2018-05-11-traffic-analysis-exercise.pcap

MD5265eeb887097ae7e636598175abfdf16
Submission Date2018-06-29 02:11:10
Tagspony
Alert 3
Showing 1-3 of 3 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2018-05-10T19:08:04.226709-070010.0.14.129184.72.249.110ET POLICY External IP Lookup api.ipify.org*
2
2018-05-10T19:08:12.791386-070010.0.14.129185.43.223.6ET TROJAN Fareit/Pony Downloader Checkin 2*
3
2018-05-10T19:08:15.318797-070010.0.14.129185.43.223.6ET TROJAN Fareit/Pony Downloader Checkin 2*
DNS 63
Showing 1-20 of 63 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2018-05-10T19:06:51.825773-070010.0.14.12910.0.14.3query_ldap._tcp.dc._msdcs.nightdew.orgSRV(not set)
2
2018-05-10T19:06:51.830776-070010.0.14.310.0.14.129answer_ldap._tcp.dc._msdcs.nightdew.orgSRV(not set)
3
2018-05-10T19:06:51.834957-070010.0.14.12910.0.14.3querynightdew-dc.nightdew.orgA(not set)
4
2018-05-10T19:06:51.835272-070010.0.14.310.0.14.129answernightdew-dc.nightdew.orgA(not set)
5
2018-05-10T19:06:51.940586-070010.0.14.12910.0.14.3query_ldap._tcp.Default-First-Site-Name._sites.nightdew.orgSRV(not set)
6
2018-05-10T19:06:51.940587-070010.0.14.310.0.14.129answer_ldap._tcp.Default-First-Site-Name._sites.nightdew.orgSRV(not set)
7
2018-05-10T19:06:51.513804-070010.0.14.12910.0.14.3queryisatap.localdomainA(not set)
8
2018-05-10T19:06:51.576930-070010.0.14.310.0.14.129answerisatap.localdomainA(not set)
9
2018-05-10T19:06:52.440241-070010.0.14.12910.0.14.3query_ldap._tcp.Default-First-Site-Name._sites.Nightdew-DC.nightdew.orgSRV(not set)
10
2018-05-10T19:06:52.442014-070010.0.14.310.0.14.129answer_ldap._tcp.Default-First-Site-Name._sites.Nightdew-DC.nightdew.orgSRV(not set)
11
2018-05-10T19:06:52.442014-070010.0.14.12910.0.14.3query_ldap._tcp.Nightdew-DC.nightdew.orgSRV(not set)
12
2018-05-10T19:06:52.442015-070010.0.14.310.0.14.129answer_ldap._tcp.Nightdew-DC.nightdew.orgSRV(not set)
13
2018-05-10T19:06:52.469743-070010.0.14.12910.0.14.3querynightdew.orgA(not set)
14
2018-05-10T19:06:52.469746-070010.0.14.310.0.14.129answernightdew.orgA(not set)
15
2018-05-10T19:06:55.699533-070010.0.14.12910.0.14.3queryChicago-7fa3-PC.nightdew.orgSOA(not set)
16
2018-05-10T19:06:55.699740-070010.0.14.310.0.14.129answerChicago-7fa3-PC.nightdew.orgSOA(not set)
17
2018-05-10T19:07:01.877918-070010.0.14.12910.0.14.3querywww.msftncsi.comA(not set)
18
2018-05-10T19:07:01.980597-070010.0.14.310.0.14.129answerwww.msftncsi.comA(not set)
19
2018-05-10T19:06:54.709741-070010.0.14.12910.0.14.3querywpad.nightdew.orgA(not set)
20
2018-05-10T19:06:54.710613-070010.0.14.310.0.14.129answerwpad.nightdew.orgA(not set)
TLS 55
Showing 1-20 of 55 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2018-05-10T19:10:16.781040-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
2
2018-05-10T19:20:16.377394-070010.0.14.129216.58.193.68TLS 1.2www.google.com
3
2018-05-10T19:20:17.342876-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
4
2018-05-10T19:10:17.429550-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
5
2018-05-10T19:20:24.446787-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
6
2018-05-10T19:20:25.040492-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
7
2018-05-10T19:10:18.788155-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
8
2018-05-10T19:10:19.360422-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
9
2018-05-10T19:15:23.130692-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
10
2018-05-10T19:25:28.868644-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
11
2018-05-10T19:20:17.922564-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
12
2018-05-10T19:20:26.374910-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
13
2018-05-10T19:15:20.684437-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
14
2018-05-10T19:15:21.254919-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
15
2018-05-10T19:15:22.568861-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
16
2018-05-10T19:30:19.283868-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
17
2018-05-10T19:30:34.647896-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
18
2018-05-10T19:25:30.211914-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
19
2018-05-10T19:35:36.098233-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
20
2018-05-10T19:35:36.779988-070010.0.14.129185.174.175.14TLS 1.2robwassotdint.ru
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 28
Showing 1-20 of 28 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2018-05-10T19:07:02.086380-070010.0.14.129www.msftncsi.com80GET/ncsi.txt200
2
2018-05-10T19:08:04.226709-070010.0.14.129api.ipify.org80GET/200
3
2018-05-10T19:08:04.895507-070010.0.14.129lysedsohap.com80POST/4/forum.php200
4
2018-05-10T19:08:06.138269-070010.0.14.129wansaiful.com80GET/wp-content/plugins/easy-media-download/1200
5
2018-05-10T19:08:14.456515-070010.0.14.129wansaiful.com80GET/wp-content/plugins/easy-media-download/2200
6
2018-05-10T19:10:16.001563-070010.0.14.129lysedsohap.com80POST/4/forum.php200
7
2018-05-10T19:08:15.474302-070010.0.14.129wansaiful.com80GET/wp-content/plugins/easy-media-download/3200
8
2018-05-10T19:16:17.547672-070010.0.14.129lysedsohap.com80POST/4/forum.php200
9
2018-05-10T19:24:19.654923-070010.0.14.129lysedsohap.com80POST/4/forum.php200
10
2018-05-10T19:12:16.521224-070010.0.14.129lysedsohap.com80POST/4/forum.php200
11
2018-05-10T19:18:18.062057-070010.0.14.129lysedsohap.com80POST/4/forum.php200
12
2018-05-10T19:14:17.037719-070010.0.14.129lysedsohap.com80POST/4/forum.php200
13
2018-05-10T19:28:20.702239-070010.0.14.129lysedsohap.com80POST/4/forum.php200
14
2018-05-10T19:30:21.219255-070010.0.14.129lysedsohap.com80POST/4/forum.php200
15
2018-05-10T19:22:19.119869-070010.0.14.129lysedsohap.com80POST/4/forum.php200
16
2018-05-10T19:20:18.593271-070010.0.14.129lysedsohap.com80POST/4/forum.php200
17
2018-05-10T19:26:20.172445-070010.0.14.129lysedsohap.com80POST/4/forum.php200
18
2018-05-10T19:36:22.766855-070010.0.14.129lysedsohap.com80POST/4/forum.php200
19
2018-05-10T19:32:21.739028-070010.0.14.129lysedsohap.com80POST/4/forum.php200
20
2018-05-10T19:34:22.261003-070010.0.14.129lysedsohap.com80POST/4/forum.php200
SMB 45
Showing 1-20 of 45 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2018-05-10T19:06:52.490005-070010.0.14.12910.0.14.32.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2018-05-10T19:06:52.493250-070010.0.14.12910.0.14.32.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
3
2018-05-10T19:06:52.494935-070010.0.14.12910.0.14.32.10SMB2_COMMAND_SESSION_SETUP43980465111970
4
2018-05-10T19:06:52.495776-070010.0.14.12910.0.14.32.10SMB2_COMMAND_TREE_CONNECT43980465111971
5
2018-05-10T19:06:52.501078-070010.0.14.12910.0.14.32.10SMB2_COMMAND_CREATE43980465111971
6
2018-05-10T19:07:16.088010-070010.0.14.12910.0.14.32.10SMB2_COMMAND_READ43980465111971
7
2018-05-10T19:06:52.472742-070010.0.14.12910.0.14.32.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
8
2018-05-10T19:06:52.482443-070010.0.14.12910.0.14.32.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
9
2018-05-10T19:06:52.482972-070010.0.14.12910.0.14.32.10SMB2_COMMAND_SESSION_SETUP43980465111930
10
2018-05-10T19:06:52.484096-070010.0.14.12910.0.14.32.10SMB2_COMMAND_SESSION_SETUP43980465111930
11
2018-05-10T19:06:52.484098-070010.0.14.12910.0.14.32.10SMB2_COMMAND_TREE_CONNECT43980465111931
12
2018-05-10T19:06:52.692514-070010.0.14.12910.0.14.32.10SMB2_COMMAND_IOCTL43980465111931
13
2018-05-10T19:07:04.091319-070010.0.14.12910.0.14.32.10SMB2_COMMAND_TREE_DISCONNECT43980465111931
14
2018-05-10T19:07:16.305294-070010.0.14.12910.0.14.32.10SMB2_COMMAND_CLOSE43980465111971
15
2018-05-10T19:07:28.096314-070010.0.14.12910.0.14.32.10SMB2_COMMAND_TREE_DISCONNECT43980465111971
16
2018-05-10T19:07:28.097250-070010.0.14.12910.0.14.32.10SMB2_COMMAND_SESSION_LOGOFF43980465111970
17
2018-05-10T19:07:30.874874-070010.0.14.12910.0.14.32.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
18
2018-05-10T19:07:30.878361-070010.0.14.12910.0.14.32.10SMB2_COMMAND_SESSION_SETUP43980465112010
19
2018-05-10T19:07:30.879640-070010.0.14.12910.0.14.32.10SMB2_COMMAND_TREE_CONNECT43980465112011
20
2018-05-10T19:07:30.889195-070010.0.14.12910.0.14.32.10SMB2_COMMAND_CREATE43980465112011
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 192
Showing 1-20 of 192 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2018-05-10T19:20:18.281807-0700449313620531670flow10.0.14.12955491224.0.0.2525355UDPpcapanalyzer
2
2018-05-10T19:20:18.281807-07001743335727226055flow10.0.14.12954893224.0.0.2525355UDPpcapanalyzer
3
2018-05-10T19:20:18.281807-0700524299454341873flow0.0.0.068255.255.255.25567UDPpcapanalyzer
4
2018-05-10T19:20:18.281807-0700964598026720531flow10.0.14.12954119224.0.0.2525355UDPpcapanalyzer
5
2018-05-10T19:20:18.281807-0700696957139668387flow10.0.14.12913710.0.14.1137UDPpcapanalyzer
6
2018-05-10T19:20:18.281807-07002050361464458906flow10.0.14.12913710.0.14.255137UDPpcapanalyzer
7
2018-05-10T19:20:18.281807-07001090968850136851flow10.0.14.12949182173.223.52.1880TCPpcapanalyzer
8
2018-05-10T19:20:18.281807-07001858595477094848flow10.0.14.12960229239.255.255.2501900UDPpcapanalyzer
9
2018-05-10T19:20:18.281807-07001832636687297677flow10.0.14.1295012110.0.14.353UDPpcapanalyzer
10
2018-05-10T19:20:18.281807-07001136413903249221flow10.0.14.12949199111.90.144.3080TCPpcapanalyzer
11
2018-05-10T19:20:18.281807-070012008640228079flow10.0.14.1296232710.0.14.353UDPpcapanalyzer
12
2018-05-10T19:20:18.281807-07001564742396909997flow10.0.14.1295552010.0.14.353UDPpcapanalyzer
13
2018-05-10T19:20:18.281807-07001994084507760561flow10.0.14.1295190010.0.14.353UDPpcapanalyzer
14
2018-05-10T19:20:18.281807-07001860197492152874flow10.0.14.1295368710.0.14.353UDPpcapanalyzer
15
2018-05-10T19:20:18.281807-07001302723626854047flow10.0.14.12949198185.43.223.680TCPpcapanalyzer
16
2018-05-10T19:20:18.281807-07001022558610578051flow10.0.14.1296398710.0.14.353UDPpcapanalyzer
17
2018-05-10T19:20:18.281807-07001466958881222809flow10.0.14.12949197184.72.249.11080TCPpcapanalyzer
18
2018-05-10T19:20:18.281807-07001331744716551321flow10.0.14.1295113010.0.14.353UDPpcapanalyzer
19
2018-05-10T19:20:18.281807-07002050361477830681flow10.0.14.12913710.0.14.255137UDPpcapanalyzer
20
2018-05-10T19:20:18.281807-07001629102482044704flow10.0.14.12968255.255.255.25567UDPpcapanalyzer
File 53
Showing 1-20 of 53 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2018-05-10T19:07:16.088010-070010.0.14.310.0.14.129nightdew.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
2
2018-05-10T19:07:02.086380-0700173.223.52.1810.0.14.129/ncsi.txtASCII text, with no line terminators14
3
2018-05-10T19:07:58.075514-070010.0.14.310.0.14.129nightdew.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
4
2018-05-10T19:08:04.226709-0700184.72.249.11010.0.14.129/ASCII text, with no line terminators14
5
2018-05-10T19:08:04.576109-070010.0.14.129185.43.223.6/4/forum.phpASCII text, with no line terminators123
6
2018-05-10T19:08:04.895507-0700185.43.223.610.0.14.129/4/forum.phpASCII text, with very long lines, with no line terminators1436
7
2018-05-10T19:08:12.248897-070010.0.14.129185.43.223.6/mlu/forum.phpdata206
8
2018-05-10T19:08:06.138269-0700111.90.144.3010.0.14.129/wp-content/plugins/easy-media-download/18086 relocatable (Microsoft)46341
9
2018-05-10T19:08:14.456515-0700111.90.144.3010.0.14.129/wp-content/plugins/easy-media-download/28086 relocatable (Microsoft)47383
10
2018-05-10T19:08:14.739251-070010.0.14.129185.43.223.6/d2/about.phpdata234
11
2018-05-10T19:10:15.697503-070010.0.14.129185.43.223.6/4/forum.phpASCII text, with no line terminators123
12
2018-05-10T19:10:16.001563-0700185.43.223.610.0.14.129/4/forum.phpASCII text, with no line terminators12
13
2018-05-10T19:08:15.474302-0700111.90.144.3010.0.14.129/wp-content/plugins/easy-media-download/38086 relocatable (Microsoft)159255
14
2018-05-10T19:16:17.252211-070010.0.14.129185.43.223.6/4/forum.phpASCII text, with no line terminators123
15
2018-05-10T19:16:17.547672-0700185.43.223.610.0.14.129/4/forum.phpASCII text, with no line terminators12
16
2018-05-10T19:24:19.340366-070010.0.14.129185.43.223.6/4/forum.phpASCII text, with no line terminators123
17
2018-05-10T19:12:16.219657-070010.0.14.129185.43.223.6/4/forum.phpASCII text, with no line terminators123
18
2018-05-10T19:24:19.654923-0700185.43.223.610.0.14.129/4/forum.phpASCII text, with no line terminators12
19
2018-05-10T19:18:17.765780-070010.0.14.129185.43.223.6/4/forum.phpASCII text, with no line terminators123
20
2018-05-10T19:12:16.521224-0700185.43.223.610.0.14.129/4/forum.phpASCII text, with no line terminators12

Comments

Update Download PCAP Delete