2017-09-18-Emotet-malspam-traffic.pcap

MD570d938eb15a9ec64bdb256786b3ac055
Submission Date2020-07-31 16:37:08
Tags(not set)
Alert 7
Showing 1-7 of 7 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-09-18T07:25:28.696294-070096.31.35.17010.9.18.101ET POLICY Office Document Download Containing AutoOpen Macro*
2
2017-09-18T07:31:46.371398-070010.9.18.10146.101.8.170ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
3
2017-09-18T07:26:21.261563-070010.9.18.10123.254.97.211ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
4
2017-09-18T07:46:57.306270-070010.9.18.10146.101.8.170ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
5
2017-09-18T07:31:43.883785-070066.147.242.9310.9.18.101ET POLICY PE EXE or DLL Windows file download HTTP*
6
2017-09-18T07:31:43.883785-070066.147.242.9310.9.18.101ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download*
7
2017-09-18T07:31:43.883785-070066.147.242.9310.9.18.101ET INFO EXE - Served Attached HTTP*
DNS 4
Showing 1-4 of 4 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2017-09-18T07:26:12.363408-070010.9.18.10110.9.18.1queryfocalaudiodesign.comA(not set)
2
2017-09-18T07:25:28.309003-070010.9.18.10110.9.18.1querybengalcore.comA(not set)
3
2017-09-18T07:26:12.382606-070010.9.18.110.9.18.101answerfocalaudiodesign.comA(not set)
4
2017-09-18T07:25:28.332935-070010.9.18.110.9.18.101answerbengalcore.comA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 5
Showing 1-5 of 5 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-09-18T07:25:28.695661-070010.9.18.101bengalcore.com80GET/Invoice-26396-reminder/200
2
2017-09-18T07:46:57.306270-070010.9.18.10146.101.8.1708080POST/404
3
2017-09-18T07:31:43.883785-070010.9.18.10123.254.97.2118080POST/404
4
2017-09-18T07:31:43.883785-070010.9.18.10146.101.8.1708080POST/404
5
2017-09-18T07:31:43.883785-070010.9.18.101focalaudiodesign.com80GET/hl/200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 15
Showing 1-15 of 15 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-09-18T07:31:43.883785-07001692787682837406flow10.9.18.10149178162.243.159.58443TCPpcapanalyzer
2
2017-09-18T07:31:43.883785-07001553106745539096flow10.9.18.1014917345.33.55.1578080TCPpcapanalyzer
3
2017-09-18T07:31:43.883785-07001986314321038224flow10.9.18.1015840110.9.18.153UDPpcapanalyzer
4
2017-09-18T07:31:43.883785-0700168271845536444flow10.9.18.10149171195.78.33.20080TCPpcapanalyzer
5
2017-09-18T07:31:43.883785-07001857224865530394flow10.9.18.1014918046.101.8.1708080TCPpcapanalyzer
6
2017-09-18T07:31:43.883785-07001447987435315697flow10.9.18.1014917946.101.8.1708080TCPpcapanalyzer
7
2017-09-18T07:31:43.883785-0700745309297845244flow10.9.18.1014917445.33.55.1578080TCPpcapanalyzer
8
2017-09-18T07:31:43.883785-07002021606064396110flow10.9.18.1014916396.31.35.17080TCPpcapanalyzer
9
2017-09-18T07:31:43.883785-07001460975406862769flow10.9.18.10149175104.236.252.1788080TCPpcapanalyzer
10
2017-09-18T07:31:43.883785-07001470518825548711flow10.9.18.10149176104.236.252.1788080TCPpcapanalyzer
11
2017-09-18T07:31:43.883785-07001905173801311116flow10.9.18.10149172195.78.33.20080TCPpcapanalyzer
12
2017-09-18T07:31:43.883785-07001493050212021453flow10.9.18.1014916966.147.242.9380TCPpcapanalyzer
13
2017-09-18T07:31:43.883785-07002200744858760758flow10.9.18.1014917023.254.97.2118080TCPpcapanalyzer
14
2017-09-18T07:31:43.883785-0700110027790137099flow10.9.18.1016135110.9.18.153UDPpcapanalyzer
15
2017-09-18T07:31:43.883785-07002091197437811146flow10.9.18.10149177162.243.159.58443TCPpcapanalyzer
File 8
Showing 1-8 of 8 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-09-18T07:26:12.848523-070066.147.242.9310.9.18.101qkEcFDUcffsQcwr.exePE32 executable (GUI) Intel 80386, for MS Windows22620
2
2017-09-18T07:25:28.695661-070096.31.35.17010.9.18.101Invoice 5499.docComposite Document File V2 Document, Can't read SAT65024
3
2017-09-18T07:31:20.701402-070010.9.18.10146.101.8.170/data340
4
2017-09-18T07:26:20.910579-070010.9.18.10123.254.97.211/data372
5
2017-09-18T07:26:21.584316-070023.254.97.21110.9.18.101/data48840
6
2017-09-18T07:46:56.639095-070010.9.18.10146.101.8.170/data356
7
2017-09-18T07:31:46.651210-070046.101.8.17010.9.18.101/data77635
8
2017-09-18T07:46:57.306270-070046.101.8.17010.9.18.101/data148

Comments(not set)

Update Download PCAP Delete