Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
notabotnet.arm

Overview

General Information

Sample Name:notabotnet.arm
Analysis ID:679628
MD5:d8edb88e8280e241f06c014b85d0362f
SHA1:d9262e6ab9d9a92342fff5fe38758f59b37a1561
SHA256:4d365f4c4e3f94622f7e7fd786ba773de51f4bd41ecf9ff2295f3628ab5c440c
Tags:Mirai
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample has stripped symbol table
HTTP GET or POST without a user agent
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:679628
Start date and time: 06/08/202207:18:312022-08-06 07:18:31 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 11s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:notabotnet.arm
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal80.troj.linARM@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:/tmp/notabotnet.arm
PID:6236
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
xXxSlicexXxxVEGA.
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
notabotnet.armSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x12fa8:$xo1: Dfs`eeh&<'9
  • 0x13020:$xo1: Dfs`eeh&<'9
  • 0x13094:$xo1: Dfs`eeh&<'9
  • 0x13104:$xo1: Dfs`eeh&<'9
  • 0x13150:$xo1: Dfs`eeh&<'9
notabotnet.armJoeSecurity_Mirai_6Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6238.1.00007f5fa8033000.00007f5fa8034000.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x528:$xo1: Dfs`eeh&<'9
    • 0x5a4:$xo1: Dfs`eeh&<'9
    • 0x61c:$xo1: Dfs`eeh&<'9
    • 0x690:$xo1: Dfs`eeh&<'9
    • 0x6e0:$xo1: Dfs`eeh&<'9
    6241.1.00007f5fa8032000.00007f5fa8033000.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x20:$xo1: Dfs`eeh&<'9
    • 0x94:$xo1: Dfs`eeh&<'9
    • 0x104:$xo1: Dfs`eeh&<'9
    • 0x150:$xo1: Dfs`eeh&<'9
    6241.1.00007f5fa8017000.00007f5fa802b000.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x12fa8:$xo1: Dfs`eeh&<'9
    • 0x13020:$xo1: Dfs`eeh&<'9
    • 0x13094:$xo1: Dfs`eeh&<'9
    • 0x13104:$xo1: Dfs`eeh&<'9
    • 0x13150:$xo1: Dfs`eeh&<'9
    6241.1.00007f5fa8017000.00007f5fa802b000.r-x.sdmpJoeSecurity_Mirai_6Yara detected MiraiJoe Security
      6236.1.00007f5fa8017000.00007f5fa802b000.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
      • 0x12fa8:$xo1: Dfs`eeh&<'9
      • 0x13020:$xo1: Dfs`eeh&<'9
      • 0x13094:$xo1: Dfs`eeh&<'9
      • 0x13104:$xo1: Dfs`eeh&<'9
      • 0x13150:$xo1: Dfs`eeh&<'9
      Click to see the 13 entries

      Snort Signatures

      Timestamp:192.168.2.23156.235.104.4736334372152835222 08/06/22-07:19:52.220960
      SID:2835222
      Source Port:36334
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.235.104.8557800372152835222 08/06/22-07:19:39.853691
      SID:2835222
      Source Port:57800
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.65.12841678372152835222 08/06/22-07:21:20.512607
      SID:2835222
      Source Port:41678
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.116.4442230372152835222 08/06/22-07:20:00.956884
      SID:2835222
      Source Port:42230
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.69.14655152372152835222 08/06/22-07:19:39.989567
      SID:2835222
      Source Port:55152
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.33.13954504372152835222 08/06/22-07:19:52.314965
      SID:2835222
      Source Port:54504
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.28.17152738372152835222 08/06/22-07:20:29.967484
      SID:2835222
      Source Port:52738
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.224.31.17037664372152835222 08/06/22-07:20:49.079922
      SID:2835222
      Source Port:37664
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.102.10536504372152835222 08/06/22-07:20:29.956914
      SID:2835222
      Source Port:36504
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.230.19.3534282372152835222 08/06/22-07:20:27.532804
      SID:2835222
      Source Port:34282
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.70.12841324372152835222 08/06/22-07:21:02.363370
      SID:2835222
      Source Port:41324
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.55.1057952372152835222 08/06/22-07:19:21.831672
      SID:2835222
      Source Port:57952
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.254.109.8743916372152835222 08/06/22-07:20:06.945366
      SID:2835222
      Source Port:43916
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.115.24033420372152835222 08/06/22-07:21:20.543254
      SID:2835222
      Source Port:33420
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.100.8457436372152835222 08/06/22-07:20:06.851930
      SID:2835222
      Source Port:57436
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.99.1735304372152835222 08/06/22-07:19:43.361911
      SID:2835222
      Source Port:35304
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.225.145.14155966372152835222 08/06/22-07:19:46.935588
      SID:2835222
      Source Port:55966
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.238.8.8.853706532012811 08/06/22-07:19:18.475451
      SID:2012811
      Source Port:53706
      Destination Port:53
      Protocol:UDP
      Classtype:Potentially Bad Traffic
      Timestamp:192.168.2.23156.224.19.22252936372152835222 08/06/22-07:20:06.720074
      SID:2835222
      Source Port:52936
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.224.9.20653706372152835222 08/06/22-07:19:24.221104
      SID:2835222
      Source Port:53706
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.56.12560782372152835222 08/06/22-07:21:11.092379
      SID:2835222
      Source Port:60782
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.75.22833396372152835222 08/06/22-07:19:39.967769
      SID:2835222
      Source Port:33396
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.94.10446054372152835222 08/06/22-07:20:46.861808
      SID:2835222
      Source Port:46054
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.93.4250026372152835222 08/06/22-07:19:43.368461
      SID:2835222
      Source Port:50026
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.238.15.20444758372152835222 08/06/22-07:20:23.994081
      SID:2835222
      Source Port:44758
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.36.18148390372152835222 08/06/22-07:21:07.429076
      SID:2835222
      Source Port:48390
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.60.14053584372152835222 08/06/22-07:20:24.016463
      SID:2835222
      Source Port:53584
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.30.16142840372152835222 08/06/22-07:21:13.813244
      SID:2835222
      Source Port:42840
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.235.104.13638016372152835222 08/06/22-07:21:07.325992
      SID:2835222
      Source Port:38016
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.125.13656354372152835222 08/06/22-07:21:02.342117
      SID:2835222
      Source Port:56354
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.15.22444224372152835222 08/06/22-07:20:46.875148
      SID:2835222
      Source Port:44224
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.230.25.4052572372152835222 08/06/22-07:20:01.144639
      SID:2835222
      Source Port:52572
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.103.12046710372152835222 08/06/22-07:20:29.963710
      SID:2835222
      Source Port:46710
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.125.138204372152835222 08/06/22-07:20:00.952733
      SID:2835222
      Source Port:38204
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.91.24040938372152835222 08/06/22-07:19:24.295713
      SID:2835222
      Source Port:40938
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.254.111.15043388372152835222 08/06/22-07:20:01.152294
      SID:2835222
      Source Port:43388
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.254.90.13632874372152835222 08/06/22-07:19:24.221072
      SID:2835222
      Source Port:32874
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.74.5945650372152835222 08/06/22-07:21:17.178265
      SID:2835222
      Source Port:45650
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.247.17.6852950372152835222 08/06/22-07:19:25.518855
      SID:2835222
      Source Port:52950
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.81.2057262372152835222 08/06/22-07:20:46.869967
      SID:2835222
      Source Port:57262
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.225.156.15546128372152835222 08/06/22-07:21:13.807326
      SID:2835222
      Source Port:46128
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.72.21758034372152835222 08/06/22-07:20:49.212460
      SID:2835222
      Source Port:58034
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.84.7160110372152835222 08/06/22-07:19:25.876818
      SID:2835222
      Source Port:60110
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23197.234.43.15149334372152835222 08/06/22-07:19:52.351873
      SID:2835222
      Source Port:49334
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.69.10653374372152835222 08/06/22-07:19:29.489873
      SID:2835222
      Source Port:53374
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23197.246.248.12934130372152835222 08/06/22-07:20:39.259211
      SID:2835222
      Source Port:34130
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.235.111.19760086372152835222 08/06/22-07:21:07.326010
      SID:2835222
      Source Port:60086
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.33.12842834372152835222 08/06/22-07:20:07.122992
      SID:2835222
      Source Port:42834
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.84.21634314372152835222 08/06/22-07:21:13.530696
      SID:2835222
      Source Port:34314
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.111.24038052372152835222 08/06/22-07:21:07.604064
      SID:2835222
      Source Port:38052
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.254.91.4356600372152835222 08/06/22-07:19:52.243025
      SID:2835222
      Source Port:56600
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.72.16849466372152835222 08/06/22-07:20:00.976466
      SID:2835222
      Source Port:49466
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.224.22.9337258372152835222 08/06/22-07:19:46.797331
      SID:2835222
      Source Port:37258
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.4.2133800372152835222 08/06/22-07:19:29.496580
      SID:2835222
      Source Port:33800
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.36.5059962372152835222 08/06/22-07:20:07.124180
      SID:2835222
      Source Port:59962
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.252.26.14232834372152835222 08/06/22-07:19:29.389161
      SID:2835222
      Source Port:32834
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.34.11347958372152835222 08/06/22-07:20:53.752304
      SID:2835222
      Source Port:47958
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.235.105.17158120372152835222 08/06/22-07:20:00.838160
      SID:2835222
      Source Port:58120
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.235.106.23238052372152835222 08/06/22-07:19:46.804785
      SID:2835222
      Source Port:38052
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.235.101.9851636372152835222 08/06/22-07:21:11.184192
      SID:2835222
      Source Port:51636
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.254.34.11539034372152835222 08/06/22-07:20:06.738093
      SID:2835222
      Source Port:39034
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.67.17139928372152835222 08/06/22-07:20:54.031258
      SID:2835222
      Source Port:39928
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.245.33.7240872372152835222 08/06/22-07:19:43.361861
      SID:2835222
      Source Port:40872
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.224.15.453854372152835222 08/06/22-07:19:43.569760
      SID:2835222
      Source Port:53854
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.101.19635582372152835222 08/06/22-07:19:52.333819
      SID:2835222
      Source Port:35582
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23197.238.136.19433464372152835222 08/06/22-07:20:51.343241
      SID:2835222
      Source Port:33464
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.225.153.22651524372152835222 08/06/22-07:19:30.088494
      SID:2835222
      Source Port:51524
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.227.241.6543306372152835222 08/06/22-07:19:24.221136
      SID:2835222
      Source Port:43306
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.240.104.17051482372152835222 08/06/22-07:21:11.008228
      SID:2835222
      Source Port:51482
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.8.15538456372152835222 08/06/22-07:21:02.280154
      SID:2835222
      Source Port:38456
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.84.16735050372152835222 08/06/22-07:19:25.593415
      SID:2835222
      Source Port:35050
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.238.60.2147264372152835222 08/06/22-07:20:06.840968
      SID:2835222
      Source Port:47264
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.90.4941258372152835222 08/06/22-07:20:04.503966
      SID:2835222
      Source Port:41258
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.127.7536324372152835222 08/06/22-07:19:26.178572
      SID:2835222
      Source Port:36324
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.33.5942952372152835222 08/06/22-07:19:27.174349
      SID:2835222
      Source Port:42952
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.74.19541006372152835222 08/06/22-07:20:04.504021
      SID:2835222
      Source Port:41006
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.124.1149526372152835222 08/06/22-07:20:27.641269
      SID:2835222
      Source Port:49526
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.72.5148544372152835222 08/06/22-07:19:30.062165
      SID:2835222
      Source Port:48544
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.90.7934776372152835222 08/06/22-07:21:02.337983
      SID:2835222
      Source Port:34776
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.35.14742074372152835222 08/06/22-07:21:04.689014
      SID:2835222
      Source Port:42074
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.225.148.3636882372152835222 08/06/22-07:20:49.212415
      SID:2835222
      Source Port:36882
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.67.22337336372152835222 08/06/22-07:19:32.414471
      SID:2835222
      Source Port:37336
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.244.103.6132964372152835222 08/06/22-07:21:13.529327
      SID:2835222
      Source Port:32964
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.105.25554474372152835222 08/06/22-07:19:26.154807
      SID:2835222
      Source Port:54474
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.224.21.15147910372152835222 08/06/22-07:19:29.389496
      SID:2835222
      Source Port:47910
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.113.050732372152835222 08/06/22-07:20:24.003561
      SID:2835222
      Source Port:50732
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.118.23247680372152835222 08/06/22-07:21:04.696969
      SID:2835222
      Source Port:47680
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.240.110.11258798372152835222 08/06/22-07:19:32.332687
      SID:2835222
      Source Port:58798
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.105.6854090372152835222 08/06/22-07:20:58.709810
      SID:2835222
      Source Port:54090
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.114.8253964372152835222 08/06/22-07:20:46.873374
      SID:2835222
      Source Port:53964
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.69.25157096372152835222 08/06/22-07:21:13.836375
      SID:2835222
      Source Port:57096
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.19.19034684372152835222 08/06/22-07:21:20.519259
      SID:2835222
      Source Port:34684
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.250.66.24648736372152835222 08/06/22-07:19:25.592979
      SID:2835222
      Source Port:48736
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.254.68.6639534372152835222 08/06/22-07:21:13.731473
      SID:2835222
      Source Port:39534
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.226.76.12758024372152835222 08/06/22-07:21:07.140930
      SID:2835222
      Source Port:58024
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.83.24846166372152835222 08/06/22-07:19:29.498077
      SID:2835222
      Source Port:46166
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.107.10435974372152835222 08/06/22-07:21:00.015237
      SID:2835222
      Source Port:35974
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.241.89.4442634372152835222 08/06/22-07:19:39.964819
      SID:2835222
      Source Port:42634
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.2.23156.227.247.9935490372152835222 08/06/22-07:19:32.332760
      SID:2835222
      Source Port:35490
      Destination Port:37215
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: notabotnet.armAvira: detected
      Multi AV Scanner detection for submitted file
      Source: notabotnet.armVirustotal: Detection: 54%Perma Link
      Source: notabotnet.armMetadefender: Detection: 40%Perma Link
      Source: notabotnet.armReversingLabs: Detection: 65%

      Networking

      barindex
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2012811 ET DNS Query to a .tk domain - Likely Hostile 192.168.2.23:53706 -> 8.8.8.8:53
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57952 -> 156.245.55.10:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:32874 -> 156.254.90.136:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53706 -> 156.224.9.206:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:43306 -> 156.227.241.65:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:40938 -> 156.241.91.240:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52950 -> 156.247.17.68:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:48736 -> 156.250.66.246:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35050 -> 156.244.84.167:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:60110 -> 156.241.84.71:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54474 -> 156.250.105.255:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36324 -> 156.250.127.75:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42952 -> 156.226.33.59:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:32834 -> 156.252.26.142:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47910 -> 156.224.21.151:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53374 -> 156.244.69.106:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:33800 -> 156.250.4.21:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46166 -> 156.241.83.248:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:48544 -> 156.244.72.51:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:51524 -> 156.225.153.226:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58798 -> 156.240.110.112:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35490 -> 156.227.247.99:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:37336 -> 156.241.67.223:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57800 -> 156.235.104.85:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42634 -> 156.241.89.44:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:33396 -> 156.226.75.228:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55152 -> 156.250.69.146:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:40872 -> 156.245.33.72:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35304 -> 156.241.99.17:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50026 -> 156.244.93.42:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53854 -> 156.224.15.4:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:37258 -> 156.224.22.93:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:38052 -> 156.235.106.232:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55966 -> 156.225.145.141:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36334 -> 156.235.104.47:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:56600 -> 156.254.91.43:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54504 -> 156.245.33.139:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35582 -> 156.244.101.196:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49334 -> 197.234.43.151:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58120 -> 156.235.105.171:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:38204 -> 156.244.125.1:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42230 -> 156.241.116.44:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49466 -> 156.226.72.168:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52572 -> 156.230.25.40:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:43388 -> 156.254.111.150:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41258 -> 156.241.90.49:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41006 -> 156.244.74.195:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52936 -> 156.224.19.222:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39034 -> 156.254.34.115:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47264 -> 156.238.60.21:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57436 -> 156.250.100.84:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:43916 -> 156.254.109.87:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42834 -> 156.226.33.128:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:59962 -> 156.245.36.50:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:44758 -> 156.238.15.204:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50732 -> 156.250.113.0:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53584 -> 156.245.60.140:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:34282 -> 156.230.19.35:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49526 -> 156.250.124.11:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36504 -> 156.250.102.105:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46710 -> 156.241.103.120:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52738 -> 156.250.28.171:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:34130 -> 197.246.248.129:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46054 -> 156.250.94.104:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57262 -> 156.241.81.20:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53964 -> 156.241.114.82:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:44224 -> 156.250.15.224:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:37664 -> 156.224.31.170:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36882 -> 156.225.148.36:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58034 -> 156.226.72.217:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:33464 -> 197.238.136.194:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47958 -> 156.245.34.113:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39928 -> 156.244.67.171:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54090 -> 156.226.105.68:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35974 -> 156.241.107.104:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:38456 -> 156.241.8.155:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:34776 -> 156.244.90.79:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:56354 -> 156.241.125.136:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41324 -> 156.250.70.128:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42074 -> 156.226.35.147:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47680 -> 156.241.118.232:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58024 -> 156.226.76.127:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:38016 -> 156.235.104.136:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:60086 -> 156.235.111.197:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:48390 -> 156.245.36.181:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:38052 -> 156.226.111.240:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:51482 -> 156.240.104.170:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:60782 -> 156.245.56.125:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:51636 -> 156.235.101.98:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:32964 -> 156.244.103.61:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:34314 -> 156.250.84.216:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39534 -> 156.254.68.66:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46128 -> 156.225.156.155:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42840 -> 156.226.30.161:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:57096 -> 156.226.69.251:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:45650 -> 156.241.74.59:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41678 -> 156.241.65.128:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:34684 -> 156.250.19.190:37215
      Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:33420 -> 156.250.115.240:37215
      Connects to many ports of the same IP (likely port scanning)
      Source: global trafficTCP traffic: 197.9.62.179 ports 1,2,3,5,7,37215
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 47062 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53706 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 43306 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 40938 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53706 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 43306 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 52950 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 48736 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 60110 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54474 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 36324 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53706 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 43306 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 42952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 60110 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54474 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 60110 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53706 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54474 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 43306 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32834 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 47910 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53374 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46166 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 42764 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 48544 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32834 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 47910 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46166 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32834 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 39106 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 5500 -> 39106
      Source: unknownNetwork traffic detected: HTTP traffic on port 47910 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 48544 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 58798 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35490 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37336 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54474 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 60110 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46166 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 48544 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32834 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 58798 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 47910 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53706 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 43306 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 58798 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46166 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 58798 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 48544 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32834 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 47910 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 60110 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54474 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 42634 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33396 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 58798 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 42634 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33396 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33396 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 42634 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46166 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 40872 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35304 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53854 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 48544 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53706 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 43306 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 40872 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35304 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 32834 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 42634 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 40872 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35304 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 33396 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37258 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 38052 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55966 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37258 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 38052 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57800 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55966 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37258 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 38052 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 40872 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 58798 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35304 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55966 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37258 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 38052 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 36334 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 56600 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54504 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 35582 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 49334 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 36334 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54474 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 59064 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 42634 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 60110 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 59064 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 33396 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 54504 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 59064 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 36334 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55966 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 59064 -> 5500
      Source: unknownNetwork traffic detected: HTTP traffic on port 37258 -> 37215
      Source: unknownNetwork traffic detected: