Edit tour
Linux
Analysis Report
EKXxSJDt9M
Overview
General Information
| Sample Name: | EKXxSJDt9M |
| Analysis ID: | 635086 |
| MD5: | b5660f088986018fa298d24c130160e2 |
| SHA1: | 799e0478a8a2aac7dbced84a439d4de1e97f6e3b |
| SHA256: | 0b1708f6466590643a7e2b64df04861c23d0916e3bc292f7a7575d811c5904b8 |
| Tags: | 32armelfmirai |
| Infos: |  |
 | |
Detection
Mirai
| Score: | 84 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Contains symbols with names commonly found in malware
Sample tries to kill multiple processes (SIGKILL)
Yara detected Mirai
Executes the "wget" command typically used for HTTP/S downloading
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "uname" command used to read OS and architecture name
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Sample contains symbols with suspicious names
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Classification
Analysis Advice
| Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior. |
| Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
| Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures. |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 635086 |
| Start date and time: 27/05/202212:57:23 | 2022-05-27 12:57:23 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 7m 23s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | EKXxSJDt9M |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Detection: | MAL |
| Classification: | mal84.spre.troj.lin@0/3@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
| Command: | /tmp/EKXxSJDt9M |
| PID: | 6259 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | Infected By Cult |
| Standard Error: |
- system is lnxubuntu20
- python3.8 New Fork (PID: 6214, Parent: 6200)
- dash New Fork (PID: 6216, Parent: 6215)
- dash New Fork (PID: 6217, Parent: 6215)
- dash New Fork (PID: 6218, Parent: 6183)
- dash New Fork (PID: 6220, Parent: 6183)
- dash New Fork (PID: 6221, Parent: 6183)
- dash New Fork (PID: 6222, Parent: 6183)
- dash New Fork (PID: 6223, Parent: 6183)
- dash New Fork (PID: 6224, Parent: 6183)
- dash New Fork (PID: 6225, Parent: 6183)
- dash New Fork (PID: 6226, Parent: 6183)
- dash New Fork (PID: 6227, Parent: 6183)
- dash New Fork (PID: 6228, Parent: 6183)
- EKXxSJDt9M New Fork (PID: 6261, Parent: 6259)
- EKXxSJDt9M New Fork (PID: 6262, Parent: 6259)
- EKXxSJDt9M New Fork (PID: 6263, Parent: 6259)
- EKXxSJDt9M New Fork (PID: 6266, Parent: 6263)
- EKXxSJDt9M New Fork (PID: 6268, Parent: 6263)
- EKXxSJDt9M New Fork (PID: 6271, Parent: 6263)
- EKXxSJDt9M New Fork (PID: 6275, Parent: 6263)
- EKXxSJDt9M New Fork (PID: 6277, Parent: 6263)
- EKXxSJDt9M New Fork (PID: 6278, Parent: 6263)
- cleanup
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
| JoeSecurity_Mirai_2 | Yara detected Mirai | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
| Timestamp: | 192.168.2.2395.57.156.6860780802839471 05/27/22-13:00:05.199395 |
| SID: | 2839471 |
| Source Port: | 60780 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.161.6.22752530802839471 05/27/22-12:59:30.199632 |
| SID: | 2839471 |
| Source Port: | 52530 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.185.188.18553834802839471 05/27/22-12:58:41.737289 |
| SID: | 2839471 |
| Source Port: | 53834 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.231.19858960802839471 05/27/22-12:58:25.823407 |
| SID: | 2839471 |
| Source Port: | 58960 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.159.71.15944874802839471 05/27/22-12:58:27.419561 |
| SID: | 2839471 |
| Source Port: | 44874 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.169.60.2036782802839471 05/27/22-12:59:04.861373 |
| SID: | 2839471 |
| Source Port: | 36782 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.99.87.141478802839471 05/27/22-12:58:13.031529 |
| SID: | 2839471 |
| Source Port: | 41478 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.250.25.22154778802839471 05/27/22-12:59:45.728583 |
| SID: | 2839471 |
| Source Port: | 54778 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.57.143.9253388802839471 05/27/22-12:58:25.857394 |
| SID: | 2839471 |
| Source Port: | 53388 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.141.80.8439310802839471 05/27/22-12:58:51.591786 |
| SID: | 2839471 |
| Source Port: | 39310 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.160.83.1847272802839471 05/27/22-13:00:20.345173 |
| SID: | 2839471 |
| Source Port: | 47272 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.166.188.18133508802839471 05/27/22-12:58:41.737517 |
| SID: | 2839471 |
| Source Port: | 33508 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.121.164.21234564802839471 05/27/22-12:59:01.230262 |
| SID: | 2839471 |
| Source Port: | 34564 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.119.24359728802839471 05/27/22-12:58:51.532952 |
| SID: | 2839471 |
| Source Port: | 59728 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.154.109.4850408802839471 05/27/22-13:00:36.622102 |
| SID: | 2839471 |
| Source Port: | 50408 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.222.64.2033946802839471 05/27/22-12:58:39.294870 |
| SID: | 2839471 |
| Source Port: | 33946 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.196.50.16443910802839471 05/27/22-12:59:09.986045 |
| SID: | 2839471 |
| Source Port: | 43910 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.196.55.9750168802839471 05/27/22-12:59:09.470968 |
| SID: | 2839471 |
| Source Port: | 50168 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.142.20144032802839471 05/27/22-12:58:22.420996 |
| SID: | 2839471 |
| Source Port: | 44032 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.232.62.24752530802839471 05/27/22-12:59:32.582788 |
| SID: | 2839471 |
| Source Port: | 52530 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.230.5860264802839471 05/27/22-12:58:20.489968 |
| SID: | 2839471 |
| Source Port: | 60264 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.255.192.20644496802839471 05/27/22-12:58:49.199612 |
| SID: | 2839471 |
| Source Port: | 44496 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.221.61.25456596802839471 05/27/22-13:00:11.289578 |
| SID: | 2839471 |
| Source Port: | 56596 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.118.20.15147310802839471 05/27/22-12:58:39.277404 |
| SID: | 2839471 |
| Source Port: | 47310 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.168.22953856802839471 05/27/22-12:58:48.723830 |
| SID: | 2839471 |
| Source Port: | 53856 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2341.78.122.13340222372152835222 05/27/22-12:59:31.321923 |
| SID: | 2835222 |
| Source Port: | 40222 |
| Destination Port: | 37215 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.2388.221.130.23134522802839471 05/27/22-12:58:49.002884 |
| SID: | 2839471 |
| Source Port: | 34522 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.119.194.20050400802839471 05/27/22-12:59:03.525009 |
| SID: | 2839471 |
| Source Port: | 50400 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.47.22.8334458802839471 05/27/22-12:59:04.849659 |
| SID: | 2839471 |
| Source Port: | 34458 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.129.17460956802839471 05/27/22-13:00:34.152190 |
| SID: | 2839471 |
| Source Port: | 60956 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.157.75.9046384802839471 05/27/22-13:00:34.192874 |
| SID: | 2839471 |
| Source Port: | 46384 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.121.187.7039392802839471 05/27/22-12:58:27.302153 |
| SID: | 2839471 |
| Source Port: | 39392 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.146.182.16452328802839471 05/27/22-12:58:12.724301 |
| SID: | 2839471 |
| Source Port: | 52328 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.196.29.20933766802839471 05/27/22-12:59:49.249094 |
| SID: | 2839471 |
| Source Port: | 33766 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.173.181.2348258802839471 05/27/22-12:58:46.336411 |
| SID: | 2839471 |
| Source Port: | 48258 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.238.8451440802839471 05/27/22-12:58:54.024278 |
| SID: | 2839471 |
| Source Port: | 51440 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.120.92.7054676802839471 05/27/22-12:58:28.261330 |
| SID: | 2839471 |
| Source Port: | 54676 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.99.6636582802839471 05/27/22-12:59:35.176029 |
| SID: | 2839471 |
| Source Port: | 36582 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.198.95.22636528802839471 05/27/22-12:59:37.128545 |
| SID: | 2839471 |
| Source Port: | 36528 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.114.113.13442138802839471 05/27/22-12:58:35.877908 |
| SID: | 2839471 |
| Source Port: | 42138 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.167.224.17157470802839471 05/27/22-13:00:11.291570 |
| SID: | 2839471 |
| Source Port: | 57470 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.133.178.10744962802839471 05/27/22-12:58:49.170848 |
| SID: | 2839471 |
| Source Port: | 44962 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.172.26.14536506802839471 05/27/22-12:58:46.138797 |
| SID: | 2839471 |
| Source Port: | 36506 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.250.11360650802839471 05/27/22-12:58:48.723925 |
| SID: | 2839471 |
| Source Port: | 60650 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.56.20.22838660802839471 05/27/22-12:58:44.735569 |
| SID: | 2839471 |
| Source Port: | 38660 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.206.140.20648410802839471 05/27/22-13:00:39.561162 |
| SID: | 2839471 |
| Source Port: | 48410 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.213.198.6836534802839471 05/27/22-12:58:44.687962 |
| SID: | 2839471 |
| Source Port: | 36534 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.216.207.13253920802839471 05/27/22-12:59:17.029180 |
| SID: | 2839471 |
| Source Port: | 53920 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.196.222.7838416802839471 05/27/22-12:58:27.823576 |
| SID: | 2839471 |
| Source Port: | 38416 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.96.93.1055052802839471 05/27/22-12:58:56.186730 |
| SID: | 2839471 |
| Source Port: | 55052 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.216.190.335344802839471 05/27/22-12:58:35.988869 |
| SID: | 2839471 |
| Source Port: | 35344 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.171.119.1237998802839471 05/27/22-12:58:39.382613 |
| SID: | 2839471 |
| Source Port: | 37998 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.70.136.10844208802839471 05/27/22-12:58:26.042045 |
| SID: | 2839471 |
| Source Port: | 44208 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.64.134.17433480802839471 05/27/22-12:59:59.470493 |
| SID: | 2839471 |
| Source Port: | 33480 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.216.98.7156920802839471 05/27/22-12:58:17.355406 |
| SID: | 2839471 |
| Source Port: | 56920 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.175.245.23742248802839471 05/27/22-12:58:42.004238 |
| SID: | 2839471 |
| Source Port: | 42248 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.188.164.12352946802839471 05/27/22-12:58:46.272069 |
| SID: | 2839471 |
| Source Port: | 52946 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.90.88.12035844802839471 05/27/22-13:00:27.481230 |
| SID: | 2839471 |
| Source Port: | 35844 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.99.6644504802839471 05/27/22-12:58:17.282923 |
| SID: | 2839471 |
| Source Port: | 44504 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.196.216.9143296802839471 05/27/22-12:58:44.690326 |
| SID: | 2839471 |
| Source Port: | 43296 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.255.38.11734668802839471 05/27/22-12:58:49.205088 |
| SID: | 2839471 |
| Source Port: | 34668 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.170.87.8148768802839471 05/27/22-12:58:46.165208 |
| SID: | 2839471 |
| Source Port: | 48768 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.160.103.19654512802839471 05/27/22-12:59:57.034595 |
| SID: | 2839471 |
| Source Port: | 54512 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.217.100.17939836802839471 05/27/22-13:00:36.374096 |
| SID: | 2839471 |
| Source Port: | 39836 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.68.77.14955898802839471 05/27/22-12:58:22.425471 |
| SID: | 2839471 |
| Source Port: | 55898 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.163.186.10938092802839471 05/27/22-12:59:49.213385 |
| SID: | 2839471 |
| Source Port: | 38092 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.178.231.7343532802839471 05/27/22-12:59:51.612840 |
| SID: | 2839471 |
| Source Port: | 43532 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.164.121.19247968802839471 05/27/22-12:59:49.226611 |
| SID: | 2839471 |
| Source Port: | 47968 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.38.21238200802839471 05/27/22-12:58:35.869377 |
| SID: | 2839471 |
| Source Port: | 38200 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.247.192.18549950802839471 05/27/22-13:00:13.734702 |
| SID: | 2839471 |
| Source Port: | 49950 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.168.22953914802839471 05/27/22-12:58:49.177419 |
| SID: | 2839471 |
| Source Port: | 53914 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.46.57.21355290802839471 05/27/22-13:00:27.475537 |
| SID: | 2839471 |
| Source Port: | 55290 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.154.250.7341752802839471 05/27/22-13:00:08.737206 |
| SID: | 2839471 |
| Source Port: | 41752 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.207.37.16336248802839471 05/27/22-13:00:54.598162 |
| SID: | 2839471 |
| Source Port: | 36248 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.87.0.14152294802839471 05/27/22-12:58:49.200635 |
| SID: | 2839471 |
| Source Port: | 52294 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.99.97.9559918802839471 05/27/22-12:58:33.695704 |
| SID: | 2839471 |
| Source Port: | 59918 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.79.44.4254026802839471 05/27/22-12:58:46.403226 |
| SID: | 2839471 |
| Source Port: | 54026 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.230.8356914802839471 05/27/22-12:59:01.211824 |
| SID: | 2839471 |
| Source Port: | 56914 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.12.107.5347420802839471 05/27/22-13:00:59.049748 |
| SID: | 2839471 |
| Source Port: | 47420 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.213.223.7851522802839471 05/27/22-12:58:32.514658 |
| SID: | 2839471 |
| Source Port: | 51522 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.160.194.19356934802839471 05/27/22-12:58:49.176822 |
| SID: | 2839471 |
| Source Port: | 56934 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.79.44.4254020802839471 05/27/22-12:58:46.138938 |
| SID: | 2839471 |
| Source Port: | 54020 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.59.4060488802839471 05/27/22-12:58:57.537732 |
| SID: | 2839471 |
| Source Port: | 60488 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.155.23.16743430802839471 05/27/22-12:59:40.676857 |
| SID: | 2839471 |
| Source Port: | 43430 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.114.12254632802839471 05/27/22-12:58:28.182021 |
| SID: | 2839471 |
| Source Port: | 54632 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.210.102.20439448802839471 05/27/22-12:59:08.945679 |
| SID: | 2839471 |
| Source Port: | 39448 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.47.105.3051376802839471 05/27/22-12:58:25.789755 |
| SID: | 2839471 |
| Source Port: | 51376 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.127.20158076802839471 05/27/22-12:58:35.858362 |
| SID: | 2839471 |
| Source Port: | 58076 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.85.86.13457842802839471 05/27/22-12:59:40.666383 |
| SID: | 2839471 |
| Source Port: | 57842 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.135.8753136802839471 05/27/22-12:59:07.412614 |
| SID: | 2839471 |
| Source Port: | 53136 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23157.230.40.13637694372152835222 05/27/22-13:00:03.260989 |
| SID: | 2835222 |
| Source Port: | 37694 |
| Destination Port: | 37215 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.2395.209.134.24240932802839471 05/27/22-12:59:51.623835 |
| SID: | 2839471 |
| Source Port: | 40932 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.173.186.10637374802839471 05/27/22-12:58:54.056148 |
| SID: | 2839471 |
| Source Port: | 37374 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.110.200.9832884802839471 05/27/22-12:58:22.411041 |
| SID: | 2839471 |
| Source Port: | 32884 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.165.12754244802839471 05/27/22-13:00:58.990170 |
| SID: | 2839471 |
| Source Port: | 54244 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.217.110.13156502802839471 05/27/22-12:58:22.381261 |
| SID: | 2839471 |
| Source Port: | 56502 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.213.160.19059582802839471 05/27/22-12:58:36.060202 |
| SID: | 2839471 |
| Source Port: | 59582 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.170.71.6952930802839471 05/27/22-12:58:17.236870 |
| SID: | 2839471 |
| Source Port: | 52930 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.227.12148798802839471 05/27/22-13:00:34.192129 |
| SID: | 2839471 |
| Source Port: | 48798 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.204.248.19859030802839471 05/27/22-12:59:26.722306 |
| SID: | 2839471 |
| Source Port: | 59030 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.99.15.6349696802839471 05/27/22-12:58:12.691272 |
| SID: | 2839471 |
| Source Port: | 49696 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.138.174.15658580802839471 05/27/22-12:58:25.769343 |
| SID: | 2839471 |
| Source Port: | 58580 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.187.239.16253782802839471 05/27/22-12:59:10.543289 |
| SID: | 2839471 |
| Source Port: | 53782 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.161.130.16459202802839471 05/27/22-12:58:36.122501 |
| SID: | 2839471 |
| Source Port: | 59202 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.91.180.13955302802839471 05/27/22-12:59:01.178203 |
| SID: | 2839471 |
| Source Port: | 55302 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.43.206.17557874802839471 05/27/22-13:00:08.765669 |
| SID: | 2839471 |
| Source Port: | 57874 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.47.19254278802839471 05/27/22-12:59:07.431866 |
| SID: | 2839471 |
| Source Port: | 54278 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.169.120.18759086802839471 05/27/22-12:58:21.790128 |
| SID: | 2839471 |
| Source Port: | 59086 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.33.144.9854204802839471 05/27/22-13:00:01.108546 |
| SID: | 2839471 |
| Source Port: | 54204 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.59.123.12536684802839471 05/27/22-12:58:44.735927 |
| SID: | 2839471 |
| Source Port: | 36684 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.46.13240466802839471 05/27/22-12:59:38.224523 |
| SID: | 2839471 |
| Source Port: | 40466 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.185.155.13259896802839471 05/27/22-13:00:48.219655 |
| SID: | 2839471 |
| Source Port: | 59896 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.209.203.9843194802839471 05/27/22-13:00:29.897889 |
| SID: | 2839471 |
| Source Port: | 43194 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.46.5159876802839471 05/27/22-12:59:25.352468 |
| SID: | 2839471 |
| Source Port: | 59876 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.202.224.8633140802839471 05/27/22-12:58:15.111842 |
| SID: | 2839471 |
| Source Port: | 33140 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.108.245.18149686802839471 05/27/22-12:58:54.052754 |
| SID: | 2839471 |
| Source Port: | 49686 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.119.160.7741678802839471 05/27/22-12:58:48.799831 |
| SID: | 2839471 |
| Source Port: | 41678 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.26.207.10758182802839471 05/27/22-13:00:22.955363 |
| SID: | 2839471 |
| Source Port: | 58182 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.107.210.1448654802839471 05/27/22-13:00:36.341630 |
| SID: | 2839471 |
| Source Port: | 48654 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.85.75.10258520802839471 05/27/22-12:58:13.034600 |
| SID: | 2839471 |
| Source Port: | 58520 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.83.126.1938148802839471 05/27/22-13:01:01.304144 |
| SID: | 2839471 |
| Source Port: | 38148 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.193.158.18442500802839471 05/27/22-13:00:19.923528 |
| SID: | 2839471 |
| Source Port: | 42500 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.173.236.24248996802839471 05/27/22-13:00:50.736397 |
| SID: | 2839471 |
| Source Port: | 48996 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.31.151.13137462802839471 05/27/22-13:00:01.067921 |
| SID: | 2839471 |
| Source Port: | 37462 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.162.106.21140694802839471 05/27/22-12:58:51.525981 |
| SID: | 2839471 |
| Source Port: | 40694 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.126.4944542802839471 05/27/22-13:00:34.152794 |
| SID: | 2839471 |
| Source Port: | 44542 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.98.24.7555196802839471 05/27/22-12:59:07.412827 |
| SID: | 2839471 |
| Source Port: | 55196 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.86.125.20845734802839471 05/27/22-12:59:32.592008 |
| SID: | 2839471 |
| Source Port: | 45734 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.204.78.23634514802839471 05/27/22-13:00:13.765844 |
| SID: | 2839471 |
| Source Port: | 34514 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.230.16758202802839471 05/27/22-12:59:16.915039 |
| SID: | 2839471 |
| Source Port: | 58202 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.38.150.17642612802839471 05/27/22-12:59:32.691202 |
| SID: | 2839471 |
| Source Port: | 42612 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.179.3458084802839471 05/27/22-13:00:36.305457 |
| SID: | 2839471 |
| Source Port: | 58084 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.110.213.24159402802839471 05/27/22-12:58:39.284921 |
| SID: | 2839471 |
| Source Port: | 59402 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.240.58.8655546802839471 05/27/22-12:58:51.509791 |
| SID: | 2839471 |
| Source Port: | 55546 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.250.118.23336626802839471 05/27/22-12:58:49.207301 |
| SID: | 2839471 |
| Source Port: | 36626 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.9.127.16856844802839471 05/27/22-12:59:07.456522 |
| SID: | 2839471 |
| Source Port: | 56844 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.0.9336052802839471 05/27/22-12:58:48.747030 |
| SID: | 2839471 |
| Source Port: | 36052 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.172.26.14536400802839471 05/27/22-12:58:41.756911 |
| SID: | 2839471 |
| Source Port: | 36400 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.161.15142068802839471 05/27/22-12:58:35.866799 |
| SID: | 2839471 |
| Source Port: | 42068 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.99.225.17535014802839471 05/27/22-12:58:49.163982 |
| SID: | 2839471 |
| Source Port: | 35014 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.172.26.14536634802839471 05/27/22-12:58:51.550934 |
| SID: | 2839471 |
| Source Port: | 36634 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.144.8447434802839471 05/27/22-12:59:38.195736 |
| SID: | 2839471 |
| Source Port: | 47434 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |