traffic.pcap

MD500483d1713ea302216b16c1ed515ecff
Submission Date2021-04-07 00:22:41
Tags(not set)
Alert 24
Showing 1-20 of 24 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2021-01-04T09:01:44.921543-0800172.16.1.101207.231.106.130ET POLICY IP Check wtfismyip.com*
2
2021-01-04T09:01:44.921543-0800172.16.1.101207.231.106.130ET POLICY curl User-Agent Outbound*
3
2021-01-04T09:07:21.784671-0800172.16.1.101103.14.232.46ET POLICY HTTP traffic on port 443 (POST)*
4
2021-01-04T09:07:21.784974-0800172.16.1.101103.14.232.46GPL ATTACK_RESPONSE command completed*
5
2021-01-04T09:07:22.285590-0800172.16.1.101103.14.232.46ET TROJAN Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration*
6
2021-01-04T09:07:22.285590-0800172.16.1.101103.14.232.46ET TROJAN Win32/Trickbot Data Exfiltration*
7
2021-01-04T09:07:22.285590-0800172.16.1.101103.14.232.46GPL ATTACK_RESPONSE command completed*
8
2021-01-04T09:08:01.346856-0800172.16.1.101103.14.232.46ET POLICY HTTP traffic on port 443 (POST)*
9
2021-01-04T09:01:40.925947-0800102.164.208.44172.16.1.101ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
10
2021-01-04T09:08:01.799739-0800172.16.1.101103.14.232.46ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
11
2021-01-04T09:09:46.713500-0800172.16.1.101103.14.232.46ET POLICY HTTP traffic on port 443 (POST)*
12
2021-01-04T09:09:47.235865-0800172.16.1.101103.14.232.46ET TROJAN Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration*
13
2021-01-04T09:09:47.235865-0800172.16.1.101103.14.232.46ET TROJAN Win32/Trickbot Data Exfiltration*
14
2021-01-04T09:09:47.235865-0800172.16.1.101103.14.232.46GPL ATTACK_RESPONSE command completed*
15
2021-01-04T09:05:31.858162-0800110.39.160.66172.16.1.101ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
16
2021-01-04T09:07:13.174684-0800172.16.1.101158.51.96.25ET POLICY curl User-Agent Outbound*
17
2021-01-04T09:07:36.508460-0800172.16.1.101103.14.232.46ET POLICY HTTP traffic on port 443 (POST)*
18
2021-01-04T09:07:39.887350-0800172.16.1.101103.14.232.46ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
19
2021-01-04T09:08:30.320763-0800158.51.96.25172.16.1.101ET POLICY PE EXE or DLL Windows file download HTTP*
20
2021-01-04T09:08:30.320763-0800158.51.96.25172.16.1.101ET INFO SUSPICIOUS Dotted Quad Host MZ Response*
DNS 40
Showing 1-20 of 40 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2021-01-04T09:00:23.374107-0800172.16.1.101172.16.1.16querynuockhoang.giaodien.vnA(not set)
2
2021-01-04T09:00:24.608293-0800172.16.1.16172.16.1.101answernuockhoang.giaodien.vnA(not set)
3
2021-01-04T09:00:27.700424-0800172.16.1.101172.16.1.16querywpad.dorkyankees.comA(not set)
4
2021-01-04T09:00:27.700652-0800172.16.1.16172.16.1.101answerwpad.dorkyankees.comA(not set)
5
2021-01-04T09:00:27.700942-0800172.16.1.101172.16.1.16querywpad.localdomainA(not set)
6
2021-01-04T09:00:27.701051-0800172.16.1.16172.16.1.101answerwpad.localdomainA(not set)
7
2021-01-04T09:01:02.000178-0800172.16.1.101172.16.1.16queryadmintk.comA(not set)
8
2021-01-04T09:01:02.020608-0800172.16.1.16172.16.1.101answeradmintk.comA(not set)
9
2021-01-04T09:01:51.220521-0800172.16.1.101172.16.1.16query97.46.66.173.zen.spamhaus.orgA(not set)
10
2021-01-04T09:01:51.318058-0800172.16.1.16172.16.1.101answer97.46.66.173.zen.spamhaus.orgA(not set)
11
2021-01-04T09:05:13.310844-0800172.16.1.101172.16.1.16querycxcs.microsoft.netA(not set)
12
2021-01-04T09:05:13.393659-0800172.16.1.16172.16.1.101answercxcs.microsoft.netA(not set)
13
2021-01-04T09:06:59.310711-0800172.16.1.101172.16.1.16query_ldap._tcp.DorkYankees-DC.dorkyankees.comSRV(not set)
14
2021-01-04T09:06:59.310861-0800172.16.1.16172.16.1.101answer_ldap._tcp.DorkYankees-DC.dorkyankees.comSRV(not set)
15
2021-01-04T09:01:44.604449-0800172.16.1.101172.16.1.16querywtfismyip.comA(not set)
16
2021-01-04T09:01:44.674977-0800172.16.1.16172.16.1.101answerwtfismyip.comA(not set)
17
2021-01-04T09:01:51.318690-0800172.16.1.101172.16.1.16query97.46.66.173.cbl.abuseat.orgA(not set)
18
2021-01-04T09:01:51.387900-0800172.16.1.16172.16.1.101answer97.46.66.173.cbl.abuseat.orgA(not set)
19
2021-01-04T09:01:51.388718-0800172.16.1.101172.16.1.16query97.46.66.173.b.barracudacentral.orgA(not set)
20
2021-01-04T09:01:51.524792-0800172.16.1.16172.16.1.101answer97.46.66.173.b.barracudacentral.orgA(not set)
TLS 10
Showing 1-10 of 10 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2021-01-04T09:01:02.523780-0800172.16.1.101210.56.52.6TLS 1.2admintk.com
2
2021-01-04T09:01:54.452532-0800172.16.1.10152.109.8.19TLS 1.2nexusrules.officeapps.live.com
3
2021-01-04T09:03:51.718009-0800172.16.1.10152.114.133.60TLS 1.2self.events.data.microsoft.com
4
2021-01-04T09:05:28.172817-0800172.16.1.101102.164.208.44TLSv1(not set)
5
2021-01-04T09:06:34.037884-0800172.16.1.101102.164.208.44TLSv1(not set)
6
2021-01-04T09:06:37.210748-0800172.16.1.101102.164.208.44TLSv1(not set)
7
2021-01-04T09:01:40.925883-0800172.16.1.101102.164.208.44TLSv1(not set)
8
2021-01-04T09:05:13.565707-0800172.16.1.101184.30.179.191TLS 1.2cxcs.microsoft.net
9
2021-01-04T09:05:13.599729-0800172.16.1.101204.79.197.200TLS 1.2www.bing.com
10
2021-01-04T09:05:31.858055-0800172.16.1.101110.39.160.66TLS 1.2(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 17
Showing 1-17 of 17 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2021-01-04T09:00:27.933525-0800172.16.1.101nuockhoang.giaodien.vn80GET/music-in-hjdnn/0cjbhwlIqxK3QGURHK/200
2
2021-01-04T09:01:44.921543-0800172.16.1.101wtfismyip.com80GET/text200
3
2021-01-04T09:01:29.118889-0800172.16.1.101167.99.105.118080POST/ghlsmpxrx8v26/cxv1br6ybl/200
4
2021-01-04T09:01:22.801707-0800172.16.1.10190.160.138.17580POST/yng1euw6/7uwn5ulz6i2qxe/mf1y7dgndx2t2/200
5
2021-01-04T09:01:27.681903-0800172.16.1.10190.160.138.17580POST/4rjfue/cxkz2zw/okonr3br75yqn/200
6
2021-01-04T09:01:33.790853-0800172.16.1.10190.160.138.17580POST/eush9g85jy7agywgx/hc8avsoqkt/31a9ky0flz05/el4g0kd8/200
7
2021-01-04T09:01:34.490779-0800172.16.1.101167.99.105.118080POST/ijam0wvtbyyg/ogw7/h7bbpwboju6ox4m/2tl7t4nrmnmtu1/ontqyhfgk8yf/200
8
2021-01-04T09:01:38.090922-0800172.16.1.10190.160.138.17580POST/60kgv4dkhjsfns/if6r92t3nv/tciwa41cnt/tt3ej3/zplxhaguup9/200
9
2021-01-04T09:07:22.285590-0800172.16.1.101103.14.232.46443POST/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/90404
10
2021-01-04T09:01:41.976876-0800172.16.1.10190.160.138.17580POST/uc2hb4z/qakeq/47rdd53qv22dobuy/0o0qmcmz8fin8pa/o51ddb/enxmvpufu2iggg/200
11
2021-01-04T09:01:42.793471-0800172.16.1.10190.160.138.17580POST/009eunxgzk/qcijm/8y79deowgaagx0zsux/200
12
2021-01-04T09:08:01.799739-0800172.16.1.101103.14.232.46443POST/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/83/404
13
2021-01-04T09:09:47.235865-0800172.16.1.101103.14.232.46443POST/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/90404
14
2021-01-04T09:07:16.521386-0800172.16.1.101158.51.96.2580GET/images/picture.png200
15
2021-01-04T09:07:39.887350-0800172.16.1.101103.14.232.46443POST/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/83/404
16
2021-01-04T09:09:26.770184-0800172.16.1.101103.14.232.46443POST/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/83/404
17
2021-01-04T09:10:51.830666-0800172.16.1.101103.14.232.46443POST/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/83/404
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 84
Showing 1-20 of 84 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2021-01-04T09:01:18.354400-0800849822792613524flow172.16.1.10163137239.255.255.2501900UDPpcapanalyzer
2
2021-01-04T09:01:18.354400-08001438617711654275flow172.16.1.10159199224.0.0.2525355UDPpcapanalyzer
3
2021-01-04T09:01:18.354400-08001033224338519103flow172.16.1.1015353224.0.0.2515353UDPpcapanalyzer
4
2021-01-04T09:01:18.354400-0800105949489247054flow172.16.1.101137172.16.1.255137UDPpcapanalyzer
5
2021-01-04T09:10:47.498125-08001267497650351431flow172.16.1.10165519186.47.209.222443TCPpcapanalyzer
6
2021-01-04T09:10:47.498125-08001692306417285540flow172.16.1.10165507110.39.160.66447TCPpcapanalyzer
7
2021-01-04T09:10:47.498125-0800426100675019879flow172.16.1.1016552645.141.59.212443TCPpcapanalyzer
8
2021-01-04T09:10:47.498125-0800709443959641403flow172.16.1.10154549172.16.1.1653UDPpcapanalyzer
9
2021-01-04T09:10:47.498125-0800991277567511749flow172.16.1.10165522103.14.232.46443TCPpcapanalyzer
10
2021-01-04T09:10:47.498125-08001137987206454486flow172.16.1.10165517172.16.1.1688TCPpcapanalyzer
11
2021-01-04T09:10:47.498125-08001000107993468106flow172.16.1.10165490172.16.1.16135TCPpcapanalyzer
12
2021-01-04T09:10:47.498125-0800298810704620411flow172.16.1.10165496167.99.105.118080TCPpcapanalyzer
13
2021-01-04T09:10:47.498125-0800862598191457897flow172.16.1.10165502204.79.197.200443TCPpcapanalyzer
14
2021-01-04T09:10:47.498125-080018894820940699flow172.16.1.10165508102.164.208.44449TCPpcapanalyzer
15
2021-01-04T09:10:47.498125-08001006814621206280flow172.16.1.10149153103.14.232.46443TCPpcapanalyzer
16
2021-01-04T09:10:47.498125-08001572343684605956flow172.16.1.10165503184.30.179.191443TCPpcapanalyzer
17
2021-01-04T09:10:47.498125-0800165514272913997flow172.16.1.1016552845.141.59.212443TCPpcapanalyzer
18
2021-01-04T09:10:47.498125-08001152227164464953flow172.16.1.10165504102.164.208.44449TCPpcapanalyzer
19
2021-01-04T09:10:47.498125-0800872283329463487flow172.16.1.10161949172.16.1.1653UDPpcapanalyzer
20
2021-01-04T09:10:47.498125-0800731554425581576flow172.16.1.10150686172.16.1.1653UDPpcapanalyzer
File 25
Showing 1-20 of 25 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2021-01-04T09:00:27.933525-0800149.28.140.9172.16.1.1013XZOWANC98IJF6.docComposite Document File V2 Document, Can't read SAT165719
2
2021-01-04T09:01:44.921543-0800207.231.106.130172.16.1.101/textASCII text13
3
2021-01-04T09:01:27.967445-0800172.16.1.101167.99.105.11XkcbOnEcUdata3380
4
2021-01-04T09:01:18.354495-0800172.16.1.10190.160.138.175dhiQwXPPRMuVAkKcMzGdata3220
5
2021-01-04T09:01:29.118889-0800167.99.105.11172.16.1.101/ghlsmpxrx8v26/cxv1br6ybl/data4132
6
2021-01-04T09:01:22.801707-080090.160.138.175172.16.1.101/yng1euw6/7uwn5ulz6i2qxe/mf1y7dgndx2t2/data220820
7
2021-01-04T09:01:22.808143-0800172.16.1.10190.160.138.175jjQEXwdata1812
8
2021-01-04T09:01:27.681903-080090.160.138.175172.16.1.101/4rjfue/cxkz2zw/okonr3br75yqn/data405812
9
2021-01-04T09:01:27.690407-0800172.16.1.10190.160.138.175YIaHfGZdata3636
10
2021-01-04T09:01:33.790853-080090.160.138.175172.16.1.101/eush9g85jy7agywgx/hc8avsoqkt/31a9ky0flz05/el4g0kd8/data474388
11
2021-01-04T09:01:33.809172-0800172.16.1.10190.160.138.175AkJCAnudHBtdata3588
12
2021-01-04T09:01:33.960480-0800172.16.1.101167.99.105.11dXrYJRAgkoMbTdata3460
13
2021-01-04T09:01:34.490779-0800167.99.105.11172.16.1.101/ijam0wvtbyyg/ogw7/h7bbpwboju6ox4m/2tl7t4nrmnmtu1/ontqyhfgk8yf/data2468
14
2021-01-04T09:01:38.090922-080090.160.138.175172.16.1.101/60kgv4dkhjsfns/if6r92t3nv/tciwa41cnt/tt3ej3/zplxhaguup9/data285364
15
2021-01-04T09:01:38.098916-0800172.16.1.10190.160.138.175XsUrtBEemfJGvvdata1748
16
2021-01-04T09:07:22.285590-0800103.14.232.46172.16.1.101/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/90HTML document, ASCII text, with CRLF line terminators169
17
2021-01-04T09:01:41.976876-080090.160.138.175172.16.1.101/uc2hb4z/qakeq/47rdd53qv22dobuy/0o0qmcmz8fin8pa/o51ddb/enxmvpufu2iggg/data305764
18
2021-01-04T09:01:41.987074-0800172.16.1.10190.160.138.175GFklmlvVPtldata2564
19
2021-01-04T09:01:42.793471-080090.160.138.175172.16.1.101/009eunxgzk/qcijm/8y79deowgaagx0zsux/DOS executable (COM)3540
20
2021-01-04T09:08:01.799739-0800103.14.232.46172.16.1.101/mor9/DESKTOP-B5JPXN1_W10019042.6EF8D93A3B8FF281490CA5826FA3F67A/83/HTML document, ASCII text, with CRLF line terminators571

Comments(not set)

Update Download PCAP Delete