ad88219d-16b2-4f87-98b9-ce8b7c5557ac.pcap

MD5990ed39fc6fcd2fb5e3d266736f762bc
Submission Date2020-09-28 08:12:16
Tags(not set)
Alert 6
Showing 1-6 of 6 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-09-28T08:06:38.138383-0700192.168.100.4152.109.120.29ET POLICY HTTP traffic on port 443 (POST)*
2
2020-09-28T08:05:12.285915-0700192.168.100.41174.106.122.139ET CNC Feodo Tracker Reported CnC Server group 6*
3
2020-09-28T08:05:12.994715-0700192.168.100.41174.106.122.139ET TROJAN Win32/Emotet CnC Activity (POST) M10*
4
2020-09-28T08:08:32.877715-0700208.91.199.181192.168.100.41ET POLICY PE EXE or DLL Windows file download HTTP*
5
2020-09-28T08:08:32.877715-0700208.91.199.181192.168.100.41ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download*
6
2020-09-28T08:08:32.877715-0700208.91.199.181192.168.100.41ET INFO EXE - Served Attached HTTP*
DNS 58
Showing 1-20 of 58 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-09-28T08:03:36.986069-0700192.168.100.41192.168.100.2queryaccounts.google.comA(not set)
2
2020-09-28T08:03:36.954367-0700192.168.100.41192.168.100.2queryclientservices.googleapis.comA(not set)
3
2020-09-28T08:03:36.954425-0700192.168.100.41192.168.100.2querywpcs.comA(not set)
4
2020-09-28T08:03:36.976300-0700192.168.100.2192.168.100.41answerwpcs.comA(not set)
5
2020-09-28T08:03:36.960008-0700192.168.100.2192.168.100.41answerclientservices.googleapis.comA(not set)
6
2020-09-28T08:03:36.986295-0700192.168.100.2192.168.100.41answeraccounts.google.comA(not set)
7
2020-09-28T08:03:57.985456-0700192.168.100.41192.168.100.2querysupport.google.comA(not set)
8
2020-09-28T08:03:58.014205-0700192.168.100.2192.168.100.41answersupport.google.comA(not set)
9
2020-09-28T08:04:14.190656-0700192.168.100.41192.168.100.2querywww.bing.comA(not set)
10
2020-09-28T08:04:14.190755-0700192.168.100.2192.168.100.41answerwww.bing.comA(not set)
11
2020-09-28T08:04:14.190543-0700192.168.100.41192.168.100.2querywww.bing.comA(not set)
12
2020-09-28T08:04:14.190712-0700192.168.100.2192.168.100.41answerwww.bing.comA(not set)
13
2020-09-28T08:04:37.991712-0700192.168.100.41192.168.100.2querywpcs.comA(not set)
14
2020-09-28T08:04:37.991943-0700192.168.100.2192.168.100.41answerwpcs.comA(not set)
15
2020-09-28T08:03:40.257214-0700192.168.100.41192.168.100.2querysafebrowsing.googleapis.comA(not set)
16
2020-09-28T08:03:40.271019-0700192.168.100.2192.168.100.41answersafebrowsing.googleapis.comA(not set)
17
2020-09-28T08:03:46.086789-0700192.168.100.41192.168.100.2queryssl.gstatic.comA(not set)
18
2020-09-28T08:03:46.087030-0700192.168.100.2192.168.100.41answerssl.gstatic.comA(not set)
19
2020-09-28T08:04:14.190612-0700192.168.100.41192.168.100.2queryapi.bing.comA(not set)
20
2020-09-28T08:04:14.190738-0700192.168.100.2192.168.100.41answerapi.bing.comA(not set)
TLS 36
Showing 1-20 of 36 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-09-28T08:03:37.028901-0700192.168.100.41216.58.208.35TLS 1.3clientservices.googleapis.com
2
2020-09-28T08:04:01.334509-0700192.168.100.41216.58.207.78TLS 1.3support.google.com
3
2020-09-28T08:04:01.522474-0700192.168.100.41216.58.207.78TLS 1.3support.google.com
4
2020-09-28T08:03:40.320140-0700192.168.100.41172.217.23.170TLS 1.3safebrowsing.googleapis.com
5
2020-09-28T08:03:46.135679-0700192.168.100.41172.217.21.195TLS 1.3ssl.gstatic.com
6
2020-09-28T08:03:46.448783-0700192.168.100.41172.217.18.13TLS 1.3accounts.google.com
7
2020-09-28T08:03:58.308475-0700192.168.100.418.20.79.79TLS 1.2wpcs.com
8
2020-09-28T08:03:39.348964-0700192.168.100.418.20.79.79TLS 1.2wpcs.com
9
2020-09-28T08:03:40.074802-0700192.168.100.41172.217.18.13TLS 1.3accounts.google.com
10
2020-09-28T08:03:46.137096-0700192.168.100.41172.217.21.195TLS 1.3ssl.gstatic.com
11
2020-09-28T08:04:01.334543-0700192.168.100.41216.58.207.78TLS 1.3support.google.com
12
2020-09-28T08:04:39.047407-0700192.168.100.418.20.79.79TLS 1.2wpcs.com
13
2020-09-28T08:04:40.490225-0700192.168.100.41152.199.19.161TLS 1.2r20swj13mr.microsoft.com
14
2020-09-28T08:04:49.664140-0700192.168.100.41152.199.19.161TLS 1.2iecvlist.microsoft.com
15
2020-09-28T08:04:40.487564-0700192.168.100.41152.199.19.161TLS 1.2r20swj13mr.microsoft.com
16
2020-09-28T08:04:49.678328-0700192.168.100.418.20.79.79TLS 1.2wpcs.com
17
2020-09-28T08:05:00.344675-0700192.168.100.418.20.79.79TLS 1.2wpcs.com
18
2020-09-28T08:05:00.671528-0700192.168.100.41216.58.206.14TLS 1.3play.google.com
19
2020-09-28T08:05:00.674264-0700192.168.100.41216.58.206.14TLS 1.3play.google.com
20
2020-09-28T08:05:00.674320-0700192.168.100.41216.58.206.14TLS 1.3play.google.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 10
Showing 1-10 of 10 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-09-28T08:04:39.570310-0700192.168.100.41ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D200
2
2020-09-28T08:04:41.319146-0700192.168.100.41ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D200
3
2020-09-28T08:04:15.364350-0700192.168.100.41www.bing.com80GET/favicon.ico200
4
2020-09-28T08:04:41.321004-0700192.168.100.41ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D200
5
2020-09-28T08:06:19.785238-0700192.168.100.41ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D200
6
2020-09-28T08:05:00.870198-0700192.168.100.41fulfillmententertainment.com80GET/cgi-bin/WrD/200
7
2020-09-28T08:05:11.456196-0700192.168.100.41office14client.microsoft.com80GET/config14?UILCID=1033&CLCID=1033&ILCID=1033&HelpLCID=1033&App={019C826E-445A-4649-A5B0-0BF08FCC4EEE}&build=14.0.6023200
8
2020-09-28T08:05:12.994715-0700192.168.100.41174.106.122.13980POST/RXXxpgkypsrpC/eI8CgCzRpIMIlD/wB5rA8POugPVqig/MnQOkULn2zfgTUm2b/P5CyVCaepJDXBy5t/ihojbQzrCrcEwBfH7W1/200
9
2020-09-28T08:05:13.184155-0700192.168.100.41ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D200
10
2020-09-28T08:08:32.877715-0700192.168.100.41rr.office.microsoft.com443POST/Research/query.asmx(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 103
Showing 1-20 of 103 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-09-28T08:05:00.608562-0700852422079796951flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8661729ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
2
2020-09-28T08:05:00.608562-07001981903989833246flow192.168.100.4158100224.0.0.2525355UDPpcapanalyzer
3
2020-09-28T08:05:00.608562-07001982578299988359flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8653864ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
4
2020-09-28T08:05:00.608562-07001703366770561108flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8661322ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
5
2020-09-28T08:05:00.608562-07002145563718455536flow192.168.100.4163724224.0.0.2525355UDPpcapanalyzer
6
2020-09-28T08:05:00.608562-0700471153538300101flow192.168.100.415353224.0.0.2515353UDPpcapanalyzer
7
2020-09-28T08:05:00.608562-0700765191294317096flow192.168.100.4163726239.255.255.2501900UDPpcapanalyzer
8
2020-09-28T08:05:00.608562-07002177471030979100flow192.168.100.4161396224.0.0.2525355UDPpcapanalyzer
9
2020-09-28T08:05:00.608562-0700495110865497083flow192.168.100.4153307239.255.255.2501900UDPpcapanalyzer
10
2020-09-28T08:05:00.608562-0700495931205053009flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8652360ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
11
2020-09-28T08:05:00.608562-07002051138862934626flow192.168.100.4159183224.0.0.2525355UDPpcapanalyzer
12
2020-09-28T08:05:00.608562-0700223720472016340flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8651444ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
13
2020-09-28T08:05:00.608562-0700373498866529833flow192.168.100.4156360224.0.0.2525355UDPpcapanalyzer
14
2020-09-28T08:05:00.608562-07001503856950208831flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8658906ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
15
2020-09-28T08:05:00.608562-07001363226835399021flow192.168.100.4152297224.0.0.2525355UDPpcapanalyzer
16
2020-09-28T08:05:00.608562-0700668198047906180flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe865353ff02:0000:0000:0000:0000:0000:0000:00fb5353UDPpcapanalyzer
17
2020-09-28T08:05:00.608562-0700106794282843496flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8654966ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
18
2020-09-28T08:05:00.608562-0700108855866789503flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe8649610ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
19
2020-09-28T08:05:00.608562-0700251788084079372flow192.168.100.4160271224.0.0.2525355UDPpcapanalyzer
20
2020-09-28T08:05:00.608562-07001801257665188442flowfe80:0000:0000:0000:b9a3:aa8f:3e8e:fe86(not set)ff02:0000:0000:0000:0000:0000:0000:0016(not set)IPv6-ICMPpcapanalyzer
File 11
Showing 1-11 of 11 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-09-28T08:04:41.319146-070093.184.220.29192.168.100.41/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg+hWk=data1507
2
2020-09-28T08:04:15.364350-0700204.79.197.200192.168.100.41/favicon.icoPNG image data, 16 x 16, 4-bit colormap, non-interlaced237
3
2020-09-28T08:04:41.321004-070093.184.220.29192.168.100.41/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg+hWk=data1507
4
2020-09-28T08:04:39.570310-070093.184.220.29192.168.100.41/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k=data471
5
2020-09-28T08:06:19.785238-070093.184.220.29192.168.100.41/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx/h0Ztl+z8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g/6+rkS7QYXjzkCEA177el9ggmWelJjG4vdGL0=data471
6
2020-09-28T08:06:38.151513-0700192.168.100.4152.109.120.29/Research/query.asmxXML 1.0 document, ASCII text, with very long lines, with no line terminators2002
7
2020-09-28T08:05:00.870198-0700208.91.199.181192.168.100.41GCEFby.exePE32 executable (GUI) Intel 80386, for MS Windows516096
8
2020-09-28T08:05:11.456196-070052.109.76.6192.168.100.41/config14XML 1.0 document, ASCII text, with CRLF line terminators2037
9
2020-09-28T08:05:12.311403-0700192.168.100.41174.106.122.139lanxoldata420
10
2020-09-28T08:05:12.994715-0700174.106.122.139192.168.100.41/RXXxpgkypsrpC/eI8CgCzRpIMIlD/wB5rA8POugPVqig/MnQOkULn2zfgTUm2b/P5CyVCaepJDXBy5t/ihojbQzrCrcEwBfH7W1/data132
11
2020-09-28T08:05:13.184155-070093.184.220.29192.168.100.41/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEAtqs7A+san2xGCSaqjN/rM=data1507

Comments(not set)

Update Download PCAP Delete