91beb7c43da3dd723c9d44629ab656b4f913c5ec111d1d362279938645f7edd3.pcap

MD5a401728099e41beca3d38a82c2ecd82f
Submission Date2020-07-25 23:49:18
Tags(not set)
Alert 19
Showing 1-19 of 19 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-07-25T21:21:48.442579-0700192.168.1.100103.12.161.194ET CNC Feodo Tracker Reported CnC Server group 1*
2
2020-07-25T21:21:44.606818-0700103.111.83.246192.168.1.100ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
3
2020-07-25T21:21:49.846511-0700103.12.161.194192.168.1.100ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
4
2020-07-25T21:21:52.752097-0700192.168.1.10082.146.46.209ET CNC Feodo Tracker Reported CnC Server group 22*
5
2020-07-25T21:21:53.329149-070082.146.46.209192.168.1.100ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)*
6
2020-07-25T21:21:46.022424-0700192.168.1.10095.217.228.176ET POLICY IP Check wtfismyip.com*
7
2020-07-25T21:21:46.022424-0700192.168.1.10095.217.228.176ET POLICY curl User-Agent Outbound*
8
2020-07-25T21:24:02.869899-0700192.168.1.100194.5.249.157ET CNC Feodo Tracker Reported CnC Server group 13*
9
2020-07-25T21:24:14.912392-0700192.168.1.100194.5.249.157ET POLICY HTTP traffic on port 443 (POST)*
10
2020-07-25T21:24:14.912392-0700192.168.1.100194.5.249.157ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
11
2020-07-25T21:22:57.370261-0700192.168.1.100194.5.249.157ET POLICY HTTP traffic on port 443 (POST)*
12
2020-07-25T21:22:57.370261-0700192.168.1.100194.5.249.157ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
13
2020-07-25T21:24:14.913015-0700192.168.1.10096.9.73.73ET CNC Feodo Tracker Reported CnC Server group 25*
14
2020-07-25T21:24:15.901374-0700192.168.1.10096.9.73.73ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
15
2020-07-25T21:24:59.999132-0700192.168.1.100194.5.249.157ET POLICY HTTP traffic on port 443 (POST)*
16
2020-07-25T21:24:59.999132-0700192.168.1.100194.5.249.157ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
17
2020-07-25T21:22:58.364487-0700192.168.1.10096.9.73.73ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
18
2020-07-25T21:23:29.443898-0700192.168.1.100203.176.135.102ET CNC Feodo Tracker Reported CnC Server group 14*
19
2020-07-25T21:23:29.906838-0700192.168.1.10096.9.73.73ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
DNS 0
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
No results found.
TLS 7
Showing 1-7 of 7 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-07-25T21:21:43.998301-0700192.168.1.100103.111.83.246TLSv1(not set)
2
2020-07-25T21:21:49.386909-0700192.168.1.100103.12.161.194TLSv1(not set)
3
2020-07-25T21:21:53.127372-0700192.168.1.10082.146.46.209TLS 1.2(not set)
4
2020-07-25T21:22:10.648036-0700192.168.1.10052.230.222.68TLS 1.2client.wns.windows.com
5
2020-07-25T21:22:30.561006-0700192.168.1.100103.12.161.194TLSv1(not set)
6
2020-07-25T21:22:26.135825-0700192.168.1.10052.230.222.68TLS 1.2client.wns.windows.com
7
2020-07-25T21:22:20.991654-0700192.168.1.10051.143.111.7TLS 1.2watson.telemetry.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 7
Showing 1-7 of 7 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-07-25T21:21:46.022424-0700192.168.1.100wtfismyip.com80GET/text200
2
2020-07-25T21:24:15.901374-0700192.168.1.10096.9.73.7380POST/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/81/200
3
2020-07-25T21:22:58.364487-0700192.168.1.10096.9.73.7380POST/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/83/200
4
2020-07-25T21:23:29.906838-0700192.168.1.100194.5.249.157443POST/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/83/(not set)
5
2020-07-25T21:23:29.906838-0700192.168.1.10096.9.73.7380POST/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/81/(not set)
6
2020-07-25T21:23:29.906838-0700192.168.1.100194.5.249.157443POST/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/81/(not set)
7
2020-07-25T21:23:29.906838-0700192.168.1.100194.5.249.157443POST/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/81/(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 17
Showing 1-17 of 17 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-07-25T21:23:29.906838-0700722780804208238flow192.168.1.1001746194.5.249.157443TCPpcapanalyzer
2
2020-07-25T21:23:29.906838-07001567210027002927flow192.168.1.100174152.230.222.68443TCPpcapanalyzer
3
2020-07-25T21:23:29.906838-0700723667720793719flow192.168.1.100175396.9.73.7380TCPpcapanalyzer
4
2020-07-25T21:23:29.906838-07002132152844057057flow192.168.1.100174082.146.46.209447TCPpcapanalyzer
5
2020-07-25T21:23:29.906838-07001443160632226257flow192.168.1.1001737103.111.83.246449TCPpcapanalyzer
6
2020-07-25T21:23:29.906838-0700604914015048920flow192.168.1.100174351.143.111.7443TCPpcapanalyzer
7
2020-07-25T21:23:29.906838-07001454546593441877flow192.168.1.100174452.230.222.68443TCPpcapanalyzer
8
2020-07-25T21:23:29.906838-07001038830266357452flow52.109.8.24443192.168.1.1001721TCPpcapanalyzer
9
2020-07-25T21:23:29.906838-0700757363876941308flow192.168.1.100173895.217.228.17680TCPpcapanalyzer
10
2020-07-25T21:23:29.906838-070076411857224056flow192.168.1.100175796.9.73.7380TCPpcapanalyzer
11
2020-07-25T21:23:29.906838-07001765549476562443flow192.168.1.1001752194.5.249.157443TCPpcapanalyzer
12
2020-07-25T21:23:29.906838-070077425457021139flow192.168.1.1001739103.12.161.194449TCPpcapanalyzer
13
2020-07-25T21:23:29.906838-070080004586826149flow52.230.222.68443192.168.1.1001734TCPpcapanalyzer
14
2020-07-25T21:23:29.906838-0700368248436671781flow203.176.135.1028082192.168.1.1001750TCPpcapanalyzer
15
2020-07-25T21:23:29.906838-0700544215392173974flow192.168.1.100174796.9.73.7380TCPpcapanalyzer
16
2020-07-25T21:23:29.906838-0700695688158475602flow192.168.1.1001756194.5.249.157443TCPpcapanalyzer
17
2020-07-25T21:23:29.906838-07002106030855390267flow192.168.1.1001745103.12.161.194449TCPpcapanalyzer
File 3
Showing 1-3 of 3 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-07-25T21:21:46.022424-070095.217.228.176192.168.1.100/textASCII text14
2
2020-07-25T21:24:15.901374-070096.9.73.73192.168.1.100/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/81/ASCII text, with no line terminators3
3
2020-07-25T21:22:58.364487-070096.9.73.73192.168.1.100/tot773/DESKTOP-2C3IQHO_W10016299.4059EF9DC2CA46AD60D2E0765459BD36/83/ASCII text, with no line terminators3

Comments(not set)

Update Download PCAP Delete