Emotet-epoch-1-with-Trickbot-gtag-mor84-infection-traffic.pcap

MD5288cfe0cdba6bc50c3480eec2bef175b
Submission Date2021-07-21 10:20:29
Tags(not set)
Alert 31
Showing 1-20 of 31 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-01-27T12:56:26.998197-080010.20.30.10151.159.23.217ET TROJAN Win32/Emotet CnC Activity (POST) M6*
2
2020-01-27T12:54:12.919659-080010.20.30.101190.6.193.152ET TROJAN Win32/Emotet CnC Activity (POST) M5*
3
2020-01-27T12:56:26.998197-080010.20.30.10151.159.23.217ET POLICY HTTP traffic on port 443 (POST)*
4
2020-01-27T12:56:31.740439-080010.20.30.10151.159.23.217ET TROJAN Win32/Emotet CnC Activity (POST) M6*
5
2020-01-27T12:56:31.740439-080010.20.30.10151.159.23.217ET POLICY HTTP traffic on port 443 (POST)*
6
2020-01-27T12:54:12.919659-080010.20.30.101190.6.193.152ET TROJAN Win32/Emotet CnC Activity (POST) M6*
7
2020-01-27T13:07:04.872668-080010.20.30.10110.20.30.1ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR*
8
2020-01-27T13:07:06.417350-0800194.99.21.13710.20.30.101ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)*
9
2020-01-27T12:54:24.822619-080010.20.30.101200.69.224.73ET TROJAN Win32/Emotet CnC Activity (POST) M5*
10
2020-01-27T12:54:24.822619-080010.20.30.101200.69.224.73ET TROJAN Win32/Emotet CnC Activity (POST) M6*
11
2020-01-27T13:09:25.333036-0800190.214.13.210.20.30.101ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
12
2020-01-27T13:11:18.578947-080010.20.30.101203.176.135.102ET TROJAN Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration*
13
2020-01-27T13:11:18.578947-080010.20.30.101203.176.135.102ET TROJAN Win32/Trickbot Data Exfiltration*
14
2020-01-27T13:11:18.578947-080010.20.30.101203.176.135.102GPL ATTACK_RESPONSE command completed*
15
2020-01-27T13:11:23.710561-0800203.176.135.10210.20.30.101ET TROJAN Trickbot Checkin Response*
16
2020-01-27T13:20:17.466696-0800190.214.13.210.20.30.101ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
17
2020-01-27T13:27:10.693784-0800190.214.13.210.20.30.101ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
18
2020-01-27T12:56:33.806886-080010.20.30.101200.69.224.73ET TROJAN Win32/Emotet CnC Activity (POST) M5*
19
2020-01-27T12:56:33.806886-080010.20.30.101200.69.224.73ET TROJAN Win32/Emotet CnC Activity (POST) M6*
20
2020-01-27T12:59:18.639685-0800190.214.13.210.20.30.101ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
DNS 10
Showing 1-10 of 10 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-01-27T12:52:39.778428-080010.20.30.10110.20.30.1queryikosher.co.ilA(not set)
2
2020-01-27T12:52:40.030562-080010.20.30.110.20.30.101answerikosher.co.ilA(not set)
3
2020-01-27T12:53:16.852923-080010.20.30.10110.20.30.1querydelhisexclinic.comA(not set)
4
2020-01-27T12:53:17.006438-080010.20.30.110.20.30.101answerdelhisexclinic.comA(not set)
5
2020-01-27T13:00:13.099560-080010.20.30.10110.20.30.1query112.46.66.173.zen.spamhaus.orgA(not set)
6
2020-01-27T13:00:13.277413-080010.20.30.110.20.30.101answer112.46.66.173.zen.spamhaus.orgA(not set)
7
2020-01-27T13:07:04.872668-080010.20.30.10110.20.30.1query2cdajlnnwxfylth4.onionA(not set)
8
2020-01-27T13:07:04.992613-080010.20.30.110.20.30.101answer2cdajlnnwxfylth4.onionA(not set)
9
2020-01-27T12:59:23.136308-080010.20.30.10110.20.30.1queryident.meA(not set)
10
2020-01-27T12:59:23.291366-080010.20.30.110.20.30.101answerident.meA(not set)
TLS 14
Showing 1-14 of 14 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-01-27T12:53:17.250378-080010.20.30.101173.231.214.60TLS 1.2delhisexclinic.com
2
2020-01-27T13:07:06.417227-080010.20.30.101194.99.21.137TLS 1.2(not set)
3
2020-01-27T13:09:25.332937-080010.20.30.101190.214.13.2TLSv1(not set)
4
2020-01-27T13:09:28.330384-080010.20.30.101190.214.13.2TLSv1(not set)
5
2020-01-27T13:23:46.314930-080010.20.30.101190.214.13.2TLSv1(not set)
6
2020-01-27T13:10:13.493106-080010.20.30.101190.214.13.2TLSv1(not set)
7
2020-01-27T13:13:11.147611-080010.20.30.101190.214.13.2TLSv1(not set)
8
2020-01-27T13:20:17.466610-080010.20.30.101190.214.13.2TLSv1(not set)
9
2020-01-27T13:27:10.693647-080010.20.30.101190.214.13.2TLSv1(not set)
10
2020-01-27T12:59:18.639525-080010.20.30.101190.214.13.2TLSv1(not set)
11
2020-01-27T12:59:23.687664-080010.20.30.101176.58.123.25TLS 1.2ident.me
12
2020-01-27T13:10:07.644744-080010.20.30.101190.214.13.2TLSv1(not set)
13
2020-01-27T13:10:43.651125-080010.20.30.101190.214.13.2TLSv1(not set)
14
2020-01-27T13:13:11.147649-080010.20.30.101190.214.13.2TLSv1(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 12
Showing 1-12 of 12 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-01-27T12:52:41.759605-080010.20.30.101ikosher.co.il80GET/discussiono/multifunctional-section/close-4hfy6o73iy-06x/383167265-j3LVOCu77d3B/200
2
2020-01-27T12:56:26.998197-080010.20.30.10151.159.23.217443POST/OwgR200
3
2020-01-27T12:56:31.740439-080010.20.30.10151.159.23.217443POST/CnnW94MVhQGtJZSjR200
4
2020-01-27T13:11:18.578947-080010.20.30.101203.176.135.1028082POST/mor84/DESKTOP-83TKHSQ_W10018363.572D588D45894026346E8F90E07B31E6/90200
5
2020-01-27T12:56:26.201271-080010.20.30.101200.69.224.7380POST/v4ZuR6CnU200
6
2020-01-27T12:56:33.806886-080010.20.30.101200.69.224.7380POST/OwgR200
7
2020-01-27T13:10:29.658728-080010.20.30.101200.69.224.7380POST/Yuy3Hh3200
8
2020-01-27T13:11:00.125506-080010.20.30.101203.176.135.1028082POST/mor84/DESKTOP-83TKHSQ_W10018363.572D588D45894026346E8F90E07B31E6/81/200
9
2020-01-27T13:11:32.429786-080010.20.30.101203.176.135.1028082POST/mor84/DESKTOP-83TKHSQ_W10018363.572D588D45894026346E8F90E07B31E6/81/200
10
2020-01-27T13:25:24.373471-080010.20.30.101200.69.224.7380POST/aLWChqlBNn8isE200
11
2020-01-27T13:25:26.654974-080010.20.30.101200.69.224.7380POST/X2XDUN0TWIhtvxsrt200
12
2020-01-27T13:11:00.125506-080010.20.30.101190.6.193.1528080POST/wbFcaqy5zdJxDV(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 29
Showing 1-20 of 29 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-01-27T13:24:54.497502-08002130481204004072flow10.20.30.1016059210.20.30.153UDPpcapanalyzer
2
2020-01-27T13:24:54.497502-0800323096659091644flow10.20.30.1014967010.20.30.153UDPpcapanalyzer
3
2020-01-27T13:24:54.497502-08002160404217753922flow10.20.30.10149691200.69.224.7380TCPpcapanalyzer
4
2020-01-27T13:24:54.497502-0800898648061384669flow10.20.30.1014969351.159.23.217443TCPpcapanalyzer
5
2020-01-27T13:24:54.497502-08001072227002385564flow10.20.30.10149677104.28.7.4480TCPpcapanalyzer
6
2020-01-27T13:24:54.497502-08001941846213002171flow10.20.30.1015135310.20.30.153UDPpcapanalyzer
7
2020-01-27T13:24:54.497502-0800540033336153204flow10.20.30.1015724910.20.30.153UDPpcapanalyzer
8
2020-01-27T13:24:54.497502-0800266227012311393flow10.20.30.1014969651.159.23.217443TCPpcapanalyzer
9
2020-01-27T13:24:54.497502-08001697522774233243flow10.20.30.10149778203.176.135.1028082TCPpcapanalyzer
10
2020-01-27T13:24:54.497502-0800856785026354267flow10.20.30.10149750190.214.13.2449TCPpcapanalyzer
11
2020-01-27T13:24:54.497502-08002124985899271097flow10.20.30.10149791190.214.13.2449TCPpcapanalyzer
12
2020-01-27T13:24:54.497502-0800167496558659921flow10.20.30.10149789190.214.13.2449TCPpcapanalyzer
13
2020-01-27T13:24:54.497502-08001310286382777793flow10.20.30.10149782190.214.13.2449TCPpcapanalyzer
14
2020-01-27T13:24:54.497502-080061133792898315flow10.20.30.10149779203.176.135.1028082TCPpcapanalyzer
15
2020-01-27T13:24:54.497502-08001048536028595244flow10.20.30.10149762190.214.13.2449TCPpcapanalyzer
16
2020-01-27T13:24:54.497502-08001339116398573621flow10.20.30.10149790200.69.224.7380TCPpcapanalyzer
17
2020-01-27T13:24:54.497502-08002055074490110172flow10.20.30.1015933810.20.30.153UDPpcapanalyzer
18
2020-01-27T13:24:54.497502-08001779285995894476flow10.20.30.10149687173.231.214.60443TCPpcapanalyzer
19
2020-01-27T13:24:54.497502-08001358971972924958flow10.20.30.10149765190.214.13.2449TCPpcapanalyzer
20
2020-01-27T13:24:54.497502-0800937852577794515flow10.20.30.10149768200.69.224.7380TCPpcapanalyzer
File 19
Showing 1-19 of 19 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-01-27T12:52:41.759605-0800104.28.7.4410.20.30.101Dat 2020_01_27 48060.docMicrosoft Word 2007+155379
2
2020-01-27T12:53:44.994405-080010.20.30.101190.6.193.152/wbFcaqy5zdJxDVASCII text, with very long lines, with no line terminators787
3
2020-01-27T12:56:26.705103-080010.20.30.10151.159.23.217/OwgRASCII text, with no line terminators219
4
2020-01-27T12:56:31.253841-080010.20.30.10151.159.23.217/CnnW94MVhQGtJZSjRASCII text, with no line terminators284
5
2020-01-27T12:56:26.998197-080051.159.23.21710.20.30.101/OwgRdata148
6
2020-01-27T12:56:31.740439-080051.159.23.21710.20.30.101/CnnW94MVhQGtJZSjRdata148
7
2020-01-27T12:54:17.332666-080010.20.30.101200.69.224.73/v4ZuR6CnUASCII text, with very long lines, with no line terminators784
8
2020-01-27T13:11:18.578947-0800203.176.135.10210.20.30.101/mor84/DESKTOP-83TKHSQ_W10018363.572D588D45894026346E8F90E07B31E6/90ASCII text, with no line terminators3
9
2020-01-27T12:56:26.201271-0800200.69.224.7310.20.30.101/v4ZuR6CnUdata1229956
10
2020-01-27T12:56:26.254315-080010.20.30.101200.69.224.73/OwgRASCII text, with very long lines, with no line terminators791
11
2020-01-27T12:56:33.806886-0800200.69.224.7310.20.30.101/OwgRdata148
12
2020-01-27T13:10:25.543482-080010.20.30.101200.69.224.73/Yuy3Hh3ASCII text, with very long lines, with no line terminators768
13
2020-01-27T13:10:29.658728-0800200.69.224.7310.20.30.101/Yuy3Hh3data148
14
2020-01-27T13:11:00.125506-0800203.176.135.10210.20.30.101/mor84/DESKTOP-83TKHSQ_W10018363.572D588D45894026346E8F90E07B31E6/81/ASCII text, with no line terminators3
15
2020-01-27T13:11:32.429786-0800203.176.135.10210.20.30.101/mor84/DESKTOP-83TKHSQ_W10018363.572D588D45894026346E8F90E07B31E6/81/ASCII text, with no line terminators3
16
2020-01-27T13:25:19.620550-080010.20.30.101200.69.224.73/aLWChqlBNn8isEASCII text, with very long lines, with no line terminators737
17
2020-01-27T13:25:24.373471-0800200.69.224.7310.20.30.101/aLWChqlBNn8isEdata67940
18
2020-01-27T13:25:24.381990-080010.20.30.101200.69.224.73/X2XDUN0TWIhtvxsrtASCII text, with very long lines, with no line terminators736
19
2020-01-27T13:25:26.654974-0800200.69.224.7310.20.30.101/X2XDUN0TWIhtvxsrtdata148

Comments(not set)

Update Download PCAP Delete