Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 163.151.162.85:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 104.142.173.149:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 209.184.177.135:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 137.243.81.5:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 2.206.168.216:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 19.135.140.179:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 197.239.84.85:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 200.92.245.153:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 116.67.119.148:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 141.120.197.91:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 65.154.218.40:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 124.212.254.113:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:40644 -> 187.127.3.105:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 163.136.220.64:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 160.154.217.169:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 42.100.191.234:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.137.192.245:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:39792 -> 189.236.169.194:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:43256 -> 89.203.251.188:7267 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 147.79.64.93:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 135.149.49.5:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 219.178.111.66:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 75.55.208.35:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 160.142.234.100:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 173.9.184.220:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 187.224.94.159:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 105.123.130.198:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 149.222.104.130:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 200.214.123.249:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 54.6.154.146:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 55.85.248.107:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 65.170.196.42:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 107.89.146.145:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 143.144.130.65:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 115.100.246.114:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 204.213.205.118:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.70.201.148:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 114.154.146.252:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 84.126.30.181:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 72.96.228.219:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 5.249.17.203:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 29.105.195.127:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 50.40.194.3:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 162.78.6.107:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 220.202.211.41:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 91.36.64.44:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 139.131.111.14:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 23.22.98.112:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 109.11.173.177:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 110.140.165.131:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 223.6.247.130:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 107.233.118.154:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 94.26.22.117:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.179.158.49:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 119.11.139.79:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 105.66.194.214:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 75.26.181.151:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 213.4.250.93:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 1.136.86.171:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 79.83.63.161:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 67.151.50.197:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 169.173.222.182:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 75.6.93.112:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 48.236.86.172:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 15.192.178.237:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:59856 -> 187.119.191.232:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 95.52.106.171:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 2.149.147.150:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 33.148.92.70:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 171.173.99.26:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 108.208.102.205:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 130.216.49.6:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 96.158.69.6:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 93.51.139.184:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 96.83.234.242:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 216.46.203.199:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 119.249.93.179:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 158.212.150.123:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 82.232.99.98:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 165.251.205.13:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 62.112.225.121:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 158.204.80.148:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 2.214.55.57:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 106.189.126.165:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 115.4.227.195:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 71.181.130.227:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 91.109.14.17:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 160.30.6.161:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.117.53.207:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 79.95.201.126:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 115.193.18.50:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 139.64.21.84:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 207.100.22.63:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 9.25.164.58:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 88.170.167.42:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 177.223.99.112:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 31.233.64.156:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 153.116.66.16:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 17.174.21.93:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 79.117.93.26:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 161.84.160.216:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 64.10.38.215:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 128.75.30.64:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 16.66.216.208:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 222.134.132.190:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 80.177.116.178:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 89.60.180.230:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 186.130.167.134:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 114.91.131.16:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 87.141.30.72:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 32.227.145.174:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 108.73.29.204:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 106.155.152.197:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 124.65.63.81:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:41358 -> 187.245.213.139:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 11.218.149.26:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 110.210.0.7:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 157.169.77.132:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 5.135.137.173:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 132.161.54.74:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 31.220.244.241:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 187.192.10.153:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 3.231.89.198:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 115.97.197.218:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 113.38.186.195:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 89.63.29.167:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 43.38.71.86:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 71.118.231.208:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 183.250.197.133:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 181.180.110.135:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 71.148.112.115:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 70.235.235.75:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 32.52.35.23:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 221.142.142.57:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 180.211.170.16:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 85.231.39.47:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 183.131.151.92:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 195.34.132.90:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 50.5.252.251:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 212.233.55.201:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 75.97.244.246:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 52.180.129.119:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 67.141.38.213:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 177.133.155.80:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 116.186.50.145:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 116.212.180.80:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 62.196.12.160:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 136.8.93.180:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 164.57.193.76:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 46.167.217.53:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 98.121.27.54:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 157.95.21.205:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 43.160.254.106:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 72.228.102.105:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 94.17.137.86:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 149.35.160.212:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 137.106.150.131:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 22.136.128.97:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 189.249.205.243:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 71.211.243.4:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 121.110.73.27:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 33.132.113.87:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 167.158.157.57:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:36688 -> 189.38.139.35:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 200.151.49.59:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 142.121.197.7:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 77.66.22.4:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 199.87.129.117:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 8.129.133.147:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 95.195.226.70:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 13.42.219.133:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 21.117.53.252:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 154.151.66.94:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 122.66.123.169:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 121.39.224.137:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.111.126.19:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 102.229.168.3:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 153.214.121.126:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 143.98.42.186:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 139.191.181.20:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 54.31.132.214:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 163.37.245.24:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 113.245.14.6:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 168.97.206.194:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 109.27.179.30:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 189.116.191.64:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 179.95.137.156:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 95.38.160.52:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 108.228.239.195:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 149.82.51.33:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 157.80.239.181:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 167.181.60.65:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 52.65.175.98:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 51.245.110.17:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 39.246.123.239:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 2.210.145.46:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:41170 -> 187.46.99.177:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 219.122.105.221:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 108.240.60.197:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 27.135.198.213:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 220.148.44.31:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 149.171.118.135:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 144.252.121.112:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 213.226.154.87:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 166.247.194.109:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 16.133.163.123:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 176.98.151.86:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 123.172.10.234:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 137.160.241.156:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 118.191.83.238:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.215.225.207:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 176.189.183.229:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 140.164.70.61:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 25.158.61.237:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 93.120.73.32:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 121.151.162.233:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 154.230.112.114:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 24.178.223.210:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 188.127.51.54:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 68.42.44.95:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 137.98.13.32:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 89.232.237.134:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 100.16.103.72:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 214.199.75.211:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 163.4.151.124:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 165.216.141.58:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 166.231.158.138:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 134.162.203.241:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 97.217.0.76:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 173.78.32.4:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 139.130.20.252:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 16.76.40.204:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 138.31.232.216:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 159.232.28.131:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 22.253.251.152:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 44.144.16.201:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 179.137.100.52:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 77.110.228.69:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 167.241.180.160:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 133.162.195.74:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 39.169.161.170:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 211.69.184.58:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 81.164.55.227:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 202.188.206.186:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 197.47.245.230:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 182.19.32.242:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 94.98.36.29:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 12.28.211.180:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 157.77.58.92:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 205.218.25.88:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 99.252.11.90:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 158.136.212.224:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 176.173.120.82:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 86.82.172.87:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 101.251.200.37:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 38.12.182.131:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 206.174.59.37:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 88.85.4.247:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 40.160.100.143:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 132.90.101.151:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:15661 -> 28.31.41.64:2323 |
Source: global traffic | TCP traffic: 192.168.2.20:40122 -> 121.227.36.161:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:37258 -> 216.148.34.2:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:58652 -> 165.138.116.213:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:50706 -> 42.153.99.93:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:34530 -> 171.2.190.24:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:37156 -> 136.69.233.238:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:55608 -> 67.151.29.209:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:51396 -> 183.78.182.208:52869 |
Source: global traffic | TCP traffic: 192.168.2.20:33894 -> 183.88.38.240:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:49558 -> 112.191.186.107:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:51920 -> 148.135.41.142:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:46692 -> 88.109.40.245:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:34742 -> 96.65.200.17:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:58436 -> 33.167.163.147:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:42454 -> 178.198.5.222:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:47414 -> 104.170.207.190:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:59518 -> 78.10.169.100:8080 |
Source: global traffic | TCP traffic: 192.168.2.20:41696 -> 150.155.178.72:37215 |
Source: global traffic | TCP traffic: 192.168.2.20:37166 -> 81.228.113.97:37215 |
Source: global traffic | TCP traffic: 192.168.2.20:36476 -> 161.88.30.216:37215 |
Source: global traffic | TCP traffic: 192.168.2.20:37112 -> 168.64.202.149:37215 |
Source: global traffic | TCP traffic: 192.168.2.20:36146 -> 7.88.193.142:37215 |
Source: global traffic | TCP traffic: 192.168.2.20:40052 -> 196.56.226.212:7574 |
Source: robinbot, type: SAMPLE | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: robinbot, type: SAMPLE | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13 |
Source: robinbot, type: SAMPLE | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16 |
Source: robinbot, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16 |
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16 |
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16 |
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16 |
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |