Linux Analysis Report
VefqQeU0Xt

Overview

General Information

Sample Name:	VefqQeU0Xt
Analysis ID:	679266
MD5:	b8ec31b1eff948abc9e797eb796d10cb
SHA1:	5590da71a98232aa873143780f4f9e36e1a8359a
SHA256:	f67ac47d33f3681cd957585c4338c43e939eb5fc0d8da4ac84aa33ccf52fcb1e
Tags:	32armelfmirai
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Searches for CPU information (likely indicative for DDoS capability)

Uses known network protocols on non-standard ports

Executes the "grep" command used to find patterns in files or piped streams

Executes the "wget" command typically used for HTTP/S downloading

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Executes the "uname" command used to read OS and architecture name

Detected TCP or UDP traffic on non-standard ports

Executes the "mktemp" command used to create a temporary unique file name

Sample listens on a socket

Sample has stripped symbol table

Reads CPU information from /proc indicative of miner or evasive malware

Executes the "rm" command used to delete files or directories

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: VefqQeU0Xt

Avira: detected

Multi AV Scanner detection for submitted file

Source: VefqQeU0Xt	Virustotal: Detection: 50%	Perma Link
Source: VefqQeU0Xt	Metadefender: Detection: 52%	Perma Link
Source: VefqQeU0Xt	ReversingLabs: Detection: 47%

Bitcoin Miner

Searches for CPU information (likely indicative for DDoS capability)

Source: /etc/update-motd.d/50-motd-news (PID: 6236)

Executable: /usr/bin/grep -> grep -m1 "^model name" /proc/cpuinfo

Jump to behavior

Reads CPU information from /proc indicative of miner or evasive malware

Source: /usr/bin/grep (PID: 6236)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58926

Executes the "wget" command typically used for HTTP/S downloading

Source: /etc/update-motd.d/50-motd-news (PID: 6247)

Wget executable: /usr/bin/wget -> wget --timeout 60 -U "wget/1.20.3-1ubuntu1 Ubuntu/20.04.2/LTS GNU/Linux/5.4.0-72-generic/x86_64 Intel(R)/Xeon(R)/Silver/4210/CPU/@/2.20GHz cloud_id/none" -O- --content-on-error https://motd.ubuntu.com

Jump to behavior

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:38184 -> 31.7.58.162:5556
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 191.30.223.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.149.208.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.123.5.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 161.65.22.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.169.15.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 58.18.79.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.153.125.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 58.93.74.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.144.63.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.189.88.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 97.127.204.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.23.92.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 75.182.97.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 161.162.119.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 138.126.202.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.22.3.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 248.91.165.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 137.79.23.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 40.74.62.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.71.70.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 60.27.61.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 252.58.4.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 156.37.82.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 255.28.159.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 249.86.240.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.123.185.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.141.118.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 177.57.137.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.58.244.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 159.68.99.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 1.38.50.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 60.2.238.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 97.187.77.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 201.240.124.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 16.220.124.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 84.198.238.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.32.190.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 66.228.208.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 80.103.20.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.142.183.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 142.138.102.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 114.243.122.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 212.112.223.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.86.25.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 61.189.246.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 249.116.14.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 120.48.145.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.181.229.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 45.113.181.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 139.221.25.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.73.90.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.11.227.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 219.59.141.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 146.44.141.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.121.14.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.25.166.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 1.48.96.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 47.49.80.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 196.118.125.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.113.204.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 99.10.49.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 205.184.0.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.16.212.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.156.21.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.224.168.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 16.157.212.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 181.122.156.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 140.209.235.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.135.34.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 9.117.77.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 49.72.218.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 244.23.77.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 155.63.137.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 249.192.85.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.36.16.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 122.150.227.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 72.122.10.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.109.192.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.76.115.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 145.181.147.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.24.211.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 154.102.33.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.160.183.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.28.86.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 130.228.129.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 98.241.154.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 28.112.170.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.223.64.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 211.91.188.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 26.148.44.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.34.51.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.97.49.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 30.201.175.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 252.73.111.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 188.252.161.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.161.117.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.137.121.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 211.40.87.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.22.255.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.127.4.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 243.244.81.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 158.53.46.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 64.83.127.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 90.25.243.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.86.127.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 18.20.18.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 215.235.7.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 74.181.104.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.181.82.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 72.156.68.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 241.67.238.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.1.205.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.201.76.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 130.124.97.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 96.255.174.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.30.224.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 176.238.226.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.250.8.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 156.169.194.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.29.93.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 242.252.94.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.114.241.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 170.119.172.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 47.1.150.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 20.26.146.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 223.92.152.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 134.127.129.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.36.23.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 38.255.93.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 207.209.34.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 160.11.84.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 193.43.189.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 105.251.60.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.141.66.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.160.233.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 18.15.186.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.241.251.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 146.171.20.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.121.12.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.139.50.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 144.119.86.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 175.7.240.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 163.31.52.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 223.2.238.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 30.217.21.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 48.247.235.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 219.19.11.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 184.129.91.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 135.145.85.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.168.1.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.88.103.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 7.73.51.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.21.27.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 179.140.118.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.185.18.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.16.244.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 81.106.195.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 6.220.203.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 39.5.130.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.86.83.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 104.200.255.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 141.177.33.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 184.190.19.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 88.207.77.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.249.70.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 223.210.128.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 132.43.136.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 241.86.79.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 104.115.1.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 108.25.162.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.6.103.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 113.104.178.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 139.67.69.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 155.112.183.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 96.208.137.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.195.210.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 186.101.78.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 240.250.193.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 186.50.185.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 211.177.156.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 49.169.234.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 157.127.84.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 253.235.101.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 15.211.101.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 75.11.100.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 202.53.170.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 4.61.228.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.182.125.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.45.178.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 19.42.217.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 147.216.18.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 83.157.61.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.237.133.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.92.24.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.35.143.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.67.82.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 182.223.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 34.179.43.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 89.239.124.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 120.12.207.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.25.74.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 143.116.120.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 11.71.52.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 201.118.201.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.115.85.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.234.155.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 106.137.252.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 12.201.207.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 124.254.36.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 162.22.183.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 204.206.6.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.163.78.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 221.106.236.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.142.37.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 77.33.41.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 71.223.52.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 96.241.7.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 139.10.236.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 160.5.220.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.206.122.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.155.231.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 200.60.35.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 101.18.194.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.62.119.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 62.33.227.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.98.101.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 253.54.235.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.50.123.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.165.45.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.48.104.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 200.56.163.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 68.39.141.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 125.209.18.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 176.254.111.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 102.147.217.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.143.75.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 116.157.97.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 19.228.156.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.50.35.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 250.84.226.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 195.202.188.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 161.100.159.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 160.215.59.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 45.128.28.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 107.92.239.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.209.48.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.48.63.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 22.182.247.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.115.154.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.177.75.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 51.174.11.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 159.164.163.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 80.224.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 220.35.159.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.233.14.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.231.166.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 121.120.85.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.178.33.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 173.35.213.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 125.123.249.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.27.64.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.118.164.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 180.195.193.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.143.52.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.122.50.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 22.109.132.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.104.128.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 23.112.166.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 213.183.166.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.249.189.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.241.96.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 7.27.150.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.96.205.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 54.86.218.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 204.158.213.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 29.200.225.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 173.47.108.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 11.152.152.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 21.40.108.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 29.119.31.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 215.164.51.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 246.248.193.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.15.24.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 209.97.66.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 34.192.104.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 241.254.158.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 51.5.188.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.224.200.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 116.52.78.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 6.72.235.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.145.18.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 122.213.104.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 23.57.167.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.122.27.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 107.156.86.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 21.162.102.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 203.19.203.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.255.87.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 73.129.106.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 66.48.146.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 246.219.167.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 195.182.42.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 42.225.72.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 71.67.244.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.224.69.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 9.140.146.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.86.189.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 101.116.41.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 53.3.3.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.95.230.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 143.0.146.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 194.237.52.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.191.102.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 203.241.101.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 48.184.111.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 74.199.218.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 13.151.143.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 73.19.147.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 214.192.208.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 195.115.109.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.210.167.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 61.46.132.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.229.227.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 141.86.247.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 9.132.137.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 29.84.77.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 158.53.106.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 117.140.100.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.207.255.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 148.177.27.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 59.43.101.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 137.49.86.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.28.114.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 194.131.160.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 84.91.223.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 181.21.84.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 83.10.113.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 99.6.118.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 252.72.52.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.145.25.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 190.141.63.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.229.20.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 83.4.199.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.213.255.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 218.60.2.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.87.236.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 147.14.134.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.188.22.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 175.87.158.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 217.165.197.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.73.112.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 35.228.2.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 218.115.126.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 187.121.27.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 125.91.58.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 36.236.209.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 186.66.235.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 87.205.234.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 38.163.154.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 99.71.17.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 214.106.121.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 71.157.150.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 14.184.169.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 75.111.66.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 200.242.41.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 104.159.245.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 22.91.239.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 146.169.70.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.92.82.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 26.180.145.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 214.249.140.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 201.96.143.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 142.244.255.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 193.86.69.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 91.49.155.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.18.246.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.249.190.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 208.116.93.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 208.194.237.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 202.253.113.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.73.103.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.13.251.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 49.117.62.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.211.103.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 65.188.108.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.191.120.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 180.77.41.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.72.139.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.33.38.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 250.204.91.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 110.236.25.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 102.38.174.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 72.97.54.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.11.31.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 253.195.76.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 105.3.186.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 240.20.165.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 13.60.25.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 131.12.79.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 81.113.166.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.55.11.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 171.88.53.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 85.148.58.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 137.182.56.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 113.76.239.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 126.221.197.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 194.12.9.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 80.222.133.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.54.141.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 140.40.99.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 106.106.247.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 106.246.88.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 18.62.37.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 134.141.188.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.225.182.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.13.244.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.10.159.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 136.129.83.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 65.29.70.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.37.80.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.17.78.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 87.114.248.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 46.57.209.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.14.122.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.253.223.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 38.244.205.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 55.141.67.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.102.103.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 1.225.247.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.140.233.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 73.177.200.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.172.1.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 26.19.36.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.104.171.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.8.184.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.77.119.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 188.59.111.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 54.209.90.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 155.221.62.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.159.228.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 242.19.119.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 109.75.247.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 135.79.28.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 12.169.248.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.225.171.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 250.109.130.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.119.162.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 181.225.220.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 184.12.228.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.152.251.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 25.230.132.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 110.13.106.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 188.203.130.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 142.208.85.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 162.223.103.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.118.253.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 59.29.195.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 140.188.100.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 138.49.30.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 47.155.194.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 157.157.59.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 153.93.84.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 154.209.219.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 60.32.17.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.88.254.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 191.32.75.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.30.194.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 91.135.35.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 15.176.207.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.86.31.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 143.83.204.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.49.121.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.232.39.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 6.202.183.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 113.44.219.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 61.15.33.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.88.69.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 132.103.51.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 144.74.85.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 207.167.228.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 67.239.39.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.228.9.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 251.6.97.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.84.12.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 157.146.136.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 176.24.165.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 207.0.37.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.39.29.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 175.35.140.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.69.67.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 3.40.241.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.90.179.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 147.247.120.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.185.82.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.57.14.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 97.168.175.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.71.207.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.207.123.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 170.145.209.235:2323

Sample listens on a socket

Source: /tmp/VefqQeU0Xt (PID: 6253)

Socket: 127.0.0.1::4668

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33616
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 31.7.58.162
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 92.240.212.111
Source: unknown	TCP traffic detected without corresponding DNS query: 191.30.223.111
Source: unknown	TCP traffic detected without corresponding DNS query: 192.59.80.156
Source: unknown	TCP traffic detected without corresponding DNS query: 47.184.111.104
Source: unknown	TCP traffic detected without corresponding DNS query: 191.102.53.236
Source: unknown	TCP traffic detected without corresponding DNS query: 220.216.99.136
Source: unknown	TCP traffic detected without corresponding DNS query: 215.99.232.174
Source: unknown	TCP traffic detected without corresponding DNS query: 97.141.194.17
Source: unknown	TCP traffic detected without corresponding DNS query: 26.238.62.70
Source: unknown	TCP traffic detected without corresponding DNS query: 194.213.28.114
Source: unknown	TCP traffic detected without corresponding DNS query: 100.149.208.9
Source: unknown	TCP traffic detected without corresponding DNS query: 78.55.226.3
Source: unknown	TCP traffic detected without corresponding DNS query: 118.134.191.213
Source: unknown	TCP traffic detected without corresponding DNS query: 111.69.31.143
Source: unknown	TCP traffic detected without corresponding DNS query: 174.29.179.151
Source: unknown	TCP traffic detected without corresponding DNS query: 140.127.145.26
Source: unknown	TCP traffic detected without corresponding DNS query: 49.4.192.238
Source: unknown	TCP traffic detected without corresponding DNS query: 89.135.24.152
Source: unknown	TCP traffic detected without corresponding DNS query: 63.182.68.30
Source: unknown	TCP traffic detected without corresponding DNS query: 37.123.5.229
Source: unknown	TCP traffic detected without corresponding DNS query: 22.47.147.217
Source: unknown	TCP traffic detected without corresponding DNS query: 76.20.22.151
Source: unknown	TCP traffic detected without corresponding DNS query: 221.79.225.118
Source: unknown	TCP traffic detected without corresponding DNS query: 183.143.197.44
Source: unknown	TCP traffic detected without corresponding DNS query: 77.23.199.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.191.149
Source: unknown	TCP traffic detected without corresponding DNS query: 113.208.229.47
Source: unknown	TCP traffic detected without corresponding DNS query: 161.65.22.168
Source: unknown	TCP traffic detected without corresponding DNS query: 159.106.12.96
Source: unknown	TCP traffic detected without corresponding DNS query: 144.114.107.235
Source: unknown	TCP traffic detected without corresponding DNS query: 93.116.19.127
Source: unknown	TCP traffic detected without corresponding DNS query: 189.176.215.111
Source: unknown	TCP traffic detected without corresponding DNS query: 203.66.11.88
Source: unknown	TCP traffic detected without corresponding DNS query: 199.38.203.72
Source: unknown	TCP traffic detected without corresponding DNS query: 186.98.116.215
Source: unknown	TCP traffic detected without corresponding DNS query: 1.78.235.5
Source: unknown	TCP traffic detected without corresponding DNS query: 216.169.15.177
Source: unknown	TCP traffic detected without corresponding DNS query: 3.123.192.200

Source: tmp.ONisxp5pqw.48.dr	String found in binary or memory: https://motd.ubuntu.com/
Source: motd-news.70.dr, tmp.EQLgjCNBFD.48.dr	String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

DDoS

Searches for CPU information (likely indicative for DDoS capability)

Source: /etc/update-motd.d/50-motd-news (PID: 6236)

Executable: /usr/bin/grep -> grep -m1 "^model name" /proc/cpuinfo

Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.troj.mine.lin@0/4@0/0

Executes the "grep" command used to find patterns in files or piped streams

Source: /etc/update-motd.d/50-motd-news (PID: 6236)

Grep executable: /usr/bin/grep -> grep -m1 "^model name" /proc/cpuinfo

Jump to behavior

Executes the "wget" command typically used for HTTP/S downloading

Source: /etc/update-motd.d/50-motd-news (PID: 6247)

Jump to behavior

Reads system information from the proc file system

Source: /usr/bin/grep (PID: 6236)

Reads from proc file: /proc/cpuinfo

Jump to behavior

Executes the "mktemp" command used to create a temporary unique file name

Source: /etc/update-motd.d/50-motd-news (PID: 6221)	Mktemp executable: /usr/bin/mktemp -> mktemp	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6222)	Mktemp executable: /usr/bin/mktemp -> mktemp	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6223)	Mktemp executable: /usr/bin/mktemp -> mktemp	Jump to behavior

Executes the "rm" command used to delete files or directories

Source: /etc/update-motd.d/50-motd-news (PID: 6269)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.EQLgjCNBFD /tmp/tmp.ONisxp5pqw /tmp/tmp.ZtXsY8H9DY

Jump to behavior

Source: /etc/update-motd.d/50-motd-news (PID: 6226)

Awk executable: /usr/bin/awk -> awk "$1 == \"ii\" { print($3); exit(0); }"

Jump to behavior

Source: /etc/update-motd.d/50-motd-news (PID: 6230)	Sed executable: /usr/bin/sed -> sed -e "s/ /\\//g"			Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6237)	Sed executable: /usr/bin/sed -> sed -e "s/.*: //" -e s:\\s\\+:/:g			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58926

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/uname (PID: 6232)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uname (PID: 6233)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uname (PID: 6234)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cloud-id (PID: 6238)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uname (PID: 6243)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wget (PID: 6247)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/VefqQeU0Xt (PID: 6253)	Queries kernel information via 'uname':	Jump to behavior

Reads CPU information from /proc indicative of miner or evasive malware

Source: /usr/bin/grep (PID: 6236)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: VefqQeU0Xt, 6253.1.000055a0d3ae5000.000055a0d3c13000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: VefqQeU0Xt, 6253.1.000055a0d3ae5000.000055a0d3c13000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: VefqQeU0Xt, 6253.1.00007ffd83793000.00007ffd837b4000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: VefqQeU0Xt, 6253.1.00007ffd83793000.00007ffd837b4000.rw-.sdmp	Binary or memory string: Qx86_64/usr/bin/qemu-arm/tmp/VefqQeU0XtSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/VefqQeU0Xt

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Executes the "uname" command used to read OS and architecture name

Source: /etc/update-motd.d/50-motd-news (PID: 6231)	Uname executable: /usr/bin/uname -> uname -o	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6232)	Uname executable: /usr/bin/uname -> uname -r	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6233)	Uname executable: /usr/bin/uname -> uname -m	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6234)	Uname executable: /usr/bin/uname -> uname -m	Jump to behavior
Source: /usr/bin/cloud-id (PID: 6243)	Uname executable: /usr/bin/uname -> uname -p	Jump to behavior

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
98.205.175.119	unknown	United States	7922	COMCAST-7922US	false
74.105.231.151	unknown	United States	701	UUNETUS	false
15.142.60.68	unknown	United States	5073	HPESUS	false
56.101.167.101	unknown	United States	2686	ATGS-MMD-ASUS	false
21.86.198.60	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
126.47.246.73	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
128.5.96.104	unknown	United States	3389	FORDSRL-ASUS	false
92.210.207.233	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
251.38.253.40	unknown	Reserved	unknown	unknown	false
209.31.34.220	unknown	United States	2828	XO-AS15US	false
189.138.184.246	unknown	Mexico	8151	UninetSAdeCVMX	false
79.115.120.145	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
115.35.234.224	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
179.52.79.6	unknown	Dominican Republic	6400	CompaniaDominicanadeTelefonosSADO	false
44.60.239.46	unknown	United States	7377	UCSDUS	false
175.36.15.194	unknown	Australia	4804	MPX-ASMicroplexPTYLTDAU	false
217.151.153.64	unknown	Germany	9022	TWL-KOM-ASDonnersbergweg4DE	false
47.190.69.170	unknown	United States	5650	FRONTIER-FRTRUS	false
242.80.21.17	unknown	Reserved	unknown	unknown	false
1.45.73.121	unknown	China	45083	CHEERYZONEBeijingCheeryZoneScitechCoLtdCN	false
43.106.254.183	unknown	Japan	4249	LILLY-ASUS	false
188.54.137.99	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
89.164.32.20	unknown	Croatia (LOCAL Name: Hrvatska)	13046	ASN-ISKONHEPHR	false
251.176.62.50	unknown	Reserved	unknown	unknown	false
169.205.233.129	unknown	United States	10430	WA-K20US	false
199.241.205.94	unknown	United States	36529	AXXA-RACKCOUS	false
107.72.240.241	unknown	United States	7018	ATT-INTERNET4US	false
180.63.191.8	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
15.196.180.215	unknown	United States	7430	TANDEMUS	false
152.120.53.132	unknown	United States	2576	DOT-ASUS	false
66.186.165.62	unknown	United States	21547	OXNETUS	false
188.194.118.74	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
146.189.60.206	unknown	United States	1968	UMASSP-DOMUS	false
15.152.172.29	unknown	United States	71	HP-INTERNET-ASUS	false
61.235.174.146	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
12.245.37.186	unknown	United States	7018	ATT-INTERNET4US	false
151.65.106.122	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
106.162.29.233	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
66.1.102.108	unknown	United States	3651	SPRINT-BB6US	false
220.249.23.189	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
167.8.217.28	unknown	United States	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
48.184.111.104	unknown	United States	2686	ATGS-MMD-ASUS	false
197.132.217.115	unknown	Egypt	24835	RAYA-ASEG	false
169.202.199.165	unknown	South Africa	37611	AfrihostZA	false
182.82.174.104	unknown	China	23771	SXBCTV-APSXBCTVInternetServiceProviderCN	false
134.18.244.239	unknown	Australia	385	AFCONC-BLOCK1-ASUS	false
196.247.60.225	unknown	Seychelles	41564	AS41564SE	false
145.131.223.72	unknown	Netherlands	28685	ASN-ROUTITNL	false
91.44.2.107	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
86.86.132.45	unknown	Netherlands	1136	KPNKPNNationalEU	false
112.20.205.10	unknown	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
199.209.36.222	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
134.12.55.229	unknown	United States	270	AS270US	false
157.168.230.20	unknown	Switzerland	22192	SSHENETUS	false
253.216.122.239	unknown	Reserved	unknown	unknown	false
131.127.120.80	unknown	United States	668	DNIC-AS-00668US	false
166.146.116.6	unknown	United States	6167	CELLCO-PARTUS	false
153.15.14.86	unknown	Norway	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
53.193.209.203	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
58.167.228.180	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
177.72.19.16	unknown	unknown	262537	DataSafeITSolucoesemTecnologiaBR	false
80.33.186.77	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
212.137.210.222	unknown	United Kingdom	1273	CWVodafoneGroupPLCEU	false
203.137.219.160	unknown	Japan	4694	IDCFIDCFrontierIncJP	false
212.222.240.70	unknown	United Kingdom	3257	GTT-BACKBONEGTTDE	false
69.181.177.29	unknown	United States	7922	COMCAST-7922US	false
152.130.163.46	unknown	United States	29992	VA-TMP-COREUS	false
17.3.87.29	unknown	United States	714	APPLE-ENGINEERINGUS	false
217.46.188.101	unknown	United Kingdom	6871	PLUSNETUKInternetServiceProviderGB	false
27.59.44.110	unknown	India	45609	BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService	false
65.13.253.121	unknown	United States	7018	ATT-INTERNET4US	false
56.25.161.4	unknown	United States	2686	ATGS-MMD-ASUS	false
1.119.157.21	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
184.118.230.138	unknown	United States	7922	COMCAST-7922US	false
193.207.211.160	unknown	Italy	3269	ASN-IBSNAZIT	false
204.235.126.14	unknown	United States	30030	SIMPLEXITYUS	false
119.90.12.105	unknown	China	24143	CNNIC-QCN-APQingdaoCableTVNetworkCenterCN	false
61.130.143.143	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
57.254.163.62	unknown	Belgium	2686	ATGS-MMD-ASUS	false
22.180.220.222	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
22.216.57.76	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
200.19.1.255	unknown	Brazil	2716	UniversidadeFederaldoRioGrandedoSulBR	false
130.41.40.1	unknown	United States	243	HARRIS-ATD-ASUS	false
16.128.90.16	unknown	United States	unknown	unknown	false
18.232.167.114	unknown	United States	14618	AMAZON-AESUS	false
129.234.12.157	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
211.127.141.254	unknown	Japan	4725	ODNSoftBankMobileCorpJP	false
218.69.20.117	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
133.59.142.56	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
11.226.204.223	unknown	United States	3356	LEVEL3US	false
48.166.50.111	unknown	United States	2686	ATGS-MMD-ASUS	false
84.185.121.75	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
3.89.7.218	unknown	United States	14618	AMAZON-AESUS	false
161.81.250.8	unknown	Hong Kong	137872	PEOPLESPHONE-HKChinaMobileHongKongCompanyLimitedHK	false
59.55.32.214	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
150.223.227.59	unknown	China	58519	CHINATELECOM-CTCLOUDCloudComputingCorporationCN	false
54.2.225.241	unknown	United States	14618	AMAZON-AESUS	false
240.253.190.20	unknown	Reserved	unknown	unknown	false
75.179.52.87	unknown	United States	10796	TWC-10796-MIDWESTUS	false
27.167.147.1	unknown	Korea Republic of	9644	SKTELECOM-NET-ASSKTelecomKR	false

Name	Type	MD5	SHA1	SHA256
/tmp/tmp.EQLgjCNBFD	ASCII text	DD514F892B5F93ED615D366E58AC58AF	BA75EDB3C2232CC260BC187F604DC8F25AA72C11	F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
/tmp/tmp.ONisxp5pqw	UTF-8 Unicode text	F54FF0712E841F4F0A7B21018B9136AD	98301ABDDC6A7D664DFAA52EEB06152D2312D28E	228178873A4D4AF072E3717F1C6B5DD018547BAA520D14E327BC0FC027126A06
/tmp/tmp.ZtXsY8H9DY	ASCII text	7E5B152FCF63F8DAB71A695D1DBE01FA	02135FF9133DB03A40AAFF586BB173E6A7A6998F	FCF33DFBE13C2354BF0E1B063F9FB422747A46CEE00B7420BCEFF2B81457B345
/var/cache/motd-news	ASCII text	DD514F892B5F93ED615D366E58AC58AF	BA75EDB3C2232CC260BC187F604DC8F25AA72C11	F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF

AV Detection

Antivirus / Scanner detection for submitted sample

Source: VefqQeU0Xt

Avira: detected

Multi AV Scanner detection for submitted file

Source: VefqQeU0Xt	Virustotal: Detection: 50%	Perma Link
Source: VefqQeU0Xt	Metadefender: Detection: 52%	Perma Link
Source: VefqQeU0Xt	ReversingLabs: Detection: 47%

Bitcoin Miner

Searches for CPU information (likely indicative for DDoS capability)

Source: /etc/update-motd.d/50-motd-news (PID: 6236)

Executable: /usr/bin/grep -> grep -m1 "^model name" /proc/cpuinfo

Jump to behavior

Reads CPU information from /proc indicative of miner or evasive malware

Source: /usr/bin/grep (PID: 6236)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58926

Executes the "wget" command typically used for HTTP/S downloading

Source: /etc/update-motd.d/50-motd-news (PID: 6247)

Jump to behavior

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:38184 -> 31.7.58.162:5556
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 191.30.223.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.149.208.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.123.5.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 161.65.22.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.169.15.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 58.18.79.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.153.125.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 58.93.74.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.144.63.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.189.88.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 97.127.204.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.23.92.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 75.182.97.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 161.162.119.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 138.126.202.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.22.3.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 248.91.165.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 137.79.23.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 40.74.62.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.71.70.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 60.27.61.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 252.58.4.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 156.37.82.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 255.28.159.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 249.86.240.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.123.185.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.141.118.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 177.57.137.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.58.244.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 159.68.99.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 1.38.50.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 60.2.238.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 97.187.77.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 201.240.124.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 16.220.124.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 84.198.238.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.32.190.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 66.228.208.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 80.103.20.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.142.183.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 142.138.102.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 114.243.122.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 212.112.223.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.86.25.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 61.189.246.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 249.116.14.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 120.48.145.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.181.229.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 45.113.181.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 139.221.25.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.73.90.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.11.227.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 219.59.141.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 146.44.141.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.121.14.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.25.166.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 1.48.96.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 47.49.80.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 196.118.125.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.113.204.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 99.10.49.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 205.184.0.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.16.212.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.156.21.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.224.168.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 16.157.212.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 181.122.156.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 140.209.235.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.135.34.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 9.117.77.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 49.72.218.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 244.23.77.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 155.63.137.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 249.192.85.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.36.16.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 122.150.227.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 72.122.10.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.109.192.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.76.115.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 145.181.147.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.24.211.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 154.102.33.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.160.183.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.28.86.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 130.228.129.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 98.241.154.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 28.112.170.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.223.64.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 211.91.188.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 26.148.44.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.34.51.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.97.49.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 30.201.175.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 252.73.111.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 188.252.161.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.161.117.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.137.121.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 211.40.87.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.22.255.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.127.4.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 243.244.81.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 158.53.46.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 64.83.127.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 90.25.243.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.86.127.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 18.20.18.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 215.235.7.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 74.181.104.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.181.82.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 72.156.68.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 241.67.238.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.1.205.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.201.76.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 130.124.97.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 96.255.174.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.30.224.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 176.238.226.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.250.8.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 156.169.194.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.29.93.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 242.252.94.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.114.241.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 170.119.172.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 47.1.150.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 20.26.146.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 223.92.152.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 134.127.129.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.36.23.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 38.255.93.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 207.209.34.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 160.11.84.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 193.43.189.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 105.251.60.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.141.66.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.160.233.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 18.15.186.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.241.251.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 146.171.20.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.121.12.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.139.50.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 144.119.86.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 175.7.240.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 163.31.52.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 223.2.238.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 30.217.21.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 48.247.235.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 219.19.11.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 184.129.91.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 135.145.85.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.168.1.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.88.103.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 7.73.51.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.21.27.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 179.140.118.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.185.18.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.16.244.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 81.106.195.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 6.220.203.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 39.5.130.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.86.83.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 104.200.255.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 141.177.33.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 184.190.19.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 88.207.77.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.249.70.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 223.210.128.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 132.43.136.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 241.86.79.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 104.115.1.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 108.25.162.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.6.103.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 113.104.178.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 139.67.69.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 155.112.183.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 96.208.137.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.195.210.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 186.101.78.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 240.250.193.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 186.50.185.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 211.177.156.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 49.169.234.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 157.127.84.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 253.235.101.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 15.211.101.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 75.11.100.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 202.53.170.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 4.61.228.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.182.125.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.45.178.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 19.42.217.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 147.216.18.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 83.157.61.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.237.133.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.92.24.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.35.143.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.67.82.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 182.223.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 34.179.43.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 89.239.124.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 120.12.207.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.25.74.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 143.116.120.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 11.71.52.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 201.118.201.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.115.85.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.234.155.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 106.137.252.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 12.201.207.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 124.254.36.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 162.22.183.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 204.206.6.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 41.163.78.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 221.106.236.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.142.37.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 77.33.41.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 71.223.52.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 96.241.7.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 139.10.236.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 160.5.220.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.206.122.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.155.231.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 200.60.35.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 101.18.194.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.62.119.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 62.33.227.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.98.101.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 253.54.235.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.50.123.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.165.45.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.48.104.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 200.56.163.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 68.39.141.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 125.209.18.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 176.254.111.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 102.147.217.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.143.75.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 116.157.97.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 19.228.156.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.50.35.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 250.84.226.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 195.202.188.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 161.100.159.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 160.215.59.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 45.128.28.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 107.92.239.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.209.48.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.48.63.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 22.182.247.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.115.154.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.177.75.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 51.174.11.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 159.164.163.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 80.224.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 220.35.159.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.233.14.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.231.166.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 121.120.85.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.178.33.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 173.35.213.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 125.123.249.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.27.64.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.118.164.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 180.195.193.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.143.52.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.122.50.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 22.109.132.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 115.104.128.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 23.112.166.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 213.183.166.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.249.189.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.241.96.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 7.27.150.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 149.96.205.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 54.86.218.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 204.158.213.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 29.200.225.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 173.47.108.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 11.152.152.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 21.40.108.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 29.119.31.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 215.164.51.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 246.248.193.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.15.24.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 209.97.66.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 34.192.104.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 241.254.158.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 51.5.188.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.224.200.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 116.52.78.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 6.72.235.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.145.18.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 122.213.104.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 23.57.167.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.122.27.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 107.156.86.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 21.162.102.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 203.19.203.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 50.255.87.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 73.129.106.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 66.48.146.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 246.219.167.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 195.182.42.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 42.225.72.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 71.67.244.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 166.224.69.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 9.140.146.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 32.86.189.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 101.116.41.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 53.3.3.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.95.230.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 143.0.146.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 194.237.52.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.191.102.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 203.241.101.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 48.184.111.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 74.199.218.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 13.151.143.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 73.19.147.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 214.192.208.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 195.115.109.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 216.210.167.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 61.46.132.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.229.227.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 141.86.247.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 9.132.137.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 29.84.77.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 158.53.106.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 117.140.100.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.207.255.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 148.177.27.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 59.43.101.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 137.49.86.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.28.114.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 194.131.160.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 84.91.223.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 181.21.84.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 83.10.113.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 99.6.118.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 252.72.52.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.145.25.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 190.141.63.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.229.20.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 83.4.199.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.213.255.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 218.60.2.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.87.236.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 147.14.134.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 52.188.22.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 175.87.158.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 217.165.197.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.73.112.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 35.228.2.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 218.115.126.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 187.121.27.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 125.91.58.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 36.236.209.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 186.66.235.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 87.205.234.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 38.163.154.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 99.71.17.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 214.106.121.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 71.157.150.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 14.184.169.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 75.111.66.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 200.242.41.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 104.159.245.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 22.91.239.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 146.169.70.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.92.82.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 26.180.145.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 214.249.140.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 201.96.143.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 142.244.255.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 193.86.69.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 91.49.155.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.18.246.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.249.190.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 208.116.93.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 208.194.237.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 202.253.113.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.73.103.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.13.251.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 49.117.62.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.211.103.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 65.188.108.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.191.120.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 180.77.41.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.72.139.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.33.38.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 250.204.91.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 110.236.25.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 102.38.174.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 72.97.54.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.11.31.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 253.195.76.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 105.3.186.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 240.20.165.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 13.60.25.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 131.12.79.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 81.113.166.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 183.55.11.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 171.88.53.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 85.148.58.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 137.182.56.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 113.76.239.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 126.221.197.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 194.12.9.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 80.222.133.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.54.141.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 140.40.99.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 106.106.247.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 106.246.88.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 18.62.37.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 134.141.188.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.225.182.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 247.13.244.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.10.159.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 136.129.83.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 65.29.70.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 37.37.80.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 92.17.78.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 87.114.248.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 46.57.209.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 94.14.122.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 43.253.223.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 38.244.205.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 55.141.67.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 198.102.103.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 1.225.247.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 70.140.233.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 73.177.200.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 69.172.1.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 26.19.36.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 164.104.171.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 118.8.184.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.77.119.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 188.59.111.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 54.209.90.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 155.221.62.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 100.159.228.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 242.19.119.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 109.75.247.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 135.79.28.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 12.169.248.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.225.171.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 250.109.130.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 112.119.162.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 181.225.220.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 184.12.228.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.152.251.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 25.230.132.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 110.13.106.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 188.203.130.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 142.208.85.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 162.223.103.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 95.118.253.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 59.29.195.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 140.188.100.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 138.49.30.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 47.155.194.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 157.157.59.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 153.93.84.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 154.209.219.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 60.32.17.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 152.88.254.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 191.32.75.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 63.30.194.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 91.135.35.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 15.176.207.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.86.31.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 143.83.204.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 93.49.121.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 206.232.39.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 6.202.183.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 113.44.219.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 61.15.33.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.88.69.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 132.103.51.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 144.74.85.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 207.167.228.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 67.239.39.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 151.228.9.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 251.6.97.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 133.84.12.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 157.146.136.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 176.24.165.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 207.0.37.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.39.29.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 175.35.140.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.69.67.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 3.40.241.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 128.90.179.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 147.247.120.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 222.185.82.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 129.57.14.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 97.168.175.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 169.71.207.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 165.207.123.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:27127 -> 170.145.209.235:2323

Sample listens on a socket

Source: /tmp/VefqQeU0Xt (PID: 6253)

Socket: 127.0.0.1::4668

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33616
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 31.7.58.162
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 92.240.212.111
Source: unknown	TCP traffic detected without corresponding DNS query: 191.30.223.111
Source: unknown	TCP traffic detected without corresponding DNS query: 192.59.80.156
Source: unknown	TCP traffic detected without corresponding DNS query: 47.184.111.104
Source: unknown	TCP traffic detected without corresponding DNS query: 191.102.53.236
Source: unknown	TCP traffic detected without corresponding DNS query: 220.216.99.136
Source: unknown	TCP traffic detected without corresponding DNS query: 215.99.232.174
Source: unknown	TCP traffic detected without corresponding DNS query: 97.141.194.17
Source: unknown	TCP traffic detected without corresponding DNS query: 26.238.62.70
Source: unknown	TCP traffic detected without corresponding DNS query: 194.213.28.114
Source: unknown	TCP traffic detected without corresponding DNS query: 100.149.208.9
Source: unknown	TCP traffic detected without corresponding DNS query: 78.55.226.3
Source: unknown	TCP traffic detected without corresponding DNS query: 118.134.191.213
Source: unknown	TCP traffic detected without corresponding DNS query: 111.69.31.143
Source: unknown	TCP traffic detected without corresponding DNS query: 174.29.179.151
Source: unknown	TCP traffic detected without corresponding DNS query: 140.127.145.26
Source: unknown	TCP traffic detected without corresponding DNS query: 49.4.192.238
Source: unknown	TCP traffic detected without corresponding DNS query: 89.135.24.152
Source: unknown	TCP traffic detected without corresponding DNS query: 63.182.68.30
Source: unknown	TCP traffic detected without corresponding DNS query: 37.123.5.229
Source: unknown	TCP traffic detected without corresponding DNS query: 22.47.147.217
Source: unknown	TCP traffic detected without corresponding DNS query: 76.20.22.151
Source: unknown	TCP traffic detected without corresponding DNS query: 221.79.225.118
Source: unknown	TCP traffic detected without corresponding DNS query: 183.143.197.44
Source: unknown	TCP traffic detected without corresponding DNS query: 77.23.199.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.191.149
Source: unknown	TCP traffic detected without corresponding DNS query: 113.208.229.47
Source: unknown	TCP traffic detected without corresponding DNS query: 161.65.22.168
Source: unknown	TCP traffic detected without corresponding DNS query: 159.106.12.96
Source: unknown	TCP traffic detected without corresponding DNS query: 144.114.107.235
Source: unknown	TCP traffic detected without corresponding DNS query: 93.116.19.127
Source: unknown	TCP traffic detected without corresponding DNS query: 189.176.215.111
Source: unknown	TCP traffic detected without corresponding DNS query: 203.66.11.88
Source: unknown	TCP traffic detected without corresponding DNS query: 199.38.203.72
Source: unknown	TCP traffic detected without corresponding DNS query: 186.98.116.215
Source: unknown	TCP traffic detected without corresponding DNS query: 1.78.235.5
Source: unknown	TCP traffic detected without corresponding DNS query: 216.169.15.177
Source: unknown	TCP traffic detected without corresponding DNS query: 3.123.192.200

Source: tmp.ONisxp5pqw.48.dr	String found in binary or memory: https://motd.ubuntu.com/
Source: motd-news.70.dr, tmp.EQLgjCNBFD.48.dr	String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

DDoS

Searches for CPU information (likely indicative for DDoS capability)

Source: /etc/update-motd.d/50-motd-news (PID: 6236)

Executable: /usr/bin/grep -> grep -m1 "^model name" /proc/cpuinfo

Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.troj.mine.lin@0/4@0/0

Executes the "grep" command used to find patterns in files or piped streams

Source: /etc/update-motd.d/50-motd-news (PID: 6236)

Grep executable: /usr/bin/grep -> grep -m1 "^model name" /proc/cpuinfo

Jump to behavior

Executes the "wget" command typically used for HTTP/S downloading

Source: /etc/update-motd.d/50-motd-news (PID: 6247)

Jump to behavior

Reads system information from the proc file system

Source: /usr/bin/grep (PID: 6236)

Reads from proc file: /proc/cpuinfo

Jump to behavior

Executes the "mktemp" command used to create a temporary unique file name

Source: /etc/update-motd.d/50-motd-news (PID: 6221)	Mktemp executable: /usr/bin/mktemp -> mktemp	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6222)	Mktemp executable: /usr/bin/mktemp -> mktemp	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6223)	Mktemp executable: /usr/bin/mktemp -> mktemp	Jump to behavior

Executes the "rm" command used to delete files or directories

Source: /etc/update-motd.d/50-motd-news (PID: 6269)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.EQLgjCNBFD /tmp/tmp.ONisxp5pqw /tmp/tmp.ZtXsY8H9DY

Jump to behavior

Source: /etc/update-motd.d/50-motd-news (PID: 6226)

Awk executable: /usr/bin/awk -> awk "$1 == \"ii\" { print($3); exit(0); }"

Jump to behavior

Source: /etc/update-motd.d/50-motd-news (PID: 6230)	Sed executable: /usr/bin/sed -> sed -e "s/ /\\//g"			Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6237)	Sed executable: /usr/bin/sed -> sed -e "s/.*: //" -e s:\\s\\+:/:g			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58926

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/uname (PID: 6232)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uname (PID: 6233)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uname (PID: 6234)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cloud-id (PID: 6238)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uname (PID: 6243)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wget (PID: 6247)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/VefqQeU0Xt (PID: 6253)	Queries kernel information via 'uname':	Jump to behavior

Reads CPU information from /proc indicative of miner or evasive malware

Source: /usr/bin/grep (PID: 6236)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: VefqQeU0Xt, 6253.1.000055a0d3ae5000.000055a0d3c13000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: VefqQeU0Xt, 6253.1.000055a0d3ae5000.000055a0d3c13000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: VefqQeU0Xt, 6253.1.00007ffd83793000.00007ffd837b4000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: VefqQeU0Xt, 6253.1.00007ffd83793000.00007ffd837b4000.rw-.sdmp	Binary or memory string: Qx86_64/usr/bin/qemu-arm/tmp/VefqQeU0XtSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/VefqQeU0Xt

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Executes the "uname" command used to read OS and architecture name

Source: /etc/update-motd.d/50-motd-news (PID: 6231)	Uname executable: /usr/bin/uname -> uname -o	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6232)	Uname executable: /usr/bin/uname -> uname -r	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6233)	Uname executable: /usr/bin/uname -> uname -m	Jump to behavior
Source: /etc/update-motd.d/50-motd-news (PID: 6234)	Uname executable: /usr/bin/uname -> uname -m	Jump to behavior
Source: /usr/bin/cloud-id (PID: 6243)	Uname executable: /usr/bin/uname -> uname -p	Jump to behavior

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	679266
Product:	CloudBasic
Start time:	13:55:02
Start date:	05.08.2022
Sample:	VefqQeU0Xt
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	b8ec31b1eff948abc9e797eb796d10cb
SHA1:	5590da71a98232aa873143780f4f9e36e1a8359a
SHA256:	f67ac47d33f3681cd957585c4338c43e939eb5fc0d8da4ac84aa33ccf52fcb1e
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
VefqQeU0Xt

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report VefqQeU0Xt

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
VefqQeU0Xt