Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
l9Tu5ojqkF

Overview

General Information

Sample Name:l9Tu5ojqkF
Analysis ID:679599
MD5:f1c2cf0a5213d5b79aab8902d0b8c9a2
SHA1:0dfc8ff630f6da90b17477ac261fd74475e0a711
SHA256:205418de2ec31652223bff945d4ee3e5fe4ce8258346ce755d5d3f8596c2ac47
Tags:32elfintelmirai
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample deletes itself
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Sample tries to kill multiple processes (SIGKILL)
Connects to many ports of the same IP (likely port scanning)
Yara signature match
Sample has stripped symbol table
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:679599
Start date and time: 06/08/202203:39:062022-08-06 03:39:06 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 9s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:l9Tu5ojqkF
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal84.spre.troj.evad.lin@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/l9Tu5ojqkF
PID:6229
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • l9Tu5ojqkF (PID: 6229, Parent: 6124, MD5: f1c2cf0a5213d5b79aab8902d0b8c9a2) Arguments: /tmp/l9Tu5ojqkF
  • fusermount (PID: 6253, Parent: 1860, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • sh (PID: 6265, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 6265, Parent: 1477, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 6267, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 6267, Parent: 1477, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 6268, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 6268, Parent: 1477, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • sh (PID: 6269, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 6269, Parent: 1477, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 6270, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 6270, Parent: 1477, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 6271, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 6271, Parent: 1477, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • sh (PID: 6274, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 6274, Parent: 1477, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • sh (PID: 6275, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 6275, Parent: 1477, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • sh (PID: 6276, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 6276, Parent: 1477, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • sh (PID: 6277, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 6277, Parent: 1477, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 6278, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 6278, Parent: 1477, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • sh (PID: 6279, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 6279, Parent: 1477, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • sh (PID: 6281, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 6281, Parent: 1477, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
l9Tu5ojqkFLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0x37f0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
l9Tu5ojqkFLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7032:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
l9Tu5ojqkFLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x8901:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
l9Tu5ojqkFLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x7002:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6229.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0x37f0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    6229.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
    • 0x7032:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
    6229.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
    • 0x8901:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
    6229.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
    • 0x7002:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: l9Tu5ojqkFVirustotal: Detection: 17%Perma Link
    Source: l9Tu5ojqkFReversingLabs: Detection: 35%
    Machine Learning detection for sample
    Source: l9Tu5ojqkFJoe Sandbox ML: detected

    Networking

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52342
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52346
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52348
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52350
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52354
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52362
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52366
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52370
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52376
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52384
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52186
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52192
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52186
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52194
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52222
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52240
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52246
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52254
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52258
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52262
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52264
    Connects to many ports of the same IP (likely port scanning)
    Source: global trafficTCP traffic: 204.76.203.200 ports 38241,1,2,3,4,8
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 51.110.54.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 187.217.219.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 219.42.53.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 142.237.25.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 101.60.229.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 150.128.144.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 180.200.174.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 188.147.239.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 4.240.93.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 19.59.142.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 117.177.236.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 37.79.55.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 217.56.106.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 151.224.19.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 99.63.216.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 133.223.149.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 89.92.163.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 95.96.129.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 132.13.77.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 161.186.163.102:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 150.133.97.48:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 207.189.68.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 39.112.127.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 212.242.176.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 221.150.212.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 93.212.13.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 45.71.63.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 110.141.230.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.150.206.249:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 107.38.194.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 129.128.101.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 39.168.104.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 67.110.230.222:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 216.27.73.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 119.25.146.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 70.113.208.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 1.123.65.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 65.8.254.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 158.30.158.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 18.17.3.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 95.107.121.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 34.37.167.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 89.210.177.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 204.72.151.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 24.147.245.174:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 51.108.79.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 93.216.12.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 43.0.137.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 101.117.131.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 57.67.79.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 25.164.20.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 31.15.121.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 114.215.75.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 104.158.214.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.71.124.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 178.207.131.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.26.199.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 129.152.172.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 138.224.185.141:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 140.46.52.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 188.192.233.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 212.159.103.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 124.11.168.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 19.97.216.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 201.95.58.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 110.141.178.147:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 208.203.248.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 216.178.234.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 20.249.117.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.133.186.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 81.76.153.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 81.75.183.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 18.55.75.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 173.137.72.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 117.161.192.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 197.43.68.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 131.107.196.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 81.11.42.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 98.39.249.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 114.50.35.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 14.126.134.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 24.35.173.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 84.131.189.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 104.40.250.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 104.254.60.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 175.199.30.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:58472 -> 204.76.203.200:38241
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 139.72.66.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 61.236.49.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 121.62.248.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 122.177.70.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 154.66.205.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 105.154.135.177:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 160.251.74.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 120.14.142.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 76.148.224.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 12.247.237.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 85.213.236.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 204.44.120.174:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.3.1.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 70.205.15.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 89.218.87.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 196.109.165.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 115.230.169.233:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 93.55.208.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.62.81.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 157.122.142.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 38.245.88.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 61.178.3.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 181.46.231.115:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 163.228.175.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 129.120.14.189:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 211.214.162.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 197.214.120.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 116.101.249.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 144.140.154.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 135.57.76.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 211.255.54.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 90.148.61.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 184.98.190.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 76.139.75.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 84.232.87.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.0.138.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 107.59.6.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 166.215.224.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 140.225.212.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 160.133.85.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 104.220.216.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.241.246.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.122.219.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 205.132.81.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 158.135.248.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 174.217.32.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 222.119.207.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 90.214.184.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 209.68.59.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 154.87.85.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 171.59.171.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 2.206.95.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 161.223.45.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 4.155.68.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 49.177.155.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 183.94.19.109:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 161.111.98.187:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 39.117.98.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 178.13.224.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 98.10.26.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 176.27.51.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 124.17.78.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 146.187.98.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 86.41.181.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 164.21.153.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 140.232.147.22:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 179.237.157.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 65.9.80.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 183.243.123.51:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 81.59.75.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 198.233.71.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 198.131.100.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 193.185.38.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 107.73.156.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 132.115.37.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 144.217.46.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 72.51.27.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 170.243.3.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 219.94.78.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 37.15.230.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 57.161.83.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 102.206.28.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 67.198.131.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 213.123.156.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 148.246.185.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 173.170.116.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 120.247.58.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 171.115.230.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 190.12.24.97:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 87.39.12.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 62.2.16.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 219.63.238.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.88.81.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 62.225.31.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 178.119.73.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 209.104.174.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 84.115.104.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 57.140.66.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 141.114.8.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 74.112.206.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 48.127.218.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 212.168.56.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 92.164.111.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 106.170.98.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 76.126.187.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 202.8.123.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 65.194.171.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 105.11.152.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 121.233.127.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 75.160.172.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 199.155.46.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 174.166.30.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 162.187.70.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 125.248.62.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 177.220.4.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 212.25.41.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 184.204.26.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 63.148.1.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 131.88.208.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 99.127.199.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.199.185.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 198.148.179.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 113.187.190.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 76.138.108.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 13.112.10.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 96.113.111.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 149.2.161.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 124.64.230.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 145.87.81.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 205.91.114.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 57.79.77.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 120.217.18.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 193.1.92.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 25.113.32.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 111.225.56.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 27.126.177.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 71.29.228.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 88.10.43.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 116.112.170.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 149.49.105.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 218.109.6.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 75.11.46.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 67.255.205.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 85.40.175.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 85.205.124.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 136.240.97.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 205.88.5.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 143.136.131.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 40.211.90.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 102.54.132.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 150.253.2.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 12.77.208.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 99.222.98.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.71.246.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 216.135.146.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 162.129.60.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 129.119.90.85:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 23.90.142.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 133.251.170.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 53.180.145.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 2.77.167.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 207.87.107.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 149.99.6.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 118.32.81.94:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 156.110.17.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 49.119.226.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 196.145.52.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 209.242.212.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 189.11.30.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 137.178.190.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 165.193.151.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 130.221.237.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 41.103.217.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 109.158.209.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 188.46.34.247:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 204.151.23.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 78.251.0.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.238.179.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 202.11.118.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 75.177.50.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 65.94.199.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 51.113.85.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 76.3.159.22:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 138.160.228.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 91.75.250.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 64.50.11.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 206.123.108.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 140.157.111.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 130.236.249.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 19.230.72.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 184.119.186.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 162.243.78.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 97.134.116.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 193.72.38.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.26.38.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.48.164.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 84.203.222.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 43.40.225.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.3.191.31:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 91.14.21.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 183.210.113.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 146.218.71.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 218.29.42.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 12.187.205.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 207.129.136.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.30.164.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 78.207.15.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 164.58.184.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 194.114.159.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.120.231.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 20.94.80.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 182.78.40.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 59.178.255.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 41.203.135.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 204.189.93.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 156.24.65.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 167.70.60.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 91.222.14.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 95.214.21.107:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 208.50.245.109:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 80.198.73.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 208.247.9.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 31.1.27.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 204.0.229.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 119.46.155.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 163.47.216.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 96.13.69.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.217.114.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 133.250.219.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 38.70.96.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 87.92.109.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.0.159.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 23.88.137.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 146.51.158.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 25.154.84.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 177.233.208.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 182.246.65.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.236.208.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 220.205.196.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 154.216.243.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 36.142.50.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 103.205.13.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 212.16.134.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 97.249.143.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 14.230.158.94:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 203.163.198.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 196.224.159.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 8.254.57.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 186.149.121.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.130.49.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 35.43.192.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 128.202.232.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.253.33.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 171.150.234.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.30.20.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.196.27.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 50.165.178.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 104.103.17.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 87.130.21.189:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 74.37.235.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 126.89.136.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 135.220.212.48:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 159.72.66.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 110.102.39.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 92.6.249.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 159.184.42.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 208.124.253.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 84.93.143.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 208.91.31.42:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 164.58.6.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 150.76.58.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 183.197.115.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 73.131.120.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 169.119.224.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 187.80.73.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 209.143.189.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.203.220.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 145.96.152.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 207.107.165.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 119.9.26.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 60.71.43.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 80.123.70.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 114.123.191.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 90.107.66.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 35.95.239.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 124.11.39.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 169.217.167.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 196.85.234.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.103.38.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 105.202.123.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.26.200.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 43.212.38.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 201.106.87.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 176.192.203.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 151.21.73.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 157.49.218.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 171.212.118.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 120.208.55.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 108.87.165.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 211.167.246.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 91.114.137.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 173.22.210.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 27.229.181.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 152.49.161.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 75.8.14.62:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.128.168.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 162.119.118.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 101.184.208.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 54.186.93.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 160.125.66.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.244.14.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 40.176.5.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 149.140.156.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 132.201.70.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 42.25.123.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 106.245.73.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 121.231.108.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 51.223.150.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 212.50.123.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 68.16.140.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 51.106.229.122:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 50.129.89.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.66.165.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 49.221.230.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 108.237.133.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 52.71.203.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 195.146.111.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 106.9.172.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 149.188.204.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 136.247.227.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 101.106.129.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 156.23.161.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 20.44.52.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 221.230.59.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 156.116.251.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 149.216.207.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 204.246.85.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 161.95.109.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 187.45.176.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 154.183.192.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 124.5.207.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 191.166.6.80:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 89.17.227.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 82.143.44.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 87.147.14.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 178.136.80.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 203.162.195.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 97.112.250.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 145.12.92.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 31.90.116.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 39.163.34.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 218.152.238.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 66.193.114.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 190.9.136.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 2.102.223.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 51.207.145.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 106.223.27.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 71.224.175.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 102.104.17.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 200.208.68.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 112.121.28.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 147.21.129.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 96.244.131.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 178.38.219.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 145.209.81.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 190.122.126.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 103.3.127.249:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 103.209.248.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 31.200.106.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 120.66.98.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 188.57.136.115:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 95.128.0.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 175.20.50.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 46.248.37.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 110.84.97.237:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 117.186.75.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 69.141.4.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 164.59.13.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 161.151.11.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 103.4.191.189:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 167.87.155.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 174.231.137.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 70.229.208.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 182.201.208.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 47.172.136.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 82.254.59.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 202.56.139.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 60.222.185.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 142.199.172.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 143.18.217.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 2.170.181.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 210.105.182.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 67.213.54.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 163.232.255.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 86.221.224.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 72.30.185.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 159.167.228.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 50.247.79.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 9.169.184.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 151.132.210.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 164.164.153.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 27.121.168.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 97.225.19.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 59.160.56.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 23.78.176.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 124.255.191.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 222.113.101.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 23.145.98.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 128.64.92.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 27.180.168.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 59.23.52.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 168.240.45.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:16435 -> 36.229.126.210:2323
    Source: unknownDNS traffic detected: queries for: dosbot.in
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 102.81.42.14
    Source: unknownTCP traffic detected without corresponding DNS query: 157.135.59.161
    Source: unknownTCP traffic detected without corresponding DNS query: 191.84.156.223
    Source: unknownTCP traffic detected without corresponding DNS query: 150.26.139.32
    Source: unknownTCP traffic detected without corresponding DNS query: 170.138.106.68
    Source: unknownTCP traffic detected without corresponding DNS query: 145.196.62.239
    Source: unknownTCP traffic detected without corresponding DNS query: 132.255.150.246
    Source: unknownTCP traffic detected without corresponding DNS query: 57.62.45.3
    Source: unknownTCP traffic detected without corresponding DNS query: 69.133.175.118
    Source: unknownTCP traffic detected without corresponding DNS query: 187.217.219.67
    Source: unknownTCP traffic detected without corresponding DNS query: 193.23.237.121
    Source: unknownTCP traffic detected without corresponding DNS query: 69.80.164.53
    Source: unknownTCP traffic detected without corresponding DNS query: 150.225.108.70
    Source: unknownTCP traffic detected without corresponding DNS query: 158.159.55.131
    Source: unknownTCP traffic detected without corresponding DNS query: 125.118.71.128
    Source: unknownTCP traffic detected without corresponding DNS query: 35.146.142.29
    Source: unknownTCP traffic detected without corresponding DNS query: 184.243.200.53
    Source: unknownTCP traffic detected without corresponding DNS query: 171.47.245.111
    Source: unknownTCP traffic detected without corresponding DNS query: 53.76.163.175
    Source: unknownTCP traffic detected without corresponding DNS query: 219.42.53.178
    Source: unknownTCP traffic detected without corresponding DNS query: 118.254.64.236
    Source: unknownTCP traffic detected without corresponding DNS query: 101.156.220.43
    Source: unknownTCP traffic detected without corresponding DNS query: 94.64.198.153
    Source: unknownTCP traffic detected without corresponding DNS query: 171.155.209.146
    Source: unknownTCP traffic detected without corresponding DNS query: 37.178.114.54
    Source: unknownTCP traffic detected without corresponding DNS query: 193.109.130.209
    Source: unknownTCP traffic detected without corresponding DNS query: 178.200.179.66
    Source: unknownTCP traffic detected without corresponding DNS query: 192.4.208.136
    Source: unknownTCP traffic detected without corresponding DNS query: 173.56.118.69
    Source: unknownTCP traffic detected without corresponding DNS query: 76.6.252.161
    Source: unknownTCP traffic detected without corresponding DNS query: 142.237.25.212
    Source: unknownTCP traffic detected without corresponding DNS query: 185.135.183.94
    Source: unknownTCP traffic detected without corresponding DNS query: 83.62.30.27
    Source: unknownTCP traffic detected without corresponding DNS query: 61.174.86.47
    Source: unknownTCP traffic detected without corresponding DNS query: 126.188.45.217
    Source: unknownTCP traffic detected without corresponding DNS query: 38.211.244.109
    Source: unknownTCP traffic detected without corresponding DNS query: 117.107.158.13
    Source: unknownTCP traffic detected without corresponding DNS query: 101.60.229.135
    Source: unknownTCP traffic detected without corresponding DNS query: 223.104.164.28
    Source: unknownTCP traffic detected without corresponding DNS query: 167.83.218.94
    Source: unknownTCP traffic detected without corresponding DNS query: 75.233.180.84
    Source: unknownTCP traffic detected without corresponding DNS query: 192.87.97.151
    Source: unknownTCP traffic detected without corresponding DNS query: 144.225.47.161
    Source: unknownTCP traffic detected without corresponding DNS query: 17.226.45.220
    Source: unknownTCP traffic detected without corresponding DNS query: 4.15.162.69
    Source: unknownTCP traffic detected without corresponding DNS query: 166.88.138.144
    Source: unknownTCP traffic detected without corresponding DNS query: 125.86.221.25
    Source: unknownTCP traffic detected without corresponding DNS query: 115.131.96.15
    Source: unknownTCP traffic detected without corresponding DNS query: 150.128.144.215
    Source: unknownTCP traffic detected without corresponding DNS query: 31.88.65.74

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 796, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1349, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1477, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1489, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1579, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1582, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1586, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1594, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1622, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1623, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1627, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1629, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1632, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1633, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1638, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1639, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1642, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1648, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1654, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1656, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1661, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1664, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1668, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1698, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1699, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2009, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2025, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2033, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2038, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2114, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2128, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2129, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2195, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2226, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2242, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2307, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2637, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6237, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6253, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6265, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6267, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6268, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6269, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6270, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6271, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6275, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6274, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6276, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6277, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6278, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6279, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6281, result: successful
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: l9Tu5ojqkF, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 6229.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 796, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1349, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1477, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1489, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1579, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1582, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1586, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1594, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1622, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1623, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1627, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1629, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1632, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1633, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1638, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1639, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1642, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1648, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1654, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1656, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1661, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1664, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1668, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1698, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 1699, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2009, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2025, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2033, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2038, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2114, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2128, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2129, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2195, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2226, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2242, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2307, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 2637, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6237, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6253, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6265, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6267, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6268, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6269, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6270, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6271, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6275, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6274, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6276, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6277, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6278, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6279, result: successful
    Source: /tmp/l9Tu5ojqkF (PID: 6231)SIGKILL sent: pid: 6281, result: successful
    Source: classification engineClassification label: mal84.spre.troj.evad.lin@0/0@1/0
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6231/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6234/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6233/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/3088/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/230/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/110/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/231/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/111/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/232/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/112/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/233/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/113/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/234/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1335/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/114/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/235/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1334/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1576/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/115/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/236/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/116/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/237/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/117/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/118/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/910/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/119/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/912/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/10/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/11/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/918/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6241/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/12/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6240/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/13/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6243/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/14/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6242/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/15/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6245/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/16/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6244/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/17/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6247/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/18/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6246/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/120/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/121/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/122/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/243/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/123/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/2/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/124/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/3/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/4/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/125/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/126/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1344/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1465/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/127/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/248/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/128/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/249/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1463/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/800/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6238/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/9/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/801/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6239/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/20/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/21/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1900/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/22/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6252/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/23/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6251/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/24/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/25/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/26/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6256/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/27/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/28/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/29/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/491/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/250/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/130/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/251/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6250/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/252/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/132/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/253/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/254/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/255/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/256/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1599/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/257/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1477/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/379/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/258/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1476/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/259/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/1475/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6249/cmdline
    Source: /tmp/l9Tu5ojqkF (PID: 6232)File opened: /proc/6248/cmdline

    Hooking and other Techniques for Hiding and Protection

    barindex
    Sample deletes itself
    Source: /tmp/l9Tu5ojqkF (PID: 6229)File: /tmp/l9Tu5ojqkFJump to behavior
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52342
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52346
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52348
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52350
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52354
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52362
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52366
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52370
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52376
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52384
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52186
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52192
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52186
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52194
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52222
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52240
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52246
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52254
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52258
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52262
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52264

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    File Deletion    		1
    OS Credential Dumping    		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    Service Stop
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Non-Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
    Application Layer Protocol    		SIM Card SwapCarrier Billing Fraud

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 679599 Sample: l9Tu5ojqkF Startdate: 06/08/2022 Architecture: LINUX Score: 84 26 dosbot.in 2->26 28 119.252.105.214 ZETTAGRID-ASZETTAGRIDCLOUDAU Indonesia 2->28 30 99 other IPs or domains 2->30 32 Malicious sample detected (through community Yara rule) 2->32 34 Multi AV Scanner detection for submitted file 2->34 36 Yara detected Mirai 2->36 38 3 other signatures 2->38 8 l9Tu5ojqkF 2->8         started        11 gnome-session-binary sh gsd-wacom 2->11         started        13 gnome-session-binary sh gsd-keyboard 2->13         started        15 12 other processes 2->15 signatures3 process4 signatures5 42 Sample deletes itself 8->42 17 l9Tu5ojqkF 8->17         started        process6 process7 19 l9Tu5ojqkF 17->19         started        22 l9Tu5ojqkF 17->22         started        24 l9Tu5ojqkF 17->24         started        signatures8 40 Sample tries to kill multiple processes (SIGKILL) 19->40

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    l9Tu5ojqkF17%VirustotalBrowse
    l9Tu5ojqkF35%ReversingLabsLinux.Trojan.Mirai
    l9Tu5ojqkF100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    dosbot.in
    		204.76.203.200
    		truetrue
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      162.41.162.207
      		unknownUnited States
      		53984AS-WELLSTARUSfalse
      45.214.204.94
      		unknownZambia
      		37287ZAIN-ZAMBIAZMfalse
      172.59.43.143
      		unknownUnited States
      		21928T-MOBILE-AS21928USfalse
      209.125.69.222
      		unknownUnited States
      		7029WINDSTREAMUSfalse
      85.172.132.72
      		unknownRussian Federation
      		42362ALANIA-ASBranchformerSevosetinelectrosvyazRUfalse
      50.36.161.17
      		unknownUnited States
      		5650FRONTIER-FRTRUSfalse
      35.234.44.34
      		unknownUnited States
      		15169GOOGLEUSfalse
      8.118.171.38
      		unknownUnited States
      		3356LEVEL3USfalse
      23.199.141.139
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      74.178.142.93
      		unknownUnited States
      		10796TWC-10796-MIDWESTUSfalse
      128.255.101.196
      		unknownUnited States
      		3676UIOWA-ASUSfalse
      88.81.208.172
      		unknownRussian Federation
      		28947INTURAL-ASZAOInTRUfalse
      207.71.175.212
      		unknownUnited States
      		26962IPROTUSfalse
      27.8.88.225
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      107.137.239.203
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      130.128.123.168
      		unknownUnited States
      		6908DATAHOPDatahop-SixDegreesGBfalse
      188.4.85.131
      		unknownGreece
      		1241FORTHNET-GRForthnetEUfalse
      170.199.89.73
      		unknownCanada
      		7122MTS-ASNCAfalse
      200.3.101.67
      		unknownArgentina
      		26594PampaEnergiaSAARfalse
      73.121.196.54
      		unknownUnited States
      		7922COMCAST-7922USfalse
      178.10.156.216
      		unknownGermany
      		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
      90.9.150.175
      		unknownFrance
      		3215FranceTelecom-OrangeFRfalse
      185.65.193.11
      		unknownGermany
      		60294DE-DGWDeutscheGlasfaserWholesaleInternetDEfalse
      52.190.45.51
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      143.84.43.254
      		unknownUnited States
      		1541DNIC-ASBLK-01534-01546USfalse
      205.195.40.155
      		unknownCanada
      		3356LEVEL3USfalse
      12.94.212.208
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      138.30.225.103
      		unknownJapan600OARNET-ASUSfalse
      126.120.51.101
      		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      113.181.189.136
      		unknownViet Nam
      		45899VNPT-AS-VNVNPTCorpVNfalse
      27.218.74.150
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      80.166.215.172
      		unknownDenmark
      		3292TDCTDCASDKfalse
      74.178.142.77
      		unknownUnited States
      		10796TWC-10796-MIDWESTUSfalse
      159.165.234.197
      		unknownUnited States
      		34058LIFECELL-ASUAfalse
      205.5.170.254
      		unknownUnited States
      		2914NTT-COMMUNICATIONS-2914USfalse
      171.43.3.29
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      161.212.254.30
      		unknownVenezuela
      		6306TELEFONICAVENEZOLANACAVEfalse
      89.16.77.146
      		unknownIreland
      		35226RIPPLECOM-ASIEfalse
      24.50.201.21
      		unknownUnited States
      		14638LCPRLUSfalse
      184.31.203.167
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      151.86.44.166
      		unknownItaly
      		8217ASN-ENIITfalse
      105.58.216.33
      		unknownKenya
      		33771SAFARICOM-LIMITEDKEfalse
      76.106.206.56
      		unknownUnited States
      		7922COMCAST-7922USfalse
      64.192.180.152
      		unknownUnited States
      		33548UNWIRED-NOCUSfalse
      73.220.65.71
      		unknownUnited States
      		7922COMCAST-7922USfalse
      141.189.61.166
      		unknownUnited States
      		17011PPG-INDUSTRIESUSfalse
      17.115.203.104
      		unknownUnited States
      		714APPLE-ENGINEERINGUSfalse
      99.67.41.6
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      154.160.107.230
      		unknownGhana
      		30986SCANCOMGHfalse
      181.251.166.89
      		unknownColombia
      		26611COMCELSACOfalse
      165.33.173.234
      		unknownUnited States
      		37053RSAWEB-ASZAfalse
      44.154.12.68
      		unknownUnited States
      		62383LDS-ASBEfalse
      131.100.166.66
      		unknownBrazil
      		61642NEXNETTBrasilTelecomBRfalse
      222.49.214.7
      		unknownChina
      		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
      92.48.138.37
      		unknownBelgium
      		5432PROXIMUS-ISP-ASBEfalse
      93.103.14.35
      		unknownSlovenia
      		34779T-2-ASASsetpropagatedbyT-2dooSIfalse
      83.26.204.58
      		unknownPoland
      		5617TPNETPLfalse
      103.29.16.192
      		unknownChina
      		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
      72.17.245.29
      		unknownUnited States
      		7029WINDSTREAMUSfalse
      61.25.66.236
      		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
      34.19.186.176
      		unknownUnited States
      		2686ATGS-MMD-ASUSfalse
      122.81.86.82
      		unknownChina
      		45069CNNIC-CTTSDNET-APchinatietongShandongnetCNfalse
      207.198.230.50
      		unknownUnited States
      		23395ELIASSPORTSBUREAUUSfalse
      216.98.234.182
      		unknownUnited States
      		19092360NETWORKS-USfalse
      108.151.82.229
      		unknownUnited States
      		16509AMAZON-02USfalse
      102.141.251.99
      		unknownSouth Africa
      		327962PacketSkyZAfalse
      136.110.180.165
      		unknownUnited States
      		60311ONEFMCHfalse
      2.41.35.65
      		unknownItaly
      		30722VODAFONE-IT-ASNITfalse
      82.33.237.171
      		unknownUnited Kingdom
      		5089NTLGBfalse
      18.47.114.84
      		unknownUnited States
      		3MIT-GATEWAYSUSfalse
      184.192.155.45
      		unknownUnited States
      		10507SPCSUSfalse
      5.252.139.146
      		unknownSwitzerland
      		49065SECTRASEfalse
      80.109.54.101
      		unknownAustria
      		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
      190.116.77.86
      		unknownPeru
      		12252AmericaMovilPeruSACPEfalse
      194.82.57.84
      		unknownUnited Kingdom
      		786JANETJiscServicesLimitedGBfalse
      97.163.77.57
      		unknownUnited States
      		6167CELLCO-PARTUSfalse
      195.216.74.4
      		unknownSwitzerland
      		16242MHSCHfalse
      190.214.187.34
      		unknownEcuador
      		28006CORPORACIONNACIONALDETELECOMUNICACIONES-CNTEPECfalse
      67.147.254.212
      		unknownUnited States
      		209CENTURYLINK-US-LEGACY-QWESTUSfalse
      199.147.142.240
      		unknownUnited States
      		4152USDA-1USfalse
      167.122.56.51
      		unknownUnited States
      		19275INTERVALUSfalse
      123.131.27.94
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      143.111.250.206
      		unknownUnited States
      		11773UTMDACCUSfalse
      141.230.57.184
      		unknownUnited States
      		12701BARCAPLondonGBfalse
      99.250.224.169
      		unknownCanada
      		812ROGERS-COMMUNICATIONSCAfalse
      120.163.149.157
      		unknownIndonesia
      		4761INDOSAT-INP-APINDOSATInternetNetworkProviderIDfalse
      211.119.126.230
      		unknownKorea Republic of
      		3786LGDACOMLGDACOMCorporationKRfalse
      121.180.7.191
      		unknownKorea Republic of
      		4766KIXS-AS-KRKoreaTelecomKRfalse
      195.164.130.154
      		unknownPoland
      		204679OSEPLfalse
      118.14.9.168
      		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      18.237.164.108
      		unknownUnited States
      		16509AMAZON-02USfalse
      35.84.6.3
      		unknownUnited States
      		237MERIT-AS-14USfalse
      96.150.105.243
      		unknownUnited States
      		7922COMCAST-7922USfalse
      213.139.212.68
      		unknownUkraine
      		208405SINET-ISP-ASUAfalse
      52.146.29.9
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      20.136.249.250
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      193.61.140.181
      		unknownUnited Kingdom
      		786JANETJiscServicesLimitedGBfalse
      119.252.105.214
      		unknownIndonesia
      		7604ZETTAGRID-ASZETTAGRIDCLOUDAUfalse
      162.164.129.230
      		unknownUnited States
      		21928T-MOBILE-AS21928USfalse
      123.215.165.251
      		unknownKorea Republic of
      		9318SKB-ASSKBroadbandCoLtdKRfalse

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):6.498860250882768
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:l9Tu5ojqkF
      File size:54556
      MD5:f1c2cf0a5213d5b79aab8902d0b8c9a2
      SHA1:0dfc8ff630f6da90b17477ac261fd74475e0a711
      SHA256:205418de2ec31652223bff945d4ee3e5fe4ce8258346ce755d5d3f8596c2ac47
      SHA512:6dcda86512c630952111dd4cff158b54a116a5fad25454ac3e2fdf9d4fed088335fbd81c9f165258ec3420984a703b111c97c8bfd46532072955da06bf053654
      SSDEEP:1536:pBRuzH5iOE2LhZMvp9MlsqPz+Sj6pP7zjS8:pBgb5iOVZMRQHPKSGVzT
      TLSH:56336BC4A58BD4F5EC1616B124B7B7334B32F43A112DDB87D35DA932BD92A21E24728C
      File Content Preview:.ELF....................d...4...d.......4. ...(..............................................`...`..@....(..........Q.td............................U..S.......W....h........[]...$.............U......= c...t..5.....a......a......u........t....h.P..........

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:Intel 80386
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x8048164
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:54116
      Section Header Size:40
      Number of Section Headers:11
      Header String Table Index:10

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x80480940x940x1c0x00x6AX001
      .textPROGBITS0x80480b00xb00xbb160x00x6AX0016
      .finiPROGBITS0x8053bc60xbbc60x170x00x6AX001
      .rodataPROGBITS0x8053be00xbbe00x14fc0x00x2A0032
      .ctorsPROGBITS0x80560e00xd0e00x80x00x3WA004
      .dtorsPROGBITS0x80560e80xd0e80x80x00x3WA004
      .jcrPROGBITS0x80560f00xd0f00x40x00x3WA004
      .dataPROGBITS0x80561000xd1000x2200x00x3WA0032
      .bssNOBITS0x80563200xd3200x25c00x00x3WA0032
      .shstrtabSTRTAB0x00xd3200x430x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x80480000x80480000xd0dc0xd0dc6.54060x5R E0x1000.init .text .fini .rodata
      LOAD0xd0e00x80560e00x80560e00x2400x28002.88380x6RW 0x1000.ctors .dtors .jcr .data .bss
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Aug 6, 2022 03:39:50.336016893 CEST164352323192.168.2.2351.110.54.161
      Aug 6, 2022 03:39:50.336038113 CEST1643523192.168.2.23102.81.42.14
      Aug 6, 2022 03:39:50.336042881 CEST1643523192.168.2.23157.135.59.161
      Aug 6, 2022 03:39:50.336045027 CEST1643523192.168.2.23191.84.156.223
      Aug 6, 2022 03:39:50.336059093 CEST1643523192.168.2.23150.26.139.32
      Aug 6, 2022 03:39:50.336061001 CEST1643523192.168.2.23170.138.106.68
      Aug 6, 2022 03:39:50.336064100 CEST1643523192.168.2.23145.196.62.239
      Aug 6, 2022 03:39:50.336071014 CEST1643523192.168.2.23132.255.150.246
      Aug 6, 2022 03:39:50.336127043 CEST1643523192.168.2.2357.62.45.3
      Aug 6, 2022 03:39:50.336138010 CEST1643523192.168.2.2369.133.175.118
      Aug 6, 2022 03:39:50.336143017 CEST164352323192.168.2.23187.217.219.67
      Aug 6, 2022 03:39:50.336169958 CEST1643523192.168.2.23193.23.237.121
      Aug 6, 2022 03:39:50.336195946 CEST1643523192.168.2.2369.80.164.53
      Aug 6, 2022 03:39:50.336218119 CEST1643523192.168.2.23150.225.108.70
      Aug 6, 2022 03:39:50.336226940 CEST1643523192.168.2.23158.159.55.131
      Aug 6, 2022 03:39:50.336234093 CEST1643523192.168.2.23125.118.71.128
      Aug 6, 2022 03:39:50.336342096 CEST1643523192.168.2.2335.146.142.29
      Aug 6, 2022 03:39:50.336343050 CEST1643523192.168.2.23184.243.200.53
      Aug 6, 2022 03:39:50.336357117 CEST1643523192.168.2.23171.47.245.111
      Aug 6, 2022 03:39:50.336359024 CEST1643523192.168.2.2353.76.163.175
      Aug 6, 2022 03:39:50.336369991 CEST164352323192.168.2.23219.42.53.178
      Aug 6, 2022 03:39:50.336374998 CEST1643523192.168.2.23118.254.64.236
      Aug 6, 2022 03:39:50.336426020 CEST1643523192.168.2.23101.156.220.43
      Aug 6, 2022 03:39:50.336432934 CEST1643523192.168.2.2394.64.198.153
      Aug 6, 2022 03:39:50.336455107 CEST1643523192.168.2.23171.155.209.146
      Aug 6, 2022 03:39:50.336456060 CEST1643523192.168.2.2337.178.114.54
      Aug 6, 2022 03:39:50.336458921 CEST1643523192.168.2.23193.109.130.209
      Aug 6, 2022 03:39:50.336464882 CEST1643523192.168.2.23178.200.179.66
      Aug 6, 2022 03:39:50.336513996 CEST1643523192.168.2.23192.4.208.136
      Aug 6, 2022 03:39:50.336515903 CEST1643523192.168.2.23173.56.118.69
      Aug 6, 2022 03:39:50.336529016 CEST1643523192.168.2.2376.6.252.161
      Aug 6, 2022 03:39:50.336530924 CEST164352323192.168.2.23142.237.25.212
      Aug 6, 2022 03:39:50.336536884 CEST1643523192.168.2.23185.135.183.94
      Aug 6, 2022 03:39:50.336539030 CEST1643523192.168.2.2383.62.30.27
      Aug 6, 2022 03:39:50.336549997 CEST1643523192.168.2.2361.174.86.47
      Aug 6, 2022 03:39:50.336554050 CEST1643523192.168.2.23126.188.45.217
      Aug 6, 2022 03:39:50.336599112 CEST1643523192.168.2.23222.93.210.213
      Aug 6, 2022 03:39:50.336606979 CEST1643523192.168.2.2338.211.244.109
      Aug 6, 2022 03:39:50.336607933 CEST1643523192.168.2.23117.107.158.13
      Aug 6, 2022 03:39:50.336615086 CEST164352323192.168.2.23101.60.229.135
      Aug 6, 2022 03:39:50.336620092 CEST1643523192.168.2.23223.104.164.28
      Aug 6, 2022 03:39:50.336625099 CEST1643523192.168.2.23167.83.218.94
      Aug 6, 2022 03:39:50.336625099 CEST1643523192.168.2.2375.233.180.84
      Aug 6, 2022 03:39:50.336628914 CEST1643523192.168.2.23192.87.97.151
      Aug 6, 2022 03:39:50.336627960 CEST1643523192.168.2.23144.225.47.161
      Aug 6, 2022 03:39:50.336648941 CEST1643523192.168.2.2317.226.45.220
      Aug 6, 2022 03:39:50.336673021 CEST1643523192.168.2.234.15.162.69
      Aug 6, 2022 03:39:50.336715937 CEST1643523192.168.2.23166.88.138.144
      Aug 6, 2022 03:39:50.336725950 CEST1643523192.168.2.23134.203.10.216
      Aug 6, 2022 03:39:50.336728096 CEST1643523192.168.2.23125.86.221.25
      Aug 6, 2022 03:39:50.336730957 CEST1643523192.168.2.23115.131.96.15
      Aug 6, 2022 03:39:50.336734056 CEST164352323192.168.2.23150.128.144.215
      Aug 6, 2022 03:39:50.336740017 CEST1643523192.168.2.2331.88.65.74
      Aug 6, 2022 03:39:50.336743116 CEST1643523192.168.2.2359.177.9.34
      Aug 6, 2022 03:39:50.336745977 CEST164352323192.168.2.23180.200.174.65
      Aug 6, 2022 03:39:50.336747885 CEST1643523192.168.2.2336.108.230.142
      Aug 6, 2022 03:39:50.336754084 CEST1643523192.168.2.23100.232.51.245
      Aug 6, 2022 03:39:50.336755037 CEST1643523192.168.2.2375.34.79.68
      Aug 6, 2022 03:39:50.336755037 CEST1643523192.168.2.2389.164.207.70
      Aug 6, 2022 03:39:50.336760998 CEST1643523192.168.2.2380.199.209.88
      Aug 6, 2022 03:39:50.336764097 CEST1643523192.168.2.23161.52.229.8
      Aug 6, 2022 03:39:50.336766958 CEST1643523192.168.2.23142.155.23.30
      Aug 6, 2022 03:39:50.336772919 CEST1643523192.168.2.2376.216.165.173
      Aug 6, 2022 03:39:50.336772919 CEST1643523192.168.2.23176.38.57.130
      Aug 6, 2022 03:39:50.336776972 CEST1643523192.168.2.23213.101.190.249
      Aug 6, 2022 03:39:50.336780071 CEST1643523192.168.2.2336.136.23.117
      Aug 6, 2022 03:39:50.336782932 CEST1643523192.168.2.23152.20.45.18
      Aug 6, 2022 03:39:50.336790085 CEST1643523192.168.2.23164.129.144.3
      Aug 6, 2022 03:39:50.336795092 CEST1643523192.168.2.23148.138.60.38
      Aug 6, 2022 03:39:50.336801052 CEST1643523192.168.2.23105.234.66.193
      Aug 6, 2022 03:39:50.336806059 CEST164352323192.168.2.23188.147.239.161
      Aug 6, 2022 03:39:50.336812973 CEST1643523192.168.2.23204.77.232.166
      Aug 6, 2022 03:39:50.336815119 CEST1643523192.168.2.23188.152.237.251
      Aug 6, 2022 03:39:50.336899042 CEST1643523192.168.2.2375.125.47.16
      Aug 6, 2022 03:39:50.336904049 CEST1643523192.168.2.2334.193.13.181
      Aug 6, 2022 03:39:50.336921930 CEST1643523192.168.2.23206.236.156.242
      Aug 6, 2022 03:39:50.336930037 CEST1643523192.168.2.23206.253.122.16
      Aug 6, 2022 03:39:50.336935997 CEST1643523192.168.2.23189.105.116.222
      Aug 6, 2022 03:39:50.336936951 CEST1643523192.168.2.2352.81.139.181
      Aug 6, 2022 03:39:50.336942911 CEST1643523192.168.2.23209.51.117.91
      Aug 6, 2022 03:39:50.336951017 CEST164352323192.168.2.234.240.93.235
      Aug 6, 2022 03:39:50.336985111 CEST1643523192.168.2.2376.102.245.107
      Aug 6, 2022 03:39:50.336987972 CEST1643523192.168.2.23135.21.43.46
      Aug 6, 2022 03:39:50.336996078 CEST1643523192.168.2.2373.56.237.30
      Aug 6, 2022 03:39:50.337002039 CEST1643523192.168.2.23211.39.59.27
      Aug 6, 2022 03:39:50.337003946 CEST1643523192.168.2.23207.234.188.210
      Aug 6, 2022 03:39:50.337007046 CEST1643523192.168.2.23170.188.61.213
      Aug 6, 2022 03:39:50.337009907 CEST1643523192.168.2.2324.21.12.224
      Aug 6, 2022 03:39:50.337011099 CEST1643523192.168.2.2318.133.69.96
      Aug 6, 2022 03:39:50.337017059 CEST1643523192.168.2.2331.140.80.60
      Aug 6, 2022 03:39:50.337025881 CEST164352323192.168.2.2319.59.142.250
      Aug 6, 2022 03:39:50.337028027 CEST1643523192.168.2.23150.186.134.194
      Aug 6, 2022 03:39:50.337069035 CEST1643523192.168.2.2398.9.92.76
      Aug 6, 2022 03:39:50.337074041 CEST1643523192.168.2.23209.112.143.202
      Aug 6, 2022 03:39:50.337097883 CEST1643523192.168.2.23104.29.194.227
      Aug 6, 2022 03:39:50.337097883 CEST1643523192.168.2.23101.180.239.4
      Aug 6, 2022 03:39:50.337097883 CEST1643523192.168.2.23104.15.9.40
      Aug 6, 2022 03:39:50.337105036 CEST1643523192.168.2.235.190.75.163
      Aug 6, 2022 03:39:50.337114096 CEST1643523192.168.2.2382.109.221.118
      Aug 6, 2022 03:39:50.337122917 CEST1643523192.168.2.2363.75.246.155

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Aug 6, 2022 03:39:50.335783958 CEST192.168.2.238.8.8.80xea4aStandard query (0)dosbot.inA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Aug 6, 2022 03:39:50.355911970 CEST8.8.8.8192.168.2.230xea4aNo error (0)dosbot.in204.76.203.200A (IP address)IN (0x0001)

      System Behavior

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/tmp/l9Tu5ojqkF
      Arguments:/tmp/l9Tu5ojqkF
      File size:54556 bytes
      MD5 hash:f1c2cf0a5213d5b79aab8902d0b8c9a2

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/tmp/l9Tu5ojqkF
      Arguments:n/a
      File size:54556 bytes
      MD5 hash:f1c2cf0a5213d5b79aab8902d0b8c9a2

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/tmp/l9Tu5ojqkF
      Arguments:n/a
      File size:54556 bytes
      MD5 hash:f1c2cf0a5213d5b79aab8902d0b8c9a2

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/tmp/l9Tu5ojqkF
      Arguments:n/a
      File size:54556 bytes
      MD5 hash:f1c2cf0a5213d5b79aab8902d0b8c9a2

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/tmp/l9Tu5ojqkF
      Arguments:n/a
      File size:54556 bytes
      MD5 hash:f1c2cf0a5213d5b79aab8902d0b8c9a2

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gvfsd-fuse
      Arguments:n/a
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/fusermount
      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
      File size:39144 bytes
      MD5 hash:576a1b135c82bdcbc97a91acea900566

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-wacom
      Arguments:/usr/libexec/gsd-wacom
      File size:39520 bytes
      MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-keyboard
      Arguments:/usr/libexec/gsd-keyboard
      File size:39760 bytes
      MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-color
      Arguments:/usr/libexec/gsd-color
      File size:92832 bytes
      MD5 hash:ac2861ad93ce047283e8e87cefef9a19

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-print-notifications
      Arguments:/usr/libexec/gsd-print-notifications
      File size:51840 bytes
      MD5 hash:71539698aa691718cee775d6b9450ae2

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-rfkill
      Arguments:/usr/libexec/gsd-rfkill
      File size:51808 bytes
      MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-smartcard
      Arguments:/usr/libexec/gsd-smartcard
      File size:109152 bytes
      MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:50
      Start date:06/08/2022
      Path:/usr/libexec/gsd-datetime
      Arguments:/usr/libexec/gsd-datetime
      File size:76736 bytes
      MD5 hash:d80d39745740de37d6634d36e344d4bc

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gsd-screensaver-proxy
      Arguments:/usr/libexec/gsd-screensaver-proxy
      File size:27232 bytes
      MD5 hash:77e309450c87dceee43f1a9e50cc0d02

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:50
      Start date:06/08/2022
      Path:/usr/libexec/gsd-a11y-settings
      Arguments:/usr/libexec/gsd-a11y-settings
      File size:23056 bytes
      MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:49
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/usr/libexec/gsd-sound
      Arguments:/usr/libexec/gsd-sound
      File size:31248 bytes
      MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

      General

      Start time:03:39:50
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:50
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/usr/libexec/gsd-power
      Arguments:/usr/libexec/gsd-power
      File size:88672 bytes
      MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/usr/libexec/gsd-housekeeping
      Arguments:/usr/libexec/gsd-housekeeping
      File size:51840 bytes
      MD5 hash:b55f3394a84976ddb92a2915e5d76914

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:03:39:51
      Start date:06/08/2022
      Path:/usr/libexec/gsd-media-keys
      Arguments:/usr/libexec/gsd-media-keys
      File size:232936 bytes
      MD5 hash:a425448c135afb4b8bfd79cc0b6b74da