Edit tour

Linux Analysis Report
notabotnet.mips

Overview

General Information

Sample Name:	notabotnet.mips
Analysis ID:	679629
MD5:	a2af0d91b6e84e614eda94b4e7b8cac4
SHA1:	10c1dee864fb8fdb1770f87065c72b4acef91368
SHA256:	7601ce34f58f7f8a7a046a0682a406e05ebe72f2cb0a3938cb166d1f3dfd2e6e
Tags:	Mirai
Infos:

Detection

Mirai

Score:	88
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Connects to many ports of the same IP (likely port scanning)

Uses known network protocols on non-standard ports

Yara signature match

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample has stripped symbol table

HTTP GET or POST without a user agent

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	679629
Start date and time: 06/08/202207:22:28	2022-08-06 07:22:28 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	notabotnet.mips
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal88.troj.linMIPS@0/0@1/0

Warnings

Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:	/tmp/notabotnet.mips
PID:	6226
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	xXxSlicexXxxVEGA.
Standard Error:

Process Tree

system is lnxubuntu20

notabotnet.mips (PID: 6226, Parent: 6121, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/notabotnet.mips

notabotnet.mips New Fork (PID: 6228, Parent: 6226)

notabotnet.mips New Fork (PID: 6229, Parent: 6226)

notabotnet.mips New Fork (PID: 6232, Parent: 6229)

notabotnet.mips New Fork (PID: 6233, Parent: 6229)

notabotnet.mips New Fork (PID: 6235, Parent: 6229)

notabotnet.mips New Fork (PID: 6239, Parent: 6229)

notabotnet.mips New Fork (PID: 6241, Parent: 6229)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
notabotnet.mips	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x17e8c:$xo1: Dfs`eeh&<'9 0x17f04:$xo1: Dfs`eeh&<'9 0x17f78:$xo1: Dfs`eeh&<'9 0x17fe8:$xo1: Dfs`eeh&<'9 0x18034:$xo1: Dfs`eeh&<'9
notabotnet.mips	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
6232.1.00007feda045a000.00007feda045b000.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x528:$xo1: Dfs`eeh&<'9 0x5a4:$xo1: Dfs`eeh&<'9 0x61c:$xo1: Dfs`eeh&<'9 0x690:$xo1: Dfs`eeh&<'9 0x6e0:$xo1: Dfs`eeh&<'9
6228.1.00007feda045a000.00007feda045b000.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x528:$xo1: Dfs`eeh&<'9 0x5a4:$xo1: Dfs`eeh&<'9 0x61c:$xo1: Dfs`eeh&<'9 0x690:$xo1: Dfs`eeh&<'9 0x6e0:$xo1: Dfs`eeh&<'9
6226.1.00007feda0400000.00007feda0419000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x17e8c:$xo1: Dfs`eeh&<'9 0x17f04:$xo1: Dfs`eeh&<'9 0x17f78:$xo1: Dfs`eeh&<'9 0x17fe8:$xo1: Dfs`eeh&<'9 0x18034:$xo1: Dfs`eeh&<'9
6226.1.00007feda0400000.00007feda0419000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6228.1.00007feda0400000.00007feda0419000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x17e8c:$xo1: Dfs`eeh&<'9 0x17f04:$xo1: Dfs`eeh&<'9 0x17f78:$xo1: Dfs`eeh&<'9 0x17fe8:$xo1: Dfs`eeh&<'9 0x18034:$xo1: Dfs`eeh&<'9
6228.1.00007feda0400000.00007feda0419000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6226.1.00007feda045a000.00007feda045b000.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x528:$xo1: Dfs`eeh&<'9 0x5a4:$xo1: Dfs`eeh&<'9 0x61c:$xo1: Dfs`eeh&<'9 0x690:$xo1: Dfs`eeh&<'9 0x6e0:$xo1: Dfs`eeh&<'9
6232.1.00007feda0400000.00007feda0419000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x17e8c:$xo1: Dfs`eeh&<'9 0x17f04:$xo1: Dfs`eeh&<'9 0x17f78:$xo1: Dfs`eeh&<'9 0x17fe8:$xo1: Dfs`eeh&<'9 0x18034:$xo1: Dfs`eeh&<'9
6232.1.00007feda0400000.00007feda0419000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: notabotnet.mips PID: 6226	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x1139:$xo1: Dfs`eeh&<'9 0x11af:$xo1: Dfs`eeh&<'9 0x1223:$xo1: Dfs`eeh&<'9 0x1292:$xo1: Dfs`eeh&<'9 0x12e7:$xo1: Dfs`eeh&<'9 0x135c:$xo1: Dfs`eeh&<'9 0x13cf:$xo1: Dfs`eeh&<'9 0x143d:$xo1: Dfs`eeh&<'9 0x1487:$xo1: Dfs`eeh&<'9 0x152f:$xo1: Dfs`eeh&<'9 0x54b5:$xo1: Dfs`eeh&<'9 0x552c:$xo1: Dfs`eeh&<'9 0x55a1:$xo1: Dfs`eeh&<'9 0x5611:$xo1: Dfs`eeh&<'9 0x563d:$xo1: Dfs`eeh&<'9 0x56b3:$xo1: Dfs`eeh&<'9 0x5727:$xo1: Dfs`eeh&<'9 0x5796:$xo1: Dfs`eeh&<'9 0x57e1:$xo1: Dfs`eeh&<'9 0x588b:$xo1: Dfs`eeh&<'9
Process Memory Space: notabotnet.mips PID: 6226	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: notabotnet.mips PID: 6228	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x1741:$xo1: Dfs`eeh&<'9 0x17b7:$xo1: Dfs`eeh&<'9 0x182b:$xo1: Dfs`eeh&<'9 0x189a:$xo1: Dfs`eeh&<'9 0x18ef:$xo1: Dfs`eeh&<'9 0x1964:$xo1: Dfs`eeh&<'9 0x19d7:$xo1: Dfs`eeh&<'9 0x1a45:$xo1: Dfs`eeh&<'9 0x1a8f:$xo1: Dfs`eeh&<'9 0x1b37:$xo1: Dfs`eeh&<'9 0x2023:$xo1: Dfs`eeh&<'9 0x209a:$xo1: Dfs`eeh&<'9 0x210f:$xo1: Dfs`eeh&<'9 0x217f:$xo1: Dfs`eeh&<'9 0x21ab:$xo1: Dfs`eeh&<'9 0x2221:$xo1: Dfs`eeh&<'9 0x2295:$xo1: Dfs`eeh&<'9 0x2304:$xo1: Dfs`eeh&<'9 0x234f:$xo1: Dfs`eeh&<'9 0x23f9:$xo1: Dfs`eeh&<'9
Process Memory Space: notabotnet.mips PID: 6228	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: notabotnet.mips PID: 6232	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x6ba:$xo1: Dfs`eeh&<'9 0x731:$xo1: Dfs`eeh&<'9 0x7a6:$xo1: Dfs`eeh&<'9 0x816:$xo1: Dfs`eeh&<'9 0x842:$xo1: Dfs`eeh&<'9 0x8b8:$xo1: Dfs`eeh&<'9 0x92c:$xo1: Dfs`eeh&<'9 0x99b:$xo1: Dfs`eeh&<'9 0x9e6:$xo1: Dfs`eeh&<'9 0xa90:$xo1: Dfs`eeh&<'9 0x5826:$xo1: Dfs`eeh&<'9 0x589c:$xo1: Dfs`eeh&<'9 0x5910:$xo1: Dfs`eeh&<'9 0x597f:$xo1: Dfs`eeh&<'9 0x59d4:$xo1: Dfs`eeh&<'9 0x5a49:$xo1: Dfs`eeh&<'9 0x5abc:$xo1: Dfs`eeh&<'9 0x5b2a:$xo1: Dfs`eeh&<'9 0x5b74:$xo1: Dfs`eeh&<'9 0x5c1c:$xo1: Dfs`eeh&<'9
Process Memory Space: notabotnet.mips PID: 6232	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Click to see the 10 entries

Snort Signatures

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.90.218

Timestamp:	192.168.2.23156.226.90.21852826372152835222 08/06/22-07:23:16.432753
SID:	2835222
Source Port:	52826
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.119.160

Timestamp:	192.168.2.23156.250.119.16041654372152835222 08/06/22-07:23:27.011828
SID:	2835222
Source Port:	41654
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.214.103.132

Timestamp:	192.168.2.23197.214.103.13250728372152835222 08/06/22-07:23:53.676873
SID:	2835222
Source Port:	50728
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET DNS Query to a .tk domain - Likely Hostile - Source IP: 192.168.2.23 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.238.8.8.849581532012811 08/06/22-07:23:14.095323
SID:	2012811
Source Port:	49581
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.92.165

Timestamp:	192.168.2.23156.250.92.16538646372152835222 08/06/22-07:23:40.260566
SID:	2835222
Source Port:	38646
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.244.80.94

Timestamp:	192.168.2.23156.244.80.9459200372152835222 08/06/22-07:23:39.639416
SID:	2835222
Source Port:	59200
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.11.15

Timestamp:	192.168.2.23156.226.11.1552072372152835222 08/06/22-07:23:43.667446
SID:	2835222
Source Port:	52072
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.245.51.25

Timestamp:	192.168.2.23156.245.51.2550694372152835222 08/06/22-07:23:39.952103
SID:	2835222
Source Port:	50694
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.79.89

Timestamp:	192.168.2.23156.254.79.8953116372152835222 08/06/22-07:24:04.605598
SID:	2835222
Source Port:	53116
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.102.132

Timestamp:	192.168.2.23156.235.102.13237424372152835222 08/06/22-07:23:43.645321
SID:	2835222
Source Port:	37424
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.122.40

Timestamp:	192.168.2.23156.250.122.4049938372152835222 08/06/22-07:23:27.033187
SID:	2835222
Source Port:	49938
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.27.134

Timestamp:	192.168.2.23156.226.27.13433390372152835222 08/06/22-07:24:04.960889
SID:	2835222
Source Port:	33390
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.244.72.40

Timestamp:	192.168.2.23156.244.72.4047196372152835222 08/06/22-07:23:53.439628
SID:	2835222
Source Port:	47196
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.244.109.94

Timestamp:	192.168.2.23156.244.109.9445444372152835222 08/06/22-07:23:29.654745
SID:	2835222
Source Port:	45444
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.90.241

Timestamp:	192.168.2.23156.226.90.24160120372152835222 08/06/22-07:23:53.442635
SID:	2835222
Source Port:	60120
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.103.88

Timestamp:	192.168.2.23156.250.103.8844052372152835222 08/06/22-07:24:04.660457
SID:	2835222
Source Port:	44052
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.224.11.12

Timestamp:	192.168.2.23156.224.11.1233306372152835222 08/06/22-07:24:04.797279
SID:	2835222
Source Port:	33306
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.241.133.165

Timestamp:	192.168.2.23156.241.133.16536340372152835222 08/06/22-07:23:39.554681
SID:	2835222
Source Port:	36340
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.113.198

Timestamp:	192.168.2.23156.250.113.19853300372152835222 08/06/22-07:23:27.034689
SID:	2835222
Source Port:	53300
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.48.52

Timestamp:	192.168.2.23156.254.48.5241742372152835222 08/06/22-07:23:29.567245
SID:	2835222
Source Port:	41742
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.74.27

Timestamp:	192.168.2.23156.250.74.2750752372152835222 08/06/22-07:23:16.433919
SID:	2835222
Source Port:	50752
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.82.58

Timestamp:	192.168.2.23156.226.82.5851288372152835222 08/06/22-07:23:53.744332
SID:	2835222
Source Port:	51288
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.224.29.157

Timestamp:	192.168.2.23156.224.29.15750298372152835222 08/06/22-07:24:10.214896
SID:	2835222
Source Port:	50298
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.84.107

Timestamp:	192.168.2.23156.226.84.10759142372152835222 08/06/22-07:23:53.439665
SID:	2835222
Source Port:	59142
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.241.91.214

Timestamp:	192.168.2.23156.241.91.21454440372152835222 08/06/22-07:23:33.249369
SID:	2835222
Source Port:	54440
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.244.110.224

Timestamp:	192.168.2.23156.244.110.22454676372152835222 08/06/22-07:23:59.102835
SID:	2835222
Source Port:	54676
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.241.125.36

Timestamp:	192.168.2.23156.241.125.3655416372152835222 08/06/22-07:23:53.476267
SID:	2835222
Source Port:	55416
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.245.55.200

Timestamp:	192.168.2.23156.245.55.20053560372152835222 08/06/22-07:24:04.679076
SID:	2835222
Source Port:	53560
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.98.226

Timestamp:	192.168.2.23156.226.98.22635010372152835222 08/06/22-07:23:33.273831
SID:	2835222
Source Port:	35010
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.79.6

Timestamp:	192.168.2.23156.250.79.649098372152835222 08/06/22-07:23:27.034355
SID:	2835222
Source Port:	49098
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.18.224

Timestamp:	192.168.2.23156.250.18.22450598372152835222 08/06/22-07:23:53.729151
SID:	2835222
Source Port:	50598
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.230.20.31

Timestamp:	192.168.2.23156.230.20.3152534372152835222 08/06/22-07:23:27.220458
SID:	2835222
Source Port:	52534
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.238.63.45

Timestamp:	192.168.2.23156.238.63.4542572372152835222 08/06/22-07:23:27.305057
SID:	2835222
Source Port:	42572
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.234.61.235

Timestamp:	192.168.2.23197.234.61.23542192372152835222 08/06/22-07:23:31.722171
SID:	2835222
Source Port:	42192
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.241.66.242

Timestamp:	192.168.2.23156.241.66.24244510372152835222 08/06/22-07:23:29.651725
SID:	2835222
Source Port:	44510
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.9.158

Timestamp:	192.168.2.23156.250.9.15837962372152835222 08/06/22-07:24:04.676872
SID:	2835222
Source Port:	37962
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.97.94

Timestamp:	192.168.2.23156.235.97.9458838372152835222 08/06/22-07:23:39.548075
SID:	2835222
Source Port:	58838
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.96.124

Timestamp:	192.168.2.23156.235.96.12434606372152835222 08/06/22-07:23:43.645351
SID:	2835222
Source Port:	34606
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.224.20.130

Timestamp:	192.168.2.23156.224.20.13050850372152835222 08/06/22-07:23:53.608016
SID:	2835222
Source Port:	50850
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.224.13.140

Timestamp:	192.168.2.23156.224.13.14060786372152835222 08/06/22-07:24:02.348307
SID:	2835222
Source Port:	60786
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.245.34.63

Timestamp:	192.168.2.23156.245.34.6360668372152835222 08/06/22-07:23:39.647282
SID:	2835222
Source Port:	60668
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.244.119.22

Timestamp:	192.168.2.23156.244.119.2252904372152835222 08/06/22-07:23:27.039494
SID:	2835222
Source Port:	52904
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.103.26

Timestamp:	192.168.2.23156.226.103.2647596372152835222 08/06/22-07:23:27.316869
SID:	2835222
Source Port:	47596
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.241.90.38

Timestamp:	192.168.2.23156.241.90.3842742372152835222 08/06/22-07:23:39.649878
SID:	2835222
Source Port:	42742
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.226.96.33

Timestamp:	192.168.2.23156.226.96.3347718372152835222 08/06/22-07:23:40.227571
SID:	2835222
Source Port:	47718
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.65.100

Timestamp:	192.168.2.23156.250.65.10041802372152835222 08/06/22-07:23:52.152505
SID:	2835222
Source Port:	41802
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.115.61

Timestamp:	192.168.2.23156.250.115.6136870372152835222 08/06/22-07:23:33.241907
SID:	2835222
Source Port:	36870
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.244.124.47

Timestamp:	192.168.2.23156.244.124.4735554372152835222 08/06/22-07:23:39.639516
SID:	2835222
Source Port:	35554
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.245.59.247

Timestamp:	192.168.2.23156.245.59.24755638372152835222 08/06/22-07:23:40.240392
SID:	2835222
Source Port:	55638
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.246.131.18

Timestamp:	192.168.2.23197.246.131.1855182372152835222 08/06/22-07:23:50.863914
SID:	2835222
Source Port:	55182
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.250.116.151

Timestamp:	192.168.2.23156.250.116.15154632372152835222 08/06/22-07:23:53.717828
SID:	2835222
Source Port:	54632
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: notabotnet.mips

Avira: detected

Multi AV Scanner detection for submitted file

Source: notabotnet.mips	Virustotal: Detection: 62%	Perma Link
Source: notabotnet.mips	Metadefender: Detection: 42%	Perma Link
Source: notabotnet.mips	ReversingLabs: Detection: 73%

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2012811 ET DNS Query to a .tk domain - Likely Hostile 192.168.2.23:49581 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52826 -> 156.226.90.218:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50752 -> 156.250.74.27:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41654 -> 156.250.119.160:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49938 -> 156.250.122.40:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49098 -> 156.250.79.6:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53300 -> 156.250.113.198:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52904 -> 156.244.119.22:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52534 -> 156.230.20.31:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42572 -> 156.238.63.45:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47596 -> 156.226.103.26:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41742 -> 156.254.48.52:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:44510 -> 156.241.66.242:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:45444 -> 156.244.109.94:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42192 -> 197.234.61.235:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36870 -> 156.250.115.61:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54440 -> 156.241.91.214:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35010 -> 156.226.98.226:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58838 -> 156.235.97.94:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36340 -> 156.241.133.165:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:59200 -> 156.244.80.94:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:35554 -> 156.244.124.47:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:60668 -> 156.245.34.63:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:42742 -> 156.241.90.38:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50694 -> 156.245.51.25:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47718 -> 156.226.96.33:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55638 -> 156.245.59.247:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:38646 -> 156.250.92.165:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:37424 -> 156.235.102.132:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:34606 -> 156.235.96.124:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52072 -> 156.226.11.15:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55182 -> 197.246.131.18:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:41802 -> 156.250.65.100:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47196 -> 156.244.72.40:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:59142 -> 156.226.84.107:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:60120 -> 156.226.90.241:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55416 -> 156.241.125.36:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50850 -> 156.224.20.130:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50728 -> 197.214.103.132:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54632 -> 156.250.116.151:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50598 -> 156.250.18.224:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:51288 -> 156.226.82.58:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54676 -> 156.244.110.224:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:60786 -> 156.224.13.140:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53116 -> 156.254.79.89:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:44052 -> 156.250.103.88:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:37962 -> 156.250.9.158:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53560 -> 156.245.55.200:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:33306 -> 156.224.11.12:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:33390 -> 156.226.27.134:37215
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50298 -> 156.224.29.157:37215

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 197.176.172.239 ports 1,2,3,5,7,37215

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50752 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 47168 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42572 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44510 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36870 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54440 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40022 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58838 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55638 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38646 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55816 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37424 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37424 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37424 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37424 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55182 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 55182
Source: unknown	Network traffic detected: HTTP traffic on port 37424 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55416 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54676 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33306 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45746 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37222 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57996 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56566 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36718 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51624 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 5500 -> 51624
Source: unknown	Network traffic detected: HTTP traffic on port 46738 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 52904 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49098 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47596 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45444 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35244 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39082 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38072 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35554 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35010 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41908 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38590 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36628 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53266 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36628 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53266 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 34756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36628 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53266 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37538 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38548 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38548 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36628 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53266 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 39886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38548 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52664 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35900 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40890 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45420 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38152 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60870 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56200 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56384 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 54632 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59142 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60120 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41742 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 5500 -> 56384
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40890 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60870 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38152 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40890 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34606 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48918 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38548 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38152 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60870 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34756 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36500 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36628 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40890 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37680 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53266 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38152 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60870 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51590 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44344 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37882 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 41370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40890 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51590 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44344 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38548 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52224 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54378 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45244 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44344 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51590 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54378 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33390 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44052 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38152 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60870 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35234 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54378 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46526 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53560 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44344 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51590 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54378 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45634 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 36628 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53266 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45634 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 40890 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47552 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34650 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50450 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46208 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45634 -> 5500
Source: unknown	Network traffic detected: HTTP traffic on port 47552 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34650 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50450 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44344 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51590 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46208 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47552 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34650 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39886 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50450 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46208 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38548 -> 37215

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report
notabotnet.mips

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report notabotnet.mips

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

Linux Analysis Report
notabotnet.mips