Linux Analysis Report
2DbzKHhgOH

Overview

General Information

Sample Name: 2DbzKHhgOH
Analysis ID: 680657
MD5: 91e1ba2317dac69005bd8f5494297730
SHA1: 314ac7afbe482e1a412632950bc03f5d00bd6e0a
SHA256: 7610f435e009a531631ad480f342b21b87e56c05ac55d66ad99a1a3e5523fad2
Tags: 32elfmiraisparc
Infos:

Detection

Mirai
Score: 76
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Yara signature match
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 2DbzKHhgOH Virustotal: Detection: 56% Perma Link
Source: 2DbzKHhgOH ReversingLabs: Detection: 53%

Networking
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54828
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 39698
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 39834
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55020
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 39992
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55224
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40170
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55448
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40338
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55666
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40516
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40672
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55858
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40822
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56052
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40984
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56248
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41152
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56440
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56628
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57026
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57320
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57462
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57602
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57758
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57912
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 58058
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 58194
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 58346
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:35686 -> 208.67.106.33:1312
Sample listens on a socket
Source: /tmp/2DbzKHhgOH (PID: 6226) Socket: 0.0.0.0::0 Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) Socket: 0.0.0.0::23 Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) Socket: 0.0.0.0::53413 Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) Socket: 0.0.0.0::80 Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) Socket: 0.0.0.0::52869 Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) Socket: 0.0.0.0::37215 Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) Socket: 0.0.0.0::0 Jump to behavior
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 208.67.106.33
Source: unknown TCP traffic detected without corresponding DNS query: 103.192.46.127
Source: unknown TCP traffic detected without corresponding DNS query: 34.201.192.127
Source: unknown TCP traffic detected without corresponding DNS query: 37.34.203.231
Source: unknown TCP traffic detected without corresponding DNS query: 59.155.217.82
Source: unknown TCP traffic detected without corresponding DNS query: 79.0.81.169
Source: unknown TCP traffic detected without corresponding DNS query: 187.127.228.76
Source: unknown TCP traffic detected without corresponding DNS query: 47.195.84.144
Source: unknown TCP traffic detected without corresponding DNS query: 59.4.192.49
Source: unknown TCP traffic detected without corresponding DNS query: 20.96.18.204
Source: unknown TCP traffic detected without corresponding DNS query: 84.144.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 19.37.51.49
Source: unknown TCP traffic detected without corresponding DNS query: 208.233.144.26
Source: unknown TCP traffic detected without corresponding DNS query: 54.41.170.171
Source: unknown TCP traffic detected without corresponding DNS query: 217.171.83.43
Source: unknown TCP traffic detected without corresponding DNS query: 179.26.154.158
Source: unknown TCP traffic detected without corresponding DNS query: 98.60.144.40
Source: unknown TCP traffic detected without corresponding DNS query: 181.156.238.221
Source: unknown TCP traffic detected without corresponding DNS query: 13.46.186.171
Source: unknown TCP traffic detected without corresponding DNS query: 27.77.33.53
Source: unknown TCP traffic detected without corresponding DNS query: 186.197.181.157
Source: unknown TCP traffic detected without corresponding DNS query: 221.253.219.9
Source: unknown TCP traffic detected without corresponding DNS query: 86.23.243.141
Source: unknown TCP traffic detected without corresponding DNS query: 217.134.208.149
Source: unknown TCP traffic detected without corresponding DNS query: 112.1.0.103
Source: unknown TCP traffic detected without corresponding DNS query: 176.25.19.129
Source: unknown TCP traffic detected without corresponding DNS query: 203.64.177.206
Source: unknown TCP traffic detected without corresponding DNS query: 89.62.238.247
Source: unknown TCP traffic detected without corresponding DNS query: 38.46.34.49
Source: unknown TCP traffic detected without corresponding DNS query: 193.195.180.86
Source: unknown TCP traffic detected without corresponding DNS query: 172.69.227.236
Source: unknown TCP traffic detected without corresponding DNS query: 85.253.53.57
Source: unknown TCP traffic detected without corresponding DNS query: 108.31.39.77
Source: unknown TCP traffic detected without corresponding DNS query: 203.231.234.124
Source: unknown TCP traffic detected without corresponding DNS query: 169.201.242.166
Source: unknown TCP traffic detected without corresponding DNS query: 5.104.148.237
Source: unknown TCP traffic detected without corresponding DNS query: 165.76.161.13
Source: unknown TCP traffic detected without corresponding DNS query: 31.37.123.68
Source: unknown TCP traffic detected without corresponding DNS query: 211.128.4.190
Source: unknown TCP traffic detected without corresponding DNS query: 253.49.98.164
Source: unknown TCP traffic detected without corresponding DNS query: 145.149.166.190
Source: unknown TCP traffic detected without corresponding DNS query: 105.246.16.77
Source: unknown TCP traffic detected without corresponding DNS query: 122.34.230.107
Source: unknown TCP traffic detected without corresponding DNS query: 83.113.136.199
Source: unknown TCP traffic detected without corresponding DNS query: 74.141.227.216
Source: unknown TCP traffic detected without corresponding DNS query: 191.241.145.50
Source: unknown TCP traffic detected without corresponding DNS query: 143.31.39.206
Source: unknown TCP traffic detected without corresponding DNS query: 172.42.75.157
Source: unknown TCP traffic detected without corresponding DNS query: 250.49.180.16
Source: unknown TCP traffic detected without corresponding DNS query: 254.6.5.190

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 2DbzKHhgOH, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 2DbzKHhgOH, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Yara signature match
Source: 2DbzKHhgOH, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 2DbzKHhgOH, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/2DbzKHhgOH (PID: 6226) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: classification engine Classification label: mal76.troj.lin@0/0@0/0
Enumerates processes within the "proc" file system
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/491/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/793/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/772/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/796/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/774/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/797/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/777/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/799/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/658/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/912/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/759/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/936/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/918/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/1/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/761/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/785/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/884/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/720/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/721/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/788/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/789/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/800/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/801/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/847/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6232) File opened: /proc/904/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/491/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/793/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/772/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/796/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/774/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/797/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/777/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/799/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/658/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/912/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/759/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/936/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/918/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/1/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/761/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/785/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/884/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/720/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/721/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/788/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/789/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/800/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/801/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/847/fd Jump to behavior
Source: /tmp/2DbzKHhgOH (PID: 6226) File opened: /proc/904/fd Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54828
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 39698
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 39834
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55020
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 39992
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55224
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40170
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55448
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40338
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55666
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40516
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40672
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 55858
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40822
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56052
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40984
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56248
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41152
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56440
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 56628
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57026
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57320
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57462
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57602
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57758
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57912
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 58058
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 58194
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 58346
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/2DbzKHhgOH (PID: 6223) Queries kernel information via 'uname': Jump to behavior
Source: 2DbzKHhgOH, 6223.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00005636a8392000.00005636a8417000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sparc
Source: 2DbzKHhgOH, 6223.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00005636a8392000.00005636a8417000.rw-.sdmp Binary or memory string: 6V!/etc/qemu-binfmt/sparc
Source: 2DbzKHhgOH, 6223.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp Binary or memory string: /usr/bin/qemu-sparc
Source: 2DbzKHhgOH, 6223.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-sparc/tmp/2DbzKHhgOHSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/2DbzKHhgOH

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 2DbzKHhgOH, type: SAMPLE
Source: Yara match File source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 2DbzKHhgOH, type: SAMPLE
Source: Yara match File source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
168.232.195.12
 unknown Brazil
264947 LUIZLIMAECIALTDA-MEBR false
172.242.149.102
 unknown United States
7155 VIASAT-SP-BACKBONEUS false
244.20.66.52
 unknown Reserved
unknown unknown false
171.113.147.143
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
19.169.88.87
 unknown United States
3 MIT-GATEWAYSUS false
63.89.37.172
 unknown United States
701 UUNETUS false
57.250.79.115
 unknown Belgium
51964 ORANGE-BUSINESS-SERVICES-IPSN-ASNFR false
17.187.225.236
 unknown United States
714 APPLE-ENGINEERINGUS false
179.178.200.39
 unknown Brazil
18881 TELEFONICABRASILSABR false
212.236.166.35
 unknown Austria
8245 VIDEOBROADCAST-ASAT false
156.111.211.80
 unknown United States
395139 NYP-INTERNETUS false
172.249.237.250
 unknown United States
20001 TWC-20001-PACWESTUS false
154.141.21.12
 unknown Egypt
37069 MOBINILEG false
172.78.20.231
 unknown United States
5650 FRONTIER-FRTRUS false
242.114.167.34
 unknown Reserved
unknown unknown false
250.72.175.183
 unknown Reserved
unknown unknown false
12.33.245.124
 unknown United States
7018 ATT-INTERNET4US false
92.100.198.12
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
148.183.118.63
 unknown United States
11529 NGUS-ASUS false
74.164.154.157
 unknown United States
6389 BELLSOUTH-NET-BLKUS false
187.0.44.224
 unknown unknown
270589 MarcioHenriqueMalaquiasJuniorBR false
101.91.3.194
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
162.41.243.8
 unknown United States
53984 AS-WELLSTARUS false
76.251.40.142
 unknown United States
7018 ATT-INTERNET4US false
9.234.214.193
 unknown United States
3356 LEVEL3US false
210.55.200.75
 unknown New Zealand
4648 SPARK-NZGlobal-GatewayInternetNZ false
210.151.57.163
 unknown Japan 4725 ODNSoftBankMobileCorpJP false
146.35.171.49
 unknown United States
197938 TRAVIANGAMESDE false
130.1.17.5
 unknown United States
6908 DATAHOPDatahop-SixDegreesGB false
242.60.251.65
 unknown Reserved
unknown unknown false
193.215.94.85
 unknown Norway
2119 TELENOR-NEXTELTelenorNorgeASNO false
69.241.251.91
 unknown United States
7922 COMCAST-7922US false
5.248.220.111
 unknown Ukraine
15895 KSNET-ASUA false
53.70.141.206
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
145.161.131.179
 unknown Netherlands
59524 KPN-IAASNL false
255.235.153.74
 unknown Reserved
unknown unknown false
124.168.11.239
 unknown Australia
7545 TPG-INTERNET-APTPGTelecomLimitedAU false
12.238.112.74
 unknown United States
11085 PDI-HQ-INETUS false
81.156.178.92
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
112.58.214.171
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
16.122.9.243
 unknown United States
unknown unknown false
142.148.79.137
 unknown Canada
808 GONET-ASN-1CA false
171.117.63.31
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
105.237.204.73
 unknown South Africa
16637 MTNNS-ASZA false
84.228.172.237
 unknown Israel
9116 GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSyste false
41.143.104.16
 unknown Morocco
36903 MT-MPLSMA false
255.108.118.255
 unknown Reserved
unknown unknown false
91.220.198.112
 unknown Ukraine
50304 BLIXNO false
57.184.201.154
 unknown Belgium
2686 ATGS-MMD-ASUS false
212.225.90.64
 unknown United Kingdom
2529 DEMON-INTERNETNowmaintainedbyCableWirelessWorldwide false
14.251.158.152
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
167.185.27.193
 unknown United States
15071 BAX-BGPUS false
70.46.78.210
 unknown United States
7029 WINDSTREAMUS false
188.201.177.170
 unknown Netherlands
1136 KPNKPNNationalEU false
129.6.93.246
 unknown United States
49 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS false
44.80.25.38
 unknown United States
7377 UCSDUS false
190.14.82.129
 unknown Bolivia
22541 MegaLinkBO false
91.118.21.149
 unknown Austria
6830 LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding false
246.114.251.206
 unknown Reserved
unknown unknown false
98.33.199.221
 unknown United States
7922 COMCAST-7922US false
76.240.155.100
 unknown United States
7018 ATT-INTERNET4US false
175.227.77.55
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
216.217.214.98
 unknown United States
7029 WINDSTREAMUS false
154.40.28.102
 unknown United States
174 COGENT-174US false
210.77.15.166
 unknown China
7497 CSTNET-AS-APComputerNetworkInformationCenterCN false
207.218.72.98
 unknown United States
3549 LVLT-3549US false
244.239.113.71
 unknown Reserved
unknown unknown false
199.55.108.184
 unknown United States
398192 ARDOT-NET-01US false
219.111.80.29
 unknown Japan 2497 IIJInternetInitiativeJapanIncJP false
109.35.142.232
 unknown Netherlands
15480 VFNL-ASVodafoneNLAutonomousSystemNL false
240.58.79.8
 unknown Reserved
unknown unknown false
218.19.201.2
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
161.210.39.255
 unknown United States
14513 DMACCUS false
223.30.216.212
 unknown India
9583 SIFY-AS-INSifyLimitedIN false
14.88.182.111
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
177.67.65.0
 unknown Brazil
53011 KARCHERINDECOMLTDABR false
85.144.20.7
 unknown Netherlands
50266 TMOBILE-THUISNL false
220.53.144.208
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
2.64.113.156
 unknown Sweden
44034 HI3GSE false
202.153.150.34
 unknown Indonesia
10208 THENET-AS-ID-APPTMilleniumInternetindoID false
42.42.63.189
 unknown Korea Republic of
9644 SKTELECOM-NET-ASSKTelecomKR false
65.195.47.35
 unknown United States
701 UUNETUS false
57.62.64.150
 unknown Belgium
2686 ATGS-MMD-ASUS false
165.176.234.90
 unknown United States
7046 RFC2270-UUNET-CUSTOMERUS false
184.178.190.91
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
91.19.165.16
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
122.102.168.192
 unknown Japan 9617 ZAQJupiterTelecommunicationsCoLtdJP false
174.92.228.99
 unknown Canada
577 BACOMCA false
79.156.170.130
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
204.151.108.241
 unknown United States
11303 DATARETURNUS false
246.235.249.98
 unknown Reserved
unknown unknown false
212.127.114.0
 unknown Turkey
12729 HSBC_TR_BANK_INTERNETTR false
176.28.39.79
 unknown Germany
35329 GD-EMEA-DC-CGN3DE false
254.151.225.92
 unknown Reserved
unknown unknown false
182.133.200.190
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
216.60.3.85
 unknown United States
7018 ATT-INTERNET4US false
173.207.5.161
 unknown United States
6407 PRIMUS-AS6407CA false
12.15.64.253
 unknown United States
32328 ALASCOM-IP-MANAGED-NETWORKUS false
198.119.252.109
 unknown United States
297 AS297US false
253.179.129.161
 unknown Reserved
unknown unknown false