32394be5f7cb8fd22eb94e91374c38c3.pcap

MD557f67469c7922f8b9fc72ecd4f22ba4d
Submission Date2021-09-23 20:07:42
Tags(not set)
Alert 28
Showing 1-20 of 28 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-12-11T10:27:53.642043-080010.12.11.15423.202.231.88ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)*
2
2019-12-11T10:27:53.642043-080010.12.11.15423.202.231.88ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)*
3
2019-12-11T10:29:18.912582-080010.12.11.154109.196.164.247ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)*
4
2019-12-11T10:29:18.912582-080010.12.11.154109.196.164.247ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)*
5
2019-12-11T10:29:22.868878-080010.12.11.154109.196.164.247ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)*
6
2019-12-11T10:45:45.274924-0800162.213.37.6710.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
7
2019-12-11T10:45:45.274924-0800162.213.37.6710.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
8
2019-12-11T10:45:50.352367-0800162.213.37.6710.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
9
2019-12-11T10:45:50.352367-0800162.213.37.6710.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
10
2019-12-11T10:49:45.605293-0800216.99.151.9010.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
11
2019-12-11T10:52:08.724248-0800216.99.151.9010.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
12
2019-12-11T11:13:54.787991-0800216.99.151.9010.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
13
2019-12-11T11:35:58.104354-080091.211.249.5110.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
14
2019-12-11T10:49:38.110409-0800216.99.151.9010.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
15
2019-12-11T11:35:59.838873-080091.211.249.5110.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
16
2019-12-11T11:57:34.805601-080091.211.249.5110.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
17
2019-12-11T12:17:43.430986-080091.211.249.5110.12.11.154ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)*
18
2019-12-11T10:25:32.514572-080083.166.242.9710.12.11.154ET POLICY PE EXE or DLL Windows file download HTTP*
19
2019-12-11T10:25:32.514572-080083.166.242.9710.12.11.154ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2*
20
2019-12-11T10:25:32.514572-080083.166.242.9710.12.11.154ET INFO EXE - Served Attached HTTP*
DNS 314
Showing 1-20 of 314 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-12-11T10:24:22.447726-080010.12.11.15410.12.11.254querywpad.localdomainA(not set)
2
2019-12-11T10:24:23.261832-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
3
2019-12-11T10:24:43.343748-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
4
2019-12-11T10:24:23.449815-080010.12.11.15410.12.11.254querywpad.localdomainA(not set)
5
2019-12-11T10:24:44.357115-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
6
2019-12-11T10:24:25.460826-080010.12.11.15410.12.11.254querywpad.localdomainA(not set)
7
2019-12-11T10:24:45.372423-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
8
2019-12-11T10:24:27.269720-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
9
2019-12-11T10:24:47.383488-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
10
2019-12-11T10:24:51.393885-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
11
2019-12-11T10:24:53.313680-080010.12.11.15410.12.11.254queryteredo.ipv6.microsoft.comA(not set)
12
2019-12-11T10:24:31.180283-080010.12.11.15410.12.11.254querydns.msftncsi.comA(not set)
13
2019-12-11T10:24:53.327407-080010.12.11.25410.12.11.154answerteredo.ipv6.microsoft.comA(not set)
14
2019-12-11T10:24:55.403774-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
15
2019-12-11T10:24:56.416494-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
16
2019-12-11T10:24:57.429906-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
17
2019-12-11T10:24:59.442992-080010.12.11.15410.12.11.254queryisatap.localdomainA(not set)
18
2019-12-11T10:25:00.106406-080010.12.11.15410.12.11.254querywww.avg.comA(not set)
19
2019-12-11T10:24:31.191247-080010.12.11.25410.12.11.154answerdns.msftncsi.comA(not set)
20
2019-12-11T10:25:00.284364-080010.12.11.25410.12.11.154answerwww.avg.comA(not set)
TLS 95
Showing 1-20 of 95 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-12-11T10:25:00.403103-080010.12.11.15423.214.55.116TLSv1(not set)
2
2019-12-11T10:25:00.364740-080010.12.11.15423.214.55.116TLS 1.2www.avg.com
3
2019-12-11T10:25:10.056392-080010.12.11.154104.18.168.33TLS 1.2www.bitdefender.com
4
2019-12-11T10:25:19.952854-080010.12.11.15452.21.38.221TLS 1.2www.eset.com
5
2019-12-11T10:26:38.503475-080010.12.11.15472.21.81.55TLS 1.2iecvlist.microsoft.com
6
2019-12-11T10:26:41.657047-080010.12.11.15472.21.81.55TLS 1.2iecvlist.microsoft.com
7
2019-12-11T10:27:13.492714-080010.12.11.154204.79.197.55TLS 1.2ieonline.microsoft.com
8
2019-12-11T10:26:38.503733-080010.12.11.15472.21.81.55TLS 1.2iecvlist.microsoft.com
9
2019-12-11T10:26:38.503783-080010.12.11.15472.21.81.55TLS 1.2iecvlist.microsoft.com
10
2019-12-11T10:26:38.526731-080010.12.11.15472.21.81.55TLS 1.2r20swj13mr.microsoft.com
11
2019-12-11T10:26:38.526821-080010.12.11.15472.21.81.55TLS 1.2r20swj13mr.microsoft.com
12
2019-12-11T10:27:13.492759-080010.12.11.154204.79.197.55TLS 1.2ieonline.microsoft.com
13
2019-12-11T10:28:45.316501-080010.12.11.15472.21.81.55TLS 1.2iecvlist.microsoft.com
14
2019-12-11T10:28:45.316697-080010.12.11.15472.21.81.55TLS 1.2iecvlist.microsoft.com
15
2019-12-11T10:30:28.943193-080010.12.11.154194.1.238.47TLS 1.2btyr34brian.com
16
2019-12-11T10:30:51.133404-080010.12.11.154194.1.238.47TLS 1.2btyr34brian.com
17
2019-12-11T10:40:28.710841-080010.12.11.154194.1.238.47TLS 1.2btyr34brian.com
18
2019-12-11T10:40:32.117804-080010.12.11.154200.52.88.183TLS 1.2mccannmia.com
19
2019-12-11T10:30:28.202666-080010.12.11.15440.119.2.41TLS 1.2settings-win.data.microsoft.com
20
2019-12-11T10:45:45.273260-080010.12.11.154162.213.37.67TLS 1.2(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 21
Showing 1-20 of 21 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-12-11T10:24:36.747841-080010.12.11.154www.msftncsi.com80GET/ncsi.txt200
2
2019-12-11T10:27:32.601398-080010.12.11.154searchguide.level3.com80GET/s/css/searchguide.css200
3
2019-12-11T10:27:32.617028-080010.12.11.154searchguide.level3.com80GET/s/img/lvl3/logo.png200
4
2019-12-11T10:27:32.620204-080010.12.11.154searchguide.level3.com80GET/s/js/jquery.cookie.js200
5
2019-12-11T10:27:32.620503-080010.12.11.154searchguide.level3.com80GET/s/js/bootstrap.min.js200
6
2019-12-11T10:27:32.621252-080010.12.11.154searchguide.level3.com80GET/s/js/searchguide.js200
7
2019-12-11T10:27:32.797264-080010.12.11.154searchguide.level3.com80GET/s/img/lvl3/favicon.ico200
8
2019-12-11T10:27:53.642043-080010.12.11.154nlourdesprice.com80GET/images/3_2F_2FG2uG3EYd5J/TD0_2F1_2B_2/FL_2Byydv73/rJ9PifZYhqopRz/3LDeDpVwjNDtlsuvmwQqE/lD_2BtUTOlNxMepK/R_2FQqcS2tr4Zca/HOUR1pcWib_2BPF_2B/_2BkGScGY/jApn_2FeXUZD0izwwH_2/BPFqftAmhsTY8ydLE3_/2BZIVe.avi200
9
2019-12-11T10:29:19.566930-080010.12.11.154sbrian025ao.com80GET/images/vc8YnlHD2AggB8/dM4_2BMAeqi0_2BQLUiqZ/EtP0v4z3oOMd5vNv/9cCMtrQoDis_2F6/8F9LVeUiMNfE8kmsMu/UzjtBoMxj/VPq_2BEOysH152l_2F67/zgxTx7a_2FA7Md6120e/PaoZFzLj8VDuWX3alwQR_2/Fbmkwd56e/d.avi200
10
2019-12-11T10:29:19.750088-080010.12.11.154sbrian025ao.com80GET/favicon.ico200
11
2019-12-11T10:29:22.868878-080010.12.11.154sbrian025ao.com80GET/images/u23m3runKyy1H/ZwK4n_2B/WH9quo4lj8WEU3xcfdM72ff/ABVtkN2kfs/cPEpyRyFw7YhMZwEv/uwiXAmLT6O_2/FsNz_2BVpFY/q89_2BGjyehm0a/lbwam6GXfjI3DP3xJSIv3/F0otEkDn6rubeT5j/c998dF_2BfHP/n5X.avi200
12
2019-12-11T10:30:29.301110-080010.12.11.154www.download.windowsupdate.com80GET/msdownload/update/v3/static/trustedr/en/authrootstl.cab304
13
2019-12-11T10:40:32.008234-080010.12.11.154mccannmia.com80GET/wp-content/uploads/2019/11/tttmorning.rar302
14
2019-12-11T10:25:33.293225-080010.12.11.154jandneneet.com80GET/effinz/cyaess.php?l=satury3.cab200
15
2019-12-11T10:27:31.797149-080010.12.11.154ceugaylordwinifred.com80GET/images/1ybFasaDXq87EqJFNu/H9euAHC4J/_2FMJlXGRIWQUv31mHMc/re9cp2DjSj2lyRujzro/su4UEvm64RiXeRNGSu4nUn/fjvIKXaiKbpC5/utapovkG/_2Ffqga5tm3OmvQHUju3Our/YDKP23CZVc/eKz_2BYapxIzziWAu/YFJmnknjx8wTQ_2B/ZA56.avi200
16
2019-12-11T10:27:32.580319-080010.12.11.154searchguide.level3.com80GET/search/?q=http%3A//ceugaylordwinifred.com/images/1ybFasaDXq87EqJFNu/H9euAHC4J/_2FMJlXGRIWQUv31mHMc/re9cp2DjSj2lyRujzro/su4UEvm64RiXeRNGSu4nUn/fjvIKXaiKbpC5/utapovkG/_2Ffqga5tm3OmvQHUju3Our/YDKP23CZVc/eKz_2BYapxIzziWAu/YFJmnknjx8wTQ_2B/ZA56.avi&r=&bc=200
17
2019-12-11T10:27:32.606259-080010.12.11.154searchguide.level3.com80GET/s/css/bootstrap.min.css200
18
2019-12-11T10:27:32.634301-080010.12.11.154searchguide.level3.com80GET/s/js/jquery.min.js200
19
2019-12-11T10:27:32.968001-080010.12.11.154searchguide.level3.com80GET/s/fonts/glyphicons-halflings-regular.eot?200
20
2019-12-11T10:27:54.082950-080010.12.11.154searchguide.level3.com80GET/search/?q=http%3A//nlourdesprice.com/images/3_2F_2FG2uG3EYd5J/TD0_2F1_2B_2/FL_2Byydv73/rJ9PifZYhqopRz/3LDeDpVwjNDtlsuvmwQqE/lD_2BtUTOlNxMepK/R_2FQqcS2tr4Zca/HOUR1pcWib_2BPF_2B/_2BkGScGY/jApn_2FeXUZD0izwwH_2/BPFqftAmhsTY8ydLE3_/2BZIVe.avi&r=&bc=200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 331
Showing 1-20 of 331 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-12-11T10:25:30.902584-08002113212834643656flow10.12.11.1546299710.12.11.25453UDPpcapanalyzer
2
2019-12-11T10:25:30.902584-08002001788498003410flow10.12.11.2546710.12.11.15468UDPpcapanalyzer
3
2019-12-11T10:25:30.902584-08001439295958599014flow10.12.11.15468255.255.255.067UDPpcapanalyzer
4
2019-12-11T10:25:30.902584-08001868511368403828flow10.12.11.1546547110.12.11.25453UDPpcapanalyzer
5
2019-12-11T10:25:30.902584-08001370649496275791flow10.12.11.15456396224.0.0.35355UDPpcapanalyzer
6
2019-12-11T10:25:30.902584-08001799875643391448flow10.12.11.15453001224.0.0.35355UDPpcapanalyzer
7
2019-12-11T10:25:30.902584-0800545635672211140flow10.12.11.1545664710.12.11.25453UDPpcapanalyzer
8
2019-12-11T10:25:30.902584-0800834006217577710flow10.12.11.1545659110.12.11.25453UDPpcapanalyzer
9
2019-12-11T12:12:18.712879-0800703943948564702flow10.12.11.15462647224.0.0.35355UDPpcapanalyzer
10
2019-12-11T12:12:18.712879-08001268195342657818flow10.12.11.1546502510.12.11.25453UDPpcapanalyzer
11
2019-12-11T12:12:18.712879-08001128583114405262flow10.12.11.1544923340.119.2.41443TCPpcapanalyzer
12
2019-12-11T12:12:18.712879-0800706555274061334flow10.12.11.15449205200.52.88.18380TCPpcapanalyzer
13
2019-12-11T12:12:18.712879-0800425082526683215flow10.12.11.1545437010.12.11.25453UDPpcapanalyzer
14
2019-12-11T12:12:18.712879-0800566874371781697flow10.12.11.15457722224.0.0.35355UDPpcapanalyzer
15
2019-12-11T12:12:18.712879-08001130249446535048flow10.12.11.1545191810.12.11.25453UDPpcapanalyzer
16
2019-12-11T12:12:18.712879-08001974893484213786flow10.12.11.1545177610.12.11.25453UDPpcapanalyzer
17
2019-12-11T12:12:18.712879-0800708337690731050flow10.12.11.1545308210.12.11.25453UDPpcapanalyzer
18
2019-12-11T12:12:18.712879-08001271717084528856flow10.12.11.15449181104.124.61.24580TCPpcapanalyzer
19
2019-12-11T12:12:18.712879-0800849560448838937flow10.12.11.1545407810.12.11.25453UDPpcapanalyzer
20
2019-12-11T12:12:18.712879-0800287274084618039flow10.12.11.1544919640.119.2.41443TCPpcapanalyzer
File 20
Showing 1-20 of 20 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-12-11T10:24:36.747841-0800104.123.153.24710.12.11.154/ncsi.txtASCII text, with no line terminators14
2
2019-12-11T10:27:32.601398-0800104.124.61.24510.12.11.154/s/css/searchguide.cssASCII text10261
3
2019-12-11T10:27:32.617028-0800104.124.61.24510.12.11.154/s/img/lvl3/logo.pngPNG image data, 171 x 47, 8-bit/color RGB, non-interlaced9478
4
2019-12-11T10:27:32.620503-0800104.124.61.24510.12.11.154/s/js/bootstrap.min.jsASCII text, with very long lines31819
5
2019-12-11T10:27:32.620204-0800104.124.61.24510.12.11.154/s/js/jquery.cookie.jsASCII text3622
6
2019-12-11T10:27:32.621252-0800104.124.61.24510.12.11.154/s/js/searchguide.jsASCII text, with very long lines14951
7
2019-12-11T10:27:32.797264-0800104.124.61.24510.12.11.154/s/img/lvl3/favicon.icoMS Windows icon resource - 1 icon, 16x161150
8
2019-12-11T10:27:53.642043-080023.202.231.8810.12.11.154/images/3_2F_2FG2uG3EYd5J/TD0_2F1_2B_2/FL_2Byydv73/rJ9PifZYhqopRz/3LDeDpVwjNDtlsuvmwQqE/lD_2BtUTOlNxMepK/R_2FQqcS2tr4Zca/HOUR1pcWib_2BPF_2B/_2BkGScGY/jApn_2FeXUZD0izwwH_2/BPFqftAmhsTY8ydLE3_/2BZIVe.aviHTML document, ASCII text, with very long lines, with no line terminators541
9
2019-12-11T10:29:19.566930-0800109.196.164.24710.12.11.154/images/vc8YnlHD2AggB8/dM4_2BMAeqi0_2BQLUiqZ/EtP0v4z3oOMd5vNv/9cCMtrQoDis_2F6/8F9LVeUiMNfE8kmsMu/UzjtBoMxj/VPq_2BEOysH152l_2F67/zgxTx7a_2FA7Md6120e/PaoZFzLj8VDuWX3alwQR_2/Fbmkwd56e/d.aviASCII text, with very long lines, with no line terminators221968
10
2019-12-11T10:29:19.750088-0800109.196.164.24710.12.11.154/favicon.icoMS Windows icon resource - 2 icons, 16x165430
11
2019-12-11T10:29:22.868878-0800109.196.164.24710.12.11.154/images/u23m3runKyy1H/ZwK4n_2B/WH9quo4lj8WEU3xcfdM72ff/ABVtkN2kfs/cPEpyRyFw7YhMZwEv/uwiXAmLT6O_2/FsNz_2BVpFY/q89_2BGjyehm0a/lbwam6GXfjI3DP3xJSIv3/F0otEkDn6rubeT5j/c998dF_2BfHP/n5X.aviASCII text, with very long lines, with no line terminators2456
12
2019-12-11T10:40:32.008234-0800200.52.88.18310.12.11.154/wp-content/uploads/2019/11/tttmorning.rarHTML document, ASCII text247
13
2019-12-11T10:25:33.293225-080083.166.242.9710.12.11.154satury3.cabPE32 executable (GUI) Intel 80386, for MS Windows1789440
14
2019-12-11T10:27:31.797149-080023.202.231.8810.12.11.154/images/1ybFasaDXq87EqJFNu/H9euAHC4J/_2FMJlXGRIWQUv31mHMc/re9cp2DjSj2lyRujzro/su4UEvm64RiXeRNGSu4nUn/fjvIKXaiKbpC5/utapovkG/_2Ffqga5tm3OmvQHUju3Our/YDKP23CZVc/eKz_2BYapxIzziWAu/YFJmnknjx8wTQ_2B/ZA56.aviHTML document, ASCII text, with very long lines, with no line terminators547
15
2019-12-11T10:27:32.580319-0800104.124.61.24510.12.11.154/search/HTML document, ASCII text, with very long lines11872
16
2019-12-11T10:27:32.606259-0800104.124.61.24510.12.11.154/s/css/bootstrap.min.cssASCII text, with very long lines109518
17
2019-12-11T10:27:32.634301-0800104.124.61.24510.12.11.154/s/js/jquery.min.jsUTF-8 Unicode text, with very long lines93435
18
2019-12-11T10:27:32.968001-0800104.124.61.24510.12.11.154/s/fonts/glyphicons-halflings-regular.eotEmbedded OpenType (EOT)20335
19
2019-12-11T10:27:54.082950-0800104.124.61.24510.12.11.154/search/HTML document, ASCII text, with very long lines11842
20
2019-12-11T10:29:21.497717-0800109.196.164.24710.12.11.154/images/GOcMjILP/4Vb3v6cbDZqUQoIHNIMMXjo/CKM5YtWbpe/TBlpiHMoXnfWKx2XC/7h_2Fi3vNsTt/L8u5foBnQpk/THNmayW2SXAQAd/2AvC24okGidO06qJZAWc9/dWqG8ePHqeIGA_2B/hYKNixRLxaG/RmLX8OkyB/gk.aviASCII text, with very long lines, with no line terminators279316

Comments(not set)

Update Download PCAP Delete