Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
EKXxSJDt9M

Overview

General Information

Sample Name:EKXxSJDt9M
Analysis ID:635086
MD5:b5660f088986018fa298d24c130160e2
SHA1:799e0478a8a2aac7dbced84a439d4de1e97f6e3b
SHA256:0b1708f6466590643a7e2b64df04861c23d0916e3bc292f7a7575d811c5904b8
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Contains symbols with names commonly found in malware
Sample tries to kill multiple processes (SIGKILL)
Yara detected Mirai
Executes the "wget" command typically used for HTTP/S downloading
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "uname" command used to read OS and architecture name
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Sample contains symbols with suspicious names
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:635086
Start date and time: 27/05/202212:57:232022-05-27 12:57:23 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 23s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:EKXxSJDt9M
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal84.spre.troj.lin@0/3@0/0
  • Report size exceeded maximum capacity and may have missing network information.
Command:/tmp/EKXxSJDt9M
PID:6259
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected By Cult
Standard Error:
  • system is lnxubuntu20
  • uname (PID: 6214, Parent: 6200, MD5: 4ac7c634c5bec95753c480e9d421dcc2) Arguments: uname -p
  • dash New Fork (PID: 6216, Parent: 6215)
  • cut (PID: 6216, Parent: 6215, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -40 /tmp/tmp.cnYNqYQvB7
  • dash New Fork (PID: 6217, Parent: 6215)
  • tr (PID: 6217, Parent: 6215, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -c -d [:alnum:]
  • dash New Fork (PID: 6218, Parent: 6183)
  • wget (PID: 6218, Parent: 6183, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget --timeout 60 -U "wget/1.20.3-1ubuntu1 Ubuntu/20.04.2/LTS GNU/Linux/5.4.0-72-generic/x86_64 Intel(R)/Xeon(R)/Silver/4210/CPU/@/2.20GHz cloud_id/none" -O- --content-on-error https://motd.ubuntu.com
  • dash New Fork (PID: 6220, Parent: 6183)
  • cat (PID: 6220, Parent: 6183, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.prLdOPAcfV
  • dash New Fork (PID: 6221, Parent: 6183)
  • head (PID: 6221, Parent: 6183, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6222, Parent: 6183)
  • tr (PID: 6222, Parent: 6183, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6223, Parent: 6183)
  • cut (PID: 6223, Parent: 6183, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6224, Parent: 6183)
  • cat (PID: 6224, Parent: 6183, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.prLdOPAcfV
  • dash New Fork (PID: 6225, Parent: 6183)
  • head (PID: 6225, Parent: 6183, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6226, Parent: 6183)
  • tr (PID: 6226, Parent: 6183, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6227, Parent: 6183)
  • cut (PID: 6227, Parent: 6183, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6228, Parent: 6183)
  • rm (PID: 6228, Parent: 6183, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.prLdOPAcfV /tmp/tmp.KNItEUZoGw /tmp/tmp.cnYNqYQvB7
  • EKXxSJDt9M (PID: 6259, Parent: 6120, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/EKXxSJDt9M
  • cleanup
SourceRuleDescriptionAuthorStrings
EKXxSJDt9MJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    EKXxSJDt9MJoeSecurity_Mirai_2Yara detected MiraiJoe Security
      SourceRuleDescriptionAuthorStrings
      dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
        Timestamp:192.168.2.2395.57.156.6860780802839471 05/27/22-13:00:05.199395
        SID:2839471
        Source Port:60780
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.161.6.22752530802839471 05/27/22-12:59:30.199632
        SID:2839471
        Source Port:52530
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.185.188.18553834802839471 05/27/22-12:58:41.737289
        SID:2839471
        Source Port:53834
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.100.231.19858960802839471 05/27/22-12:58:25.823407
        SID:2839471
        Source Port:58960
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.159.71.15944874802839471 05/27/22-12:58:27.419561
        SID:2839471
        Source Port:44874
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.169.60.2036782802839471 05/27/22-12:59:04.861373
        SID:2839471
        Source Port:36782
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.99.87.141478802839471 05/27/22-12:58:13.031529
        SID:2839471
        Source Port:41478
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.250.25.22154778802839471 05/27/22-12:59:45.728583
        SID:2839471
        Source Port:54778
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.57.143.9253388802839471 05/27/22-12:58:25.857394
        SID:2839471
        Source Port:53388
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.141.80.8439310802839471 05/27/22-12:58:51.591786
        SID:2839471
        Source Port:39310
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.160.83.1847272802839471 05/27/22-13:00:20.345173
        SID:2839471
        Source Port:47272
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.166.188.18133508802839471 05/27/22-12:58:41.737517
        SID:2839471
        Source Port:33508
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.121.164.21234564802839471 05/27/22-12:59:01.230262
        SID:2839471
        Source Port:34564
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.119.24359728802839471 05/27/22-12:58:51.532952
        SID:2839471
        Source Port:59728
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.154.109.4850408802839471 05/27/22-13:00:36.622102
        SID:2839471
        Source Port:50408
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.222.64.2033946802839471 05/27/22-12:58:39.294870
        SID:2839471
        Source Port:33946
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.196.50.16443910802839471 05/27/22-12:59:09.986045
        SID:2839471
        Source Port:43910
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.196.55.9750168802839471 05/27/22-12:59:09.470968
        SID:2839471
        Source Port:50168
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.142.20144032802839471 05/27/22-12:58:22.420996
        SID:2839471
        Source Port:44032
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.232.62.24752530802839471 05/27/22-12:59:32.582788
        SID:2839471
        Source Port:52530
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.100.230.5860264802839471 05/27/22-12:58:20.489968
        SID:2839471
        Source Port:60264
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.255.192.20644496802839471 05/27/22-12:58:49.199612
        SID:2839471
        Source Port:44496
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.221.61.25456596802839471 05/27/22-13:00:11.289578
        SID:2839471
        Source Port:56596
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.118.20.15147310802839471 05/27/22-12:58:39.277404
        SID:2839471
        Source Port:47310
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.168.22953856802839471 05/27/22-12:58:48.723830
        SID:2839471
        Source Port:53856
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2341.78.122.13340222372152835222 05/27/22-12:59:31.321923
        SID:2835222
        Source Port:40222
        Destination Port:37215
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.221.130.23134522802839471 05/27/22-12:58:49.002884
        SID:2839471
        Source Port:34522
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.119.194.20050400802839471 05/27/22-12:59:03.525009
        SID:2839471
        Source Port:50400
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.47.22.8334458802839471 05/27/22-12:59:04.849659
        SID:2839471
        Source Port:34458
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.129.17460956802839471 05/27/22-13:00:34.152190
        SID:2839471
        Source Port:60956
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.157.75.9046384802839471 05/27/22-13:00:34.192874
        SID:2839471
        Source Port:46384
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.121.187.7039392802839471 05/27/22-12:58:27.302153
        SID:2839471
        Source Port:39392
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.146.182.16452328802839471 05/27/22-12:58:12.724301
        SID:2839471
        Source Port:52328
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.196.29.20933766802839471 05/27/22-12:59:49.249094
        SID:2839471
        Source Port:33766
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.173.181.2348258802839471 05/27/22-12:58:46.336411
        SID:2839471
        Source Port:48258
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.100.238.8451440802839471 05/27/22-12:58:54.024278
        SID:2839471
        Source Port:51440
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.120.92.7054676802839471 05/27/22-12:58:28.261330
        SID:2839471
        Source Port:54676
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.99.6636582802839471 05/27/22-12:59:35.176029
        SID:2839471
        Source Port:36582
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.198.95.22636528802839471 05/27/22-12:59:37.128545
        SID:2839471
        Source Port:36528
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.114.113.13442138802839471 05/27/22-12:58:35.877908
        SID:2839471
        Source Port:42138
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.167.224.17157470802839471 05/27/22-13:00:11.291570
        SID:2839471
        Source Port:57470
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.133.178.10744962802839471 05/27/22-12:58:49.170848
        SID:2839471
        Source Port:44962
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.172.26.14536506802839471 05/27/22-12:58:46.138797
        SID:2839471
        Source Port:36506
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.100.250.11360650802839471 05/27/22-12:58:48.723925
        SID:2839471
        Source Port:60650
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.56.20.22838660802839471 05/27/22-12:58:44.735569
        SID:2839471
        Source Port:38660
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.206.140.20648410802839471 05/27/22-13:00:39.561162
        SID:2839471
        Source Port:48410
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.213.198.6836534802839471 05/27/22-12:58:44.687962
        SID:2839471
        Source Port:36534
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.216.207.13253920802839471 05/27/22-12:59:17.029180
        SID:2839471
        Source Port:53920
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.196.222.7838416802839471 05/27/22-12:58:27.823576
        SID:2839471
        Source Port:38416
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.96.93.1055052802839471 05/27/22-12:58:56.186730
        SID:2839471
        Source Port:55052
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.216.190.335344802839471 05/27/22-12:58:35.988869
        SID:2839471
        Source Port:35344
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.171.119.1237998802839471 05/27/22-12:58:39.382613
        SID:2839471
        Source Port:37998
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.70.136.10844208802839471 05/27/22-12:58:26.042045
        SID:2839471
        Source Port:44208
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.64.134.17433480802839471 05/27/22-12:59:59.470493
        SID:2839471
        Source Port:33480
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.216.98.7156920802839471 05/27/22-12:58:17.355406
        SID:2839471
        Source Port:56920
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.175.245.23742248802839471 05/27/22-12:58:42.004238
        SID:2839471
        Source Port:42248
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.188.164.12352946802839471 05/27/22-12:58:46.272069
        SID:2839471
        Source Port:52946
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.90.88.12035844802839471 05/27/22-13:00:27.481230
        SID:2839471
        Source Port:35844
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.99.6644504802839471 05/27/22-12:58:17.282923
        SID:2839471
        Source Port:44504
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.196.216.9143296802839471 05/27/22-12:58:44.690326
        SID:2839471
        Source Port:43296
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.255.38.11734668802839471 05/27/22-12:58:49.205088
        SID:2839471
        Source Port:34668
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.170.87.8148768802839471 05/27/22-12:58:46.165208
        SID:2839471
        Source Port:48768
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.160.103.19654512802839471 05/27/22-12:59:57.034595
        SID:2839471
        Source Port:54512
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.217.100.17939836802839471 05/27/22-13:00:36.374096
        SID:2839471
        Source Port:39836
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.68.77.14955898802839471 05/27/22-12:58:22.425471
        SID:2839471
        Source Port:55898
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.163.186.10938092802839471 05/27/22-12:59:49.213385
        SID:2839471
        Source Port:38092
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.178.231.7343532802839471 05/27/22-12:59:51.612840
        SID:2839471
        Source Port:43532
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.164.121.19247968802839471 05/27/22-12:59:49.226611
        SID:2839471
        Source Port:47968
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.38.21238200802839471 05/27/22-12:58:35.869377
        SID:2839471
        Source Port:38200
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.247.192.18549950802839471 05/27/22-13:00:13.734702
        SID:2839471
        Source Port:49950
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.168.22953914802839471 05/27/22-12:58:49.177419
        SID:2839471
        Source Port:53914
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.46.57.21355290802839471 05/27/22-13:00:27.475537
        SID:2839471
        Source Port:55290
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.154.250.7341752802839471 05/27/22-13:00:08.737206
        SID:2839471
        Source Port:41752
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.207.37.16336248802839471 05/27/22-13:00:54.598162
        SID:2839471
        Source Port:36248
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.87.0.14152294802839471 05/27/22-12:58:49.200635
        SID:2839471
        Source Port:52294
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.99.97.9559918802839471 05/27/22-12:58:33.695704
        SID:2839471
        Source Port:59918
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.79.44.4254026802839471 05/27/22-12:58:46.403226
        SID:2839471
        Source Port:54026
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.100.230.8356914802839471 05/27/22-12:59:01.211824
        SID:2839471
        Source Port:56914
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.12.107.5347420802839471 05/27/22-13:00:59.049748
        SID:2839471
        Source Port:47420
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.213.223.7851522802839471 05/27/22-12:58:32.514658
        SID:2839471
        Source Port:51522
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.160.194.19356934802839471 05/27/22-12:58:49.176822
        SID:2839471
        Source Port:56934
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.79.44.4254020802839471 05/27/22-12:58:46.138938
        SID:2839471
        Source Port:54020
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.59.4060488802839471 05/27/22-12:58:57.537732
        SID:2839471
        Source Port:60488
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.155.23.16743430802839471 05/27/22-12:59:40.676857
        SID:2839471
        Source Port:43430
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.114.12254632802839471 05/27/22-12:58:28.182021
        SID:2839471
        Source Port:54632
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.210.102.20439448802839471 05/27/22-12:59:08.945679
        SID:2839471
        Source Port:39448
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.47.105.3051376802839471 05/27/22-12:58:25.789755
        SID:2839471
        Source Port:51376
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.127.20158076802839471 05/27/22-12:58:35.858362
        SID:2839471
        Source Port:58076
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.85.86.13457842802839471 05/27/22-12:59:40.666383
        SID:2839471
        Source Port:57842
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.135.8753136802839471 05/27/22-12:59:07.412614
        SID:2839471
        Source Port:53136
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23157.230.40.13637694372152835222 05/27/22-13:00:03.260989
        SID:2835222
        Source Port:37694
        Destination Port:37215
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.209.134.24240932802839471 05/27/22-12:59:51.623835
        SID:2839471
        Source Port:40932
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.173.186.10637374802839471 05/27/22-12:58:54.056148
        SID:2839471
        Source Port:37374
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.110.200.9832884802839471 05/27/22-12:58:22.411041
        SID:2839471
        Source Port:32884
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.165.12754244802839471 05/27/22-13:00:58.990170
        SID:2839471
        Source Port:54244
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.217.110.13156502802839471 05/27/22-12:58:22.381261
        SID:2839471
        Source Port:56502
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.213.160.19059582802839471 05/27/22-12:58:36.060202
        SID:2839471
        Source Port:59582
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.170.71.6952930802839471 05/27/22-12:58:17.236870
        SID:2839471
        Source Port:52930
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.227.12148798802839471 05/27/22-13:00:34.192129
        SID:2839471
        Source Port:48798
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.204.248.19859030802839471 05/27/22-12:59:26.722306
        SID:2839471
        Source Port:59030
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.99.15.6349696802839471 05/27/22-12:58:12.691272
        SID:2839471
        Source Port:49696
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.138.174.15658580802839471 05/27/22-12:58:25.769343
        SID:2839471
        Source Port:58580
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.187.239.16253782802839471 05/27/22-12:59:10.543289
        SID:2839471
        Source Port:53782
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.161.130.16459202802839471 05/27/22-12:58:36.122501
        SID:2839471
        Source Port:59202
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.91.180.13955302802839471 05/27/22-12:59:01.178203
        SID:2839471
        Source Port:55302
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.43.206.17557874802839471 05/27/22-13:00:08.765669
        SID:2839471
        Source Port:57874
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.47.19254278802839471 05/27/22-12:59:07.431866
        SID:2839471
        Source Port:54278
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.169.120.18759086802839471 05/27/22-12:58:21.790128
        SID:2839471
        Source Port:59086
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.33.144.9854204802839471 05/27/22-13:00:01.108546
        SID:2839471
        Source Port:54204
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.59.123.12536684802839471 05/27/22-12:58:44.735927
        SID:2839471
        Source Port:36684
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.46.13240466802839471 05/27/22-12:59:38.224523
        SID:2839471
        Source Port:40466
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.185.155.13259896802839471 05/27/22-13:00:48.219655
        SID:2839471
        Source Port:59896
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.209.203.9843194802839471 05/27/22-13:00:29.897889
        SID:2839471
        Source Port:43194
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.46.5159876802839471 05/27/22-12:59:25.352468
        SID:2839471
        Source Port:59876
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.202.224.8633140802839471 05/27/22-12:58:15.111842
        SID:2839471
        Source Port:33140
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.108.245.18149686802839471 05/27/22-12:58:54.052754
        SID:2839471
        Source Port:49686
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.119.160.7741678802839471 05/27/22-12:58:48.799831
        SID:2839471
        Source Port:41678
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.26.207.10758182802839471 05/27/22-13:00:22.955363
        SID:2839471
        Source Port:58182
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.107.210.1448654802839471 05/27/22-13:00:36.341630
        SID:2839471
        Source Port:48654
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.85.75.10258520802839471 05/27/22-12:58:13.034600
        SID:2839471
        Source Port:58520
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.83.126.1938148802839471 05/27/22-13:01:01.304144
        SID:2839471
        Source Port:38148
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.193.158.18442500802839471 05/27/22-13:00:19.923528
        SID:2839471
        Source Port:42500
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.173.236.24248996802839471 05/27/22-13:00:50.736397
        SID:2839471
        Source Port:48996
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.31.151.13137462802839471 05/27/22-13:00:01.067921
        SID:2839471
        Source Port:37462
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.162.106.21140694802839471 05/27/22-12:58:51.525981
        SID:2839471
        Source Port:40694
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.126.4944542802839471 05/27/22-13:00:34.152794
        SID:2839471
        Source Port:44542
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.98.24.7555196802839471 05/27/22-12:59:07.412827
        SID:2839471
        Source Port:55196
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.86.125.20845734802839471 05/27/22-12:59:32.592008
        SID:2839471
        Source Port:45734
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.204.78.23634514802839471 05/27/22-13:00:13.765844
        SID:2839471
        Source Port:34514
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.230.16758202802839471 05/27/22-12:59:16.915039
        SID:2839471
        Source Port:58202
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.38.150.17642612802839471 05/27/22-12:59:32.691202
        SID:2839471
        Source Port:42612
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.221.179.3458084802839471 05/27/22-13:00:36.305457
        SID:2839471
        Source Port:58084
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.110.213.24159402802839471 05/27/22-12:58:39.284921
        SID:2839471
        Source Port:59402
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.240.58.8655546802839471 05/27/22-12:58:51.509791
        SID:2839471
        Source Port:55546
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.250.118.23336626802839471 05/27/22-12:58:49.207301
        SID:2839471
        Source Port:36626
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.9.127.16856844802839471 05/27/22-12:59:07.456522
        SID:2839471
        Source Port:56844
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.0.9336052802839471 05/27/22-12:58:48.747030
        SID:2839471
        Source Port:36052
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.172.26.14536400802839471 05/27/22-12:58:41.756911
        SID:2839471
        Source Port:36400
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2395.101.161.15142068802839471 05/27/22-12:58:35.866799
        SID:2839471
        Source Port:42068
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.99.225.17535014802839471 05/27/22-12:58:49.163982
        SID:2839471
        Source Port:35014
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.23112.172.26.14536634802839471 05/27/22-12:58:51.550934
        SID:2839471
        Source Port:36634
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack
        Timestamp:192.168.2.2388.198.144.8447434802839471 05/27/22-12:59:38.195736
        SID:2839471
        Source Port:47434
        Destination Port:80
        Protocol:TCP
        Classtype:Web Application Attack