.7553042802839471 05/27/22-12:32:06.956682
    SID:2839471
    Source Port:53042
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.210.2041554802839471 05/27/22-12:33:48.061475
    SID:2839471
    Source Port:41554
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.111.247.19134022802839471 05/27/22-12:31:33.249723
    SID:2839471
    Source Port:34022
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.134.4155198802839471 05/27/22-12:33:43.132577
    SID:2839471
    Source Port:55198
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.143.218.15158842802839471 05/27/22-12:31:34.920579
    SID:2839471
    Source Port:58842
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.25.17758708802839471 05/27/22-12:33:11.671020
    SID:2839471
    Source Port:58708
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.45.117.15235872802839471 05/27/22-12:32:22.616897
    SID:2839471
    Source Port:35872
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.225.240.20647174802839471 05/27/22-12:32:00.123619
    SID:2839471
    Source Port:47174
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.139.131.7156624802839471 05/27/22-12:31:19.900307
    SID:2839471
    Source Port:56624
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.70.237.1542186802839471 05/27/22-12:32:16.418537
    SID:2839471
    Source Port:42186
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.48.23837696802839471 05/27/22-12:33:40.977680
    SID:2839471
    Source Port:37696
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.173.178.449408802839471 05/27/22-12:32:07.017851
    SID:2839471
    Source Port:49408
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.152.159.9645460802839471 05/27/22-12:32:18.787691
    SID:2839471
    Source Port:45460
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.143.5041066802839471 05/27/22-12:31:38.463113
    SID:2839471
    Source Port:41066
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.206.140.20648232802839471 05/27/22-12:33:29.276621
    SID:2839471
    Source Port:48232
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.48.170.10346806802839471 05/27/22-12:31:51.437308
    SID:2839471
    Source Port:46806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.111.251.3158270802839471 05/27/22-12:34:13.924270
    SID:2839471
    Source Port:58270
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.138.20456560802839471 05/27/22-12:32:06.997755
    SID:2839471
    Source Port:56560
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.64.21642418802839471 05/27/22-12:31:38.463136
    SID:2839471
    Source Port:42418
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.164.219.10052268802839471 05/27/22-12:32:07.060866
    SID:2839471
    Source Port:52268
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.139.17341446802839471 05/27/22-12:31:15.018641
    SID:2839471
    Source Port:41446
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.111.2735636802839471 05/27/22-12:31:25.170536
    SID:2839471
    Source Port:35636
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.196.10042160802839471 05/27/22-12:31:29.023462
    SID:2839471
    Source Port:42160
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.103.173.6754636802839471 05/27/22-12:34:17.807413
    SID:2839471
    Source Port:54636
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.47.1.17334512802839471 05/27/22-12:32:15.868522
    SID:2839471
    Source Port:34512
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.200.243.9341862802839471 05/27/22-12:33:05.511661
    SID:2839471
    Source Port:41862
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.203.6.12952030802839471 05/27/22-12:31:45.486116
    SID:2839471
    Source Port:52030
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.197.186.6934662802839471 05/27/22-12:34:29.593435
    SID:2839471
    Source Port:34662
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.181.161.18833806802839471 05/27/22-12:32:12.680954
    SID:2839471
    Source Port:33806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.211.83.7245092802839471 05/27/22-12:31:54.800343
    SID:2839471
    Source Port:45092
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.87.4.5151120802839471 05/27/22-12:31:15.092894
    SID:2839471
    Source Port:51120
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.180.15238212802839471 05/27/22-12:33:30.964976
    SID:2839471
    Source Port:38212
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.87.26.2551386802839471 05/27/22-12:31:15.092875
    SID:2839471
    Source Port:51386
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.34.44.17258598802839471 05/27/22-12:32:45.075473
    SID:2839471
    Source Port:58598
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.111.2735596802839471 05/27/22-12:31:23.848429
    SID:2839471
    Source Port:35596
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.163.5.17945500802839471 05/27/22-12:31:23.584004
    SID:2839471
    Source Port:45500
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.86.215.22060880802839471 05/27/22-12:31:43.521931
    SID:2839471
    Source Port:60880
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.121.174.2733836802839471 05/27/22-12:32:12.885897
    SID:2839471
    Source Port:33836
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.211.189.10935672802839471 05/27/22-12:33:05.551569
    SID:2839471
    Source Port:35672
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.139.246.10660628802839471 05/27/22-12:31:00.389921
    SID:2839471
    Source Port:60628
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.245.178.853938802839471 05/27/22-12:32:18.853740
    SID:2839471
    Source Port:53938
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.211.85.7945736802839471 05/27/22-12:32:52.261918
    SID:2839471
    Source Port:45736
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.226.61.13044442802839471 05/27/22-12:33:05.595447
    SID:2839471
    Source Port:44442
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.196.112.11338078802839471 05/27/22-12:34:26.100254
    SID:2839471
    Source Port:38078
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.47.23354886802839471 05/27/22-12:32:06.997849
    SID:2839471
    Source Port:54886
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.213.212.18938108802839471 05/27/22-12:31:06.389031
    SID:2839471
    Source Port:38108
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.213.45.9234744802839471 05/27/22-12:31:23.654056
    SID:2839471
    Source Port:34744
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.255.55.21546638802839471 05/27/22-12:31:48.630707
    SID:2839471
    Source Port:46638
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2341.0.91.12739528372152835222 05/27/22-12:34:12.220909
    SID:2835222
    Source Port:39528
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.216.103.15835942802839471 05/27/22-12:31:42.389093
    SID:2839471
    Source Port:35942
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.131.160.14457636802839471 05/27/22-12:32:36.982308
    SID:2839471
    Source Port:57636
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.35.79.5439488802839471 05/27/22-12:32:12.893316
    SID:2839471
    Source Port:39488
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.29.12344802802839471 05/27/22-12:33:01.063137
    SID:2839471
    Source Port:44802
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.250.68.22540434802839471 05/27/22-12:34:17.873487
    SID:2839471
    Source Port:40434
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.109.137.16250830802839471 05/27/22-12:32:53.097961
    SID:2839471
    Source Port:50830
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.205.1139676802839471 05/27/22-12:32:22.952163
    SID:2839471
    Source Port:39676
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.172.108.6844012802839471 05/27/22-12:31:26.456649
    SID:2839471
    Source Port:44012
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.65.18134938802839471 05/27/22-12:34:15.279681
    SID:2839471
    Source Port:34938
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.184.16060202802839471 05/27/22-12:31:46.274302
    SID:2839471
    Source Port:60202
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.24.129.16135668802839471 05/27/22-12:34:17.895514
    SID:2839471
    Source Port:35668
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.129.208.23659430802839471 05/27/22-12:32:22.558579
    SID:2839471
    Source Port:59430
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.14.5.22450654802839471 05/27/22-12:32:06.968249
    SID:2839471
    Source Port:50654
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.213.102.19753180802839471 05/27/22-12:31:40.096566
    SID:2839471
    Source Port:53180
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.197.186.6934428802839471 05/27/22-12:34:21.537072
    SID:2839471
    Source Port:34428
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.151.147.3752382802839471 05/27/22-12:31:33.320284
    SID:2839471
    Source Port:52382
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.225.231.24140972802839471 05/27/22-12:33:30.985507
    SID:2839471
    Source Port:40972
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.58.12757136802839471 05/27/22-12:31:00.709407
    SID:2839471
    Source Port:57136
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.203.6.12952022802839471 05/27/22-12:31:42.372374
    SID:2839471
    Source Port:52022
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.186.12234042802839471 05/27/22-12:31:43.549751
    SID:2839471
    Source Port:34042
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.77.153.1350944802839471 05/27/22-12:31:34.999503
    SID:2839471
    Source Port:50944
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.232.10152404802839471 05/27/22-12:33:43.043686
    SID:2839471
    Source Port:52404
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.249.6.18243248802839471 05/27/22-12:31:19.925251
    SID:2839471
    Source Port:43248
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.135.194.12947528802839471 05/27/22-12:32:27.557736
    SID:2839471
    Source Port:47528
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.140.155.24039534802839471 05/27/22-12:31:11.848254
    SID:2839471
    Source Port:39534
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.67.8.5649576802839471 05/27/22-12:31:54.770414
    SID:2839471
    Source Port:49576
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.251.19650388802839471 05/27/22-12:32:24.131