Edit tour
Linux
Analysis Report
4R66Cv0FvN
Overview
General Information
| Sample Name: | 4R66Cv0FvN |
| Analysis ID: | 635088 |
| MD5: | 1a7dc7e371dd56f9c4d817599a534050 |
| SHA1: | 96f35b9dee1d4a27912c5589da6aa595be15c82e |
| SHA256: | d3063711060e7645b34e5daf91137d8e4f8bac8bd91e3087678383d3e0ff17b3 |
| Tags: | 32elfmiraimotorola |
| Infos: |  |
 | |
Detection
Mirai
| Score: | 72 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample has stripped symbol table
HTTP GET or POST without a user agent
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Classification
Analysis Advice
| Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
| Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior. |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 635088 |
| Start date and time: 27/05/202213:02:54 | 2022-05-27 13:02:54 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 7m 17s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | 4R66Cv0FvN |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Detection: | MAL |
| Classification: | mal72.spre.troj.lin@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
| Command: | /tmp/4R66Cv0FvN |
| PID: | 6226 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | Infected By Cult |
| Standard Error: |
- system is lnxubuntu20
- 4R66Cv0FvN New Fork (PID: 6228, Parent: 6226)
- 4R66Cv0FvN New Fork (PID: 6229, Parent: 6226)
- 4R66Cv0FvN New Fork (PID: 6230, Parent: 6226)
- 4R66Cv0FvN New Fork (PID: 6234, Parent: 6230)
- 4R66Cv0FvN New Fork (PID: 6235, Parent: 6230)
- 4R66Cv0FvN New Fork (PID: 6238, Parent: 6230)
- 4R66Cv0FvN New Fork (PID: 6239, Parent: 6230)
- 4R66Cv0FvN New Fork (PID: 6242, Parent: 6230)
- 4R66Cv0FvN New Fork (PID: 6244, Parent: 6230)
- cleanup
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
| Timestamp: | 192.168.2.23112.78.149.15556872802839471 05/27/22-13:04:20.602390 |
| SID: | 2839471 |
| Source Port: | 56872 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.181.211.24543264802839471 05/27/22-13:05:39.450028 |
| SID: | 2839471 |
| Source Port: | 43264 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.239.33.5235314802839471 05/27/22-13:05:39.448496 |
| SID: | 2839471 |
| Source Port: | 35314 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.150.171.12034138802839471 05/27/22-13:04:25.483580 |
| SID: | 2839471 |
| Source Port: | 34138 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.147.150.4437374802839471 05/27/22-13:05:56.529243 |
| SID: | 2839471 |
| Source Port: | 37374 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.158.8.21139560802839471 05/27/22-13:05:14.237720 |
| SID: | 2839471 |
| Source Port: | 39560 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.158.141.22045834802839471 05/27/22-13:04:08.194012 |
| SID: | 2839471 |
| Source Port: | 45834 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.135.207.16556904802839471 05/27/22-13:06:05.012803 |
| SID: | 2839471 |
| Source Port: | 56904 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.116.4450488802839471 05/27/22-13:05:21.570636 |
| SID: | 2839471 |
| Source Port: | 50488 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.184.21648512802839471 05/27/22-13:04:25.431447 |
| SID: | 2839471 |
| Source Port: | 48512 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.78.9.20333502802839471 05/27/22-13:04:30.438295 |
| SID: | 2839471 |
| Source Port: | 33502 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.123.22559388802839471 05/27/22-13:03:53.103631 |
| SID: | 2839471 |
| Source Port: | 59388 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.28.209.19459186802839471 05/27/22-13:05:31.839035 |
| SID: | 2839471 |
| Source Port: | 59186 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.85.9953610802839471 05/27/22-13:04:15.943706 |
| SID: | 2839471 |
| Source Port: | 53610 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.13.87.23736212802839471 05/27/22-13:04:37.094351 |
| SID: | 2839471 |
| Source Port: | 36212 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.44.7438338802839471 05/27/22-13:05:56.289401 |
| SID: | 2839471 |
| Source Port: | 38338 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.91.4.1657994802839471 05/27/22-13:04:33.477633 |
| SID: | 2839471 |
| Source Port: | 57994 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.30.198.6034490802839471 05/27/22-13:04:15.929622 |
| SID: | 2839471 |
| Source Port: | 34490 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.252.166.043712802839471 05/27/22-13:04:53.868578 |
| SID: | 2839471 |
| Source Port: | 43712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.60.236.16945234802839471 05/27/22-13:04:10.614944 |
| SID: | 2839471 |
| Source Port: | 45234 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.84.90.9954854802839471 05/27/22-13:05:56.378913 |
| SID: | 2839471 |
| Source Port: | 54854 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.134.8156846802839471 05/27/22-13:04:53.823235 |
| SID: | 2839471 |
| Source Port: | 56846 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.149.59.23052470802839471 05/27/22-13:05:01.570447 |
| SID: | 2839471 |
| Source Port: | 52470 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.78.182.141584802839471 05/27/22-13:06:28.770098 |
| SID: | 2839471 |
| Source Port: | 41584 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.216.65.4345668802839471 05/27/22-13:04:18.497471 |
| SID: | 2839471 |
| Source Port: | 45668 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.187.4139724802839471 05/27/22-13:05:51.446986 |
| SID: | 2839471 |
| Source Port: | 39724 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.43.85.13037716802839471 05/27/22-13:06:09.159255 |
| SID: | 2839471 |
| Source Port: | 37716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.139.16840636802839471 05/27/22-13:05:01.505866 |
| SID: | 2839471 |
| Source Port: | 40636 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.211.168.3848482802839471 05/27/22-13:04:08.445501 |
| SID: | 2839471 |
| Source Port: | 48482 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.210.164.21956930802839471 05/27/22-13:05:58.694600 |
| SID: | 2839471 |
| Source Port: | 56930 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.183.14.12849716802839471 05/27/22-13:04:24.407215 |
| SID: | 2839471 |
| Source Port: | 49716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.4.190.11748158802839471 05/27/22-13:04:27.910495 |
| SID: | 2839471 |
| Source Port: | 48158 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.103.34.6233328802839471 05/27/22-13:04:33.152495 |
| SID: | 2839471 |
| Source Port: | 33328 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.165.151.20836920802839471 05/27/22-13:05:39.404260 |
| SID: | 2839471 |
| Source Port: | 36920 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.166.143.13935382802839471 05/27/22-13:05:31.862266 |
| SID: | 2839471 |
| Source Port: | 35382 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.187.19353624802839471 05/27/22-13:05:21.554013 |
| SID: | 2839471 |
| Source Port: | 53624 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.232.101.4135770802839471 05/27/22-13:05:51.492756 |
| SID: | 2839471 |
| Source Port: | 35770 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.15.2039684802839471 05/27/22-13:04:00.816075 |
| SID: | 2839471 |
| Source Port: | 39684 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.161.210.5858248802839471 05/27/22-13:04:12.947117 |
| SID: | 2839471 |
| Source Port: | 58248 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.72.39.16239026802839471 05/27/22-13:04:51.443600 |
| SID: | 2839471 |
| Source Port: | 39026 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.217.60.12256784802839471 05/27/22-13:04:57.072524 |
| SID: | 2839471 |
| Source Port: | 56784 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.165.151.5248400802839471 05/27/22-13:05:39.349485 |
| SID: | 2839471 |
| Source Port: | 48400 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.165.100.16038276802839471 05/27/22-13:04:33.147747 |
| SID: | 2839471 |
| Source Port: | 38276 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.211.216.3246524802839471 05/27/22-13:06:00.339210 |
| SID: | 2839471 |
| Source Port: | 46524 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.53.1.22840004802839471 05/27/22-13:06:05.767863 |
| SID: | 2839471 |
| Source Port: | 40004 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.90.21141812802839471 05/27/22-13:05:16.765662 |
| SID: | 2839471 |
| Source Port: | 41812 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.17.55.3033310802839471 05/27/22-13:04:01.321811 |
| SID: | 2839471 |
| Source Port: | 33310 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.65.37.1535686802839471 05/27/22-13:03:55.225527 |
| SID: | 2839471 |
| Source Port: | 35686 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.177.21440228802839471 05/27/22-13:06:20.561235 |
| SID: | 2839471 |
| Source Port: | 40228 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.216.199.16637990802839471 05/27/22-13:03:58.624651 |
| SID: | 2839471 |
| Source Port: | 37990 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.65.9454630802839471 05/27/22-13:03:47.643922 |
| SID: | 2839471 |
| Source Port: | 54630 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.111.11655968802839471 05/27/22-13:05:24.104016 |
| SID: | 2839471 |
| Source Port: | 55968 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.183.138.19359198802839471 05/27/22-13:04:42.817722 |
| SID: | 2839471 |
| Source Port: | 59198 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.216.100.11734840802839471 05/27/22-13:04:42.744445 |
| SID: | 2839471 |
| Source Port: | 34840 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.110.255.445770802839471 05/27/22-13:04:00.817953 |
| SID: | 2839471 |
| Source Port: | 45770 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.57.131.2450926802839471 05/27/22-13:05:24.268394 |
| SID: | 2839471 |
| Source Port: | 50926 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.87.24555976802839471 05/27/22-13:04:08.169650 |
| SID: | 2839471 |
| Source Port: | 55976 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.166.48.17256982802839471 05/27/22-13:04:20.654338 |
| SID: | 2839471 |
| Source Port: | 56982 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23197.244.76.20952242372152835222 05/27/22-13:06:21.614936 |
| SID: | 2835222 |
| Source Port: | 52242 |
| Destination Port: | 37215 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.2395.220.189.19652720802839471 05/27/22-13:04:22.985272 |
| SID: | 2839471 |
| Source Port: | 52720 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.247.216.20936598802839471 05/27/22-13:05:14.180236 |
| SID: | 2839471 |
| Source Port: | 36598 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.250.103.7754546802839471 05/27/22-13:06:16.633551 |
| SID: | 2839471 |
| Source Port: | 54546 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.199.88.15749546802839471 05/27/22-13:06:09.126372 |
| SID: | 2839471 |
| Source Port: | 49546 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.15.39.4148806802839471 05/27/22-13:06:05.103489 |
| SID: | 2839471 |
| Source Port: | 48806 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.24.5341050802839471 05/27/22-13:04:08.193131 |
| SID: | 2839471 |
| Source Port: | 41050 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.248.56.15960604802839471 05/27/22-13:06:12.489676 |
| SID: | 2839471 |
| Source Port: | 60604 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.140.126.15656566802839471 05/27/22-13:04:08.457813 |
| SID: | 2839471 |
| Source Port: | 56566 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.87.19347086802839471 05/27/22-13:04:15.943798 |
| SID: | 2839471 |
| Source Port: | 47086 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.251.99.13355052802839471 05/27/22-13:06:20.657664 |
| SID: | 2839471 |
| Source Port: | 55052 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.198.120.12939978802839471 05/27/22-13:04:08.192593 |
| SID: | 2839471 |
| Source Port: | 39978 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.85.153.5042044802839471 05/27/22-13:04:31.837502 |
| SID: | 2839471 |
| Source Port: | 42044 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.126.220.22634098802839471 05/27/22-13:05:14.382886 |
| SID: | 2839471 |
| Source Port: | 34098 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.12.252.15544658802839471 05/27/22-13:06:26.051259 |
| SID: | 2839471 |
| Source Port: | 44658 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.120.7.4853822802839471 05/27/22-13:04:47.832854 |
| SID: | 2839471 |
| Source Port: | 53822 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.106.186.20053920802839471 05/27/22-13:04:33.254754 |
| SID: | 2839471 |
| Source Port: | 53920 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.48.166.3440202802839471 05/27/22-13:04:15.928246 |
| SID: | 2839471 |
| Source Port: | 40202 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.229.188.18954868802839471 05/27/22-13:04:23.007965 |
| SID: | 2839471 |
| Source Port: | 54868 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.173.186.15652650802839471 05/27/22-13:05:06.457295 |
| SID: | 2839471 |
| Source Port: | 52650 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.141.44.9738202802839471 05/27/22-13:03:53.071361 |
| SID: | 2839471 |
| Source Port: | 38202 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.91.98.6152152802839471 05/27/22-13:04:24.387154 |
| SID: | 2839471 |
| Source Port: | 52152 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.233.16236386802839471 05/27/22-13:04:20.617710 |
| SID: | 2839471 |
| Source Port: | 36386 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.59.109.25339602802839471 05/27/22-13:04:51.586146 |
| SID: | 2839471 |
| Source Port: | 39602 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.85.153.5041582802839471 05/27/22-13:04:15.963835 |
| SID: | 2839471 |
| Source Port: | 41582 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.42.21635522802839471 05/27/22-13:04:17.306842 |
| SID: | 2839471 |
| Source Port: | 35522 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.72.38.3158548802839471 05/27/22-13:05:49.895360 |
| SID: | 2839471 |
| Source Port: | 58548 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.224.150.7652178802839471 05/27/22-13:04:33.530691 |
| SID: | 2839471 |
| Source Port: | 52178 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.140.154.14559624802839471 05/27/22-13:05:16.851663 |
| SID: | 2839471 |
| Source Port: | 59624 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.164.198.9141656802839471 05/27/22-13:05:46.203775 |
| SID: | 2839471 |
| Source Port: | 41656 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.211.74.17435084802839471 05/27/22-13:05:16.764194 |
| SID: | 2839471 |
| Source Port: | 35084 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.125.179.7550044802839471 05/27/22-13:04:18.468033 |
| SID: | 2839471 |
| Source Port: | 50044 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.125.129.7142440802839471 05/27/22-13:06:02.686031 |
| SID: | 2839471 |
| Source Port: | 42440 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.157.202.21553570802839471 05/27/22-13:06:20.635499 |
| SID: | 2839471 |
| Source Port: | 53570 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.0.97.9252438802839471 05/27/22-13:04:08.208082 |
| SID: | 2839471 |
| Source Port: | 52438 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.47.7.3634256802839471 05/27/22-13:04:30.506288 |
| SID: | 2839471 |
| Source Port: | 34256 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.179.133.10846104802839471 05/27/22-13:04:24.372073 |
| SID: | 2839471 |
| Source Port: | 46104 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.150.101.8651304802839471 05/27/22-13:04:35.693151 |
| SID: | 2839471 |
| Source Port: | 51304 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.86.28.650582802839471 05/27/22-13:05:54.012173 |
| SID: | 2839471 |
| Source Port: | 50582 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.159.13.12043332802839471 05/27/22-13:05:54.097878 |
| SID: | 2839471 |
| Source Port: | 43332 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.69.89.22854452802839471 05/27/22-13:04:30.503603 |
| SID: | 2839471 |
| Source Port: | 54452 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.206.10460500802839471 05/27/22-13:04:18.524512 |
| SID: | 2839471 |
| Source Port: | 60500 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.115.9246792802839471 05/27/22-13:04:08.191909 |
| SID: | 2839471 |
| Source Port: | 46792 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.76.178.11651694802839471 05/27/22-13:06:20.681799 |
| SID: | 2839471 |
| Source Port: | 51694 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.168.107.1555932802839471 05/27/22-13:04:30.473653 |
| SID: | 2839471 |
| Source Port: | 55932 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.201.186.4049254802839471 05/27/22-13:06:28.379840 |
| SID: | 2839471 |
| Source Port: | 49254 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.190.201.21742914802839471 05/27/22-13:04:16.014619 |
| SID: | 2839471 |
| Source Port: | 42914 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.17.55.3033316802839471 05/27/22-13:04:01.597485 |
| SID: | 2839471 |
| Source Port: | 33316 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.67.8.5240610802839471 05/27/22-13:04:45.433835 |
| SID: | 2839471 |
| Source Port: | 40610 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.37.16645848802839471 05/27/22-13:03:47.375814 |
| SID: | 2839471 |
| Source Port: | 45848 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.106.14936712802839471 05/27/22-13:05:21.550644 |
| SID: | 2839471 |
| Source Port: | 36712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.43.6156010802839471 05/27/22-13:04:08.228955 |
| SID: | 2839471 |
| Source Port: | 56010 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.78.17457174802839471 05/27/22-13:04:05.038544 |
| SID: | 2839471 |
| Source Port: | 57174 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.37.16645854802839471 05/27/22-13:03:47.790830 |
| SID: | 2839471 |
| Source Port: | 45854 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.159.1758962802839471 05/27/22-13:03:58.597943 |
| SID: | 2839471 |
| Source Port: | 58962 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.58.242.14355586802839471 05/27/22-13:04:00.918386 |
| SID: | 2839471 |
| Source Port: | 55586 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.216.112.1644556802839471 05/27/22-13:04:35.693366 |
| SID: | 2839471 |
| Source Port: | 44556 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.53.171.1045406802839471 05/27/22-13:05:56.346950 |
| SID: | 2839471 |
| Source Port: | 45406 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.118.152.2234928802839471 05/27/22-13:06:13.764321 |
| SID: | 2839471 |
| Source Port: | 34928 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.190.10251664802839471 05/27/22-13:04:20.624505 |
| SID: | 2839471 |
| Source Port: | 51664 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.70.198.24459710802839471 05/27/22-13:04:23.891813 |
| SID: | 2839471 |
| Source Port: | 59710 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.80.19544332802839471 05/27/22-13:04:33.112317 |
| SID: | 2839471 |
| Source Port: | 44332 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.56.150.10659840802839471 05/27/22-13:04:37.109752 |
| SID: | 2839471 |
| Source Port: | 59840 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.99.97.11844144802839471 05/27/22-13:04:47.856240 |
| SID: | 2839471 |
| Source Port: | 44144 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.210.20643696802839471 05/27/22-13:04:59.250583 |
| SID: | 2839471 |
| Source Port: | 43696 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.58.74.19638308802839471 05/27/22-13:04:08.278874 |
| SID: | 2839471 |
| Source Port: | 38308 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.239.224.256866802839471 05/27/22-13:06:31.391618 |
| SID: | 2839471 |
| Source Port: | 56866 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.239.79.4355498802839471 05/27/22-13:05:36.374792 |
| SID: | 2839471 |
| Source Port: | 55498 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.72.39.2951822802839471 05/27/22-13:06:05.131433 |
| SID: | 2839471 |
| Source Port: | 51822 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.101.253.5736330802839471 05/27/22-13:04:18.484250 |
| SID: | 2839471 |
| Source Port: | 36330 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.203.60.23138502802839471 05/27/22-13:05:05.149616 |
| SID: | 2839471 |
| Source Port: | 38502 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.249.121.1640596802839471 05/27/22-13:06:12.476180 |
| SID: | 2839471 |
| Source Port: | 40596 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.185.18943458802839471 05/27/22-13:04:45.390768 |
| SID: | 2839471 |
| Source Port: | 43458 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.121.176.1933106802839471 05/27/22-13:05:06.602903 |
| SID: | 2839471 |
| Source Port: | 33106 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.72.53.16445676802839471 05/27/22-13:06:11.062571 |
| SID: | 2839471 |
| Source Port: | 45676 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.70.156.13749788802839471 05/27/22-13:05:21.575721 |
| SID: | 2839471 |
| Source Port: | 49788 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.238.16943664802839471 05/27/22-13:04:20.645815 |
| SID: | 2839471 |
| Source Port: | 43664 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.130.157.7733788802839471 05/27/22-13:03:46.108586 |
| SID: | 2839471 |
| Source Port: | 33788 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.100.58.3560888802839471 05/27/22-13:03:53.067017 |
| SID: | 2839471 |
| Source Port: | 60888 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.2.132.12058834802839471 05/27/22-13:04:25.561928 |
| SID: | 2839471 |
| Source Port: | 58834 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.206.22.11538904802839471 05/27/22-13:04:27.907853 |
| SID: | 2839471 |
| Source Port: | 38904 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.65.111.13633458802839471 05/27/22-13:04:10.628999 |
| SID: | 2839471 |
| Source Port: | 33458 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.83.18340668802839471 05/27/22-13:04:40.388106 |
| SID: | 2839471 |
| Source Port: | 40668 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.48.176.11546760802839471 05/27/22-13:04:33.159308 |
| SID: | 2839471 |
| Source Port: | 46760 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.70.222.21041464802839471 05/27/22-13:04:08.192156 |
| SID: | 2839471 |
| Source Port: | 41464 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.141.110.11849180802839471 05/27/22-13:04:05.065436 |
| SID: | 2839471 |
| Source Port: | 49180 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.216.17.10044418802839471 05/27/22-13:05:21.561769 |
| SID: | 2839471 |
| Source Port: | 44418 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.221.101.13243424802839471 05/27/22-13:04:25.558514 |
| SID: | 2839471 |
| Source Port: | 43424 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2388.133.72.13560994802839471 05/27/22-13:05:43.394130 |
| SID: | 2839471 |
| Source Port: | 60994 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.72.33.9953148802839471 05/27/22-13:06:00.069187 |
| SID: | 2839471 |
| Source Port: | 53148 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.23112.120.127.9447642802839471 05/27/22-13:04:27.849512 |
| SID: | 2839471 |
| Source Port: | 47642 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.117.6.8243852802839471 05/27/22-13:04:37.013306 |
| SID: | 2839471 |
| Source Port: | 43852 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |
| Timestamp: | 192.168.2.2395.76.127.1347666802839471 05/27/22-13:04:18.517977 |
| SID: | 2839471 |
| Source Port: | 47666 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | Web Application Attack |