emo-samp-cap-sandyboxxer.pcap

MD589265be08932d7534f4f5fcb36ce682b
Submission Date2020-09-16 06:35:37
Tags(not set)
Alert 2
Showing 1-2 of 2 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-09-15T18:46:56.937931-0700192.168.2.30134.209.36.254ET TROJAN Win32/Emotet CnC Activity (POST) M10*
2
2020-09-15T18:47:01.693868-0700192.168.2.30104.156.59.7ET TROJAN Win32/Emotet CnC Activity (POST) M10*
DNS 174
Showing 1-20 of 174 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-09-15T18:45:51.584924-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
2
2020-09-15T18:45:51.608588-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
3
2020-09-15T18:45:52.369575-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
4
2020-09-15T18:45:52.393446-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
5
2020-09-15T18:45:53.432302-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
6
2020-09-15T18:45:53.456101-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
7
2020-09-15T18:45:55.314518-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
8
2020-09-15T18:45:55.346406-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
9
2020-09-15T18:45:54.314525-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
10
2020-09-15T18:45:54.338393-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
11
2020-09-15T18:45:56.464733-0700192.168.2.308.8.8.8querygo.microsoft.comA(not set)
12
2020-09-15T18:45:56.496810-07008.8.8.8192.168.2.30answergo.microsoft.comA(not set)
13
2020-09-15T18:45:56.656020-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
14
2020-09-15T18:45:56.679942-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
15
2020-09-15T18:46:00.952968-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
16
2020-09-15T18:46:00.976681-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
17
2020-09-15T18:45:57.767014-0700192.168.2.308.8.8.8querywatson.telemetry.microsoft.comA(not set)
18
2020-09-15T18:45:57.790745-07008.8.8.8192.168.2.30answerwatson.telemetry.microsoft.comA(not set)
19
2020-09-15T18:45:57.447225-0700192.168.2.308.8.8.8queryforum.zkbrasil.comA(not set)
20
2020-09-15T18:45:57.491770-07008.8.8.8192.168.2.30answerforum.zkbrasil.comA(not set)
TLS 61
Showing 1-20 of 61 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-09-15T18:45:51.883283-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
2
2020-09-15T18:45:52.662296-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
3
2020-09-15T18:45:53.725124-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
4
2020-09-15T18:45:54.622171-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
5
2020-09-15T18:45:55.801449-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
6
2020-09-15T18:45:56.998281-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
7
2020-09-15T18:46:00.456848-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
8
2020-09-15T18:46:01.250722-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
9
2020-09-15T18:45:57.835913-0700192.168.2.30104.238.94.90TLS 1.2forum.zkbrasil.com
10
2020-09-15T18:45:57.839701-0700192.168.2.30104.238.94.90TLS 1.2forum.zkbrasil.com
11
2020-09-15T18:45:58.062867-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
12
2020-09-15T18:46:02.103326-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
13
2020-09-15T18:46:09.813297-0700192.168.2.3052.109.76.6TLS 1.2officeclient.microsoft.com
14
2020-09-15T18:46:03.850626-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
15
2020-09-15T18:46:04.632786-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
16
2020-09-15T18:46:02.925704-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
17
2020-09-15T18:46:17.486516-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
18
2020-09-15T18:46:23.730072-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
19
2020-09-15T18:46:05.489304-0700192.168.2.3051.143.111.7TLS 1.2watson.telemetry.microsoft.com
20
2020-09-15T18:46:07.423539-0700192.168.2.3052.158.208.111TLS 1.2watson.telemetry.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 3
Showing 1-3 of 3 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-09-15T18:46:56.937931-0700192.168.2.30134.209.36.2548080POST/FTkI/L0Ux9Xj3N5gSfcn/9PV3SOGQ/JyTZduE/rcuIdEjxvWG/404
2
2020-09-15T18:47:01.693868-0700192.168.2.30104.156.59.78080POST/DaSsFUV/dTUB04ukBzSUj/Qt21MMPNgr9VT/lYsbdeuqEgdAfbbM/200
3
2020-09-15T18:48:42.191705-0700192.168.2.30ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 148
Showing 1-20 of 148 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-09-15T18:48:28.153667-0700846690236911155flow192.168.2.304982240.90.22.191443TCPpcapanalyzer
2
2020-09-15T18:48:28.153667-07001691911879622113flow192.168.2.304973340.90.22.188443TCPpcapanalyzer
3
2020-09-15T18:48:28.153667-07001269856177023536flow192.168.2.304977152.158.208.111443TCPpcapanalyzer
4
2020-09-15T18:48:28.153667-0700566989074213168flow192.168.2.30596328.8.8.853UDPpcapanalyzer
5
2020-09-15T18:48:28.153667-0700848528474924191flow192.168.2.304976652.158.208.111443TCPpcapanalyzer
6
2020-09-15T18:48:28.153667-0700290648731012050flow192.168.2.30507988.8.8.853UDPpcapanalyzer
7
2020-09-15T18:48:28.153667-0700854060401970766flow192.168.2.30497352.23.155.15380TCPpcapanalyzer
8
2020-09-15T18:48:28.153667-0700150761647620018flow192.168.2.30496068.8.8.853UDPpcapanalyzer
9
2020-09-15T18:48:28.153667-07001279704538474495flow192.168.2.30524948.8.8.853UDPpcapanalyzer
10
2020-09-15T18:48:28.153667-0700576360695187503flow192.168.2.30500888.8.8.853UDPpcapanalyzer
11
2020-09-15T18:48:28.153667-0700718124680804130flow192.168.2.30572738.8.8.853UDPpcapanalyzer
12
2020-09-15T18:48:28.153667-0700296376075251948flow192.168.2.30498202.21.60.193443TCPpcapanalyzer
13
2020-09-15T18:48:28.153667-0700859375417286261flow192.168.2.304980052.184.221.185443TCPpcapanalyzer
14
2020-09-15T18:48:28.153667-0700296567206165044flow192.168.2.30540688.8.8.853UDPpcapanalyzer
15
2020-09-15T18:48:28.153667-0700296880728896262flow192.168.2.30534488.8.8.853UDPpcapanalyzer
16
2020-09-15T18:48:28.153667-0700157107467776280flow192.168.2.30595658.8.8.853UDPpcapanalyzer
17
2020-09-15T18:48:28.153667-070018042864053732flow192.168.2.3049731104.123.23.22280TCPpcapanalyzer
18
2020-09-15T18:48:28.153667-07001707850501601151flow192.168.2.304980252.184.221.185443TCPpcapanalyzer
19
2020-09-15T18:48:28.153667-07001708303619875120flow192.168.2.304978852.158.208.111443TCPpcapanalyzer
20
2020-09-15T18:48:28.153667-07001851489239671220flow192.168.2.30516728.8.8.853UDPpcapanalyzer
File 5
Showing 1-5 of 5 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-09-15T18:46:56.738366-0700192.168.2.30134.209.36.254spshrduuzbkpgetdata596
2
2020-09-15T18:46:56.937931-0700134.209.36.254192.168.2.30/FTkI/L0Ux9Xj3N5gSfcn/9PV3SOGQ/JyTZduE/rcuIdEjxvWG/HTML document, ASCII text, with CRLF line terminators146
3
2020-09-15T18:47:01.263082-0700192.168.2.30104.156.59.7pxjscadata580
4
2020-09-15T18:47:01.693868-0700104.156.59.7192.168.2.30/DaSsFUV/dTUB04ukBzSUj/Qt21MMPNgr9VT/lYsbdeuqEgdAfbbM/data132
5
2020-09-15T18:48:42.191705-070093.184.220.29192.168.2.30/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx/h0Ztl+z8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g/6+rkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc=data471

Comments(not set)

Update Download PCAP Delete