Analyzing ../reverse/snort.log. IP packet: 172.16.196.132 > 172.16.183.2 source = client/attacker command = 2 : set Reply IP dest IP reply mode: 1 :table randomized... random position set to 203.173.144.35 IP packet: 172.16.196.132 > 172.16.183.2 source = client/attacker command = 2 : set Reply IP dest IP reply mode: 1 :table randomized... random position set to 203.173.144.35 IP packet: 172.16.196.132 > 172.16.183.2 source = client/attacker command = 2 : set Reply IP dest IP reply mode: 1 :table randomized... random position set to 203.173.144.35 IP packet: 172.16.196.132 > 172.16.183.2 source = client/attacker command = 3 : run shell commands, return output shell command = rpcinfo -p 127.0.0.1 20 IP packet: 172.16.183.2 > 109.197.191.34 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 126.85.250.183 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 233.96.38.22 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 210.13.117.98 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 219.93.216.82 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 203.173.144.35 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 41.230.157.197 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 20.17.169.129 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 214.104.164.84 source = server/the-binary type = 3 : response to command 3, initial packet response: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 1024 nlockmgr 100021 3 udp 1024 nlockmgr 100021 1 tcp 1024 nlockmgr 100021 3 tcp 1024 nlockmgr 100024 1 udp 924 status 100024 1 tcp 926 status IP packet: 172.16.183.2 > 109.197.191.34 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 126.85.250.183 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 233.96.38.22 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 210.13.117.98 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 219.93.216.82 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 203.173.144.35 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 41.230.157.197 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 20.17.169.129 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**> IP packet: 172.16.183.2 > 214.104.164.84 source = server/the-binary type = 4 : response to command 3, continuation packet response: <**EOF**>