01.pcap

MD5	7032f7c0745ee3e2536b853f9276f01f
Submission Date	2021-12-14 20:20:06
Tags	(not set)

Alert 98

Showing 1-20 of 98 items.

Timestamp

Src Ip

Dest Ip

Alert Signature

1969-12-31T17:03:50.609762-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T10:04:25.872642-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1969-12-31T22:03:59.241746-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T10:04:25.872642-0800

192.168.1.110

185.56.145.73

ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious

1969-12-31T22:03:59.241746-0800

192.168.1.110

185.56.145.73

ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious

1969-12-31T17:04:11.469896-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1969-12-31T22:04:00.163541-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T10:04:30.218412-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1969-12-31T22:04:15.135015-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1969-12-31T22:04:15.135015-0800

192.168.1.110

185.56.145.73

ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious

1969-12-31T22:04:16.146531-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-02T10:04:19.292156-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-02T10:04:19.292156-0800

192.168.1.110

185.56.145.73

ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious

1970-01-01T04:04:04.124715-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T04:04:04.124715-0800

192.168.1.110

185.56.145.73

ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious

1970-01-02T10:04:20.298376-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T04:04:19.936189-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T04:04:19.936189-0800

192.168.1.110

185.56.145.73

ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious

1970-01-01T04:04:05.086091-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

1970-01-01T04:04:22.040382-0800

192.168.1.110

185.56.145.73

ET TROJAN KeyBase Keylogger HTTP Pattern

DNS 216

Showing 1-20 of 216 items.

Timestamp

Src Ip

Dest Ip

Dns Type

Resource Record Name

Resource Record Type

Resource Data

1969-12-31T16:00:15.200107-0800

192.168.1.110

8.8.8.8

query

dns.msftncsi.com

(not set)

1969-12-31T17:03:50.118229-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

zonne-lening.nl

AAAA

(not set)

1969-12-31T17:03:50.178711-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

zonne-lening.nl

AAAA

(not set)

1969-12-31T17:03:50.079192-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

zonne-lening.nl

(not set)

1969-12-31T16:00:15.201318-0800

8.8.8.8

192.168.1.110

answer

dns.msftncsi.com

(not set)

1969-12-31T17:03:50.117701-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

zonne-lening.nl

(not set)

1969-12-31T16:00:15.201713-0800

192.168.1.110

8.8.8.8

query

dns.msftncsi.com

AAAA

(not set)

1969-12-31T17:03:50.224153-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

zonne-lening.nl

AAAA

(not set)

1969-12-31T17:03:50.224190-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

zonne-lening.nl

AAAA

(not set)

1969-12-31T17:04:11.073764-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

zonne-lening.nl

AAAA

(not set)

1969-12-31T17:04:11.075077-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

zonne-lening.nl

AAAA

(not set)

1969-12-31T22:03:56.009564-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

wpad.lan

(not set)

1969-12-31T16:00:15.202766-0800

8.8.8.8

192.168.1.110

answer

dns.msftncsi.com

AAAA

(not set)

1969-12-31T17:03:47.446555-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

wpad.lan

(not set)

1969-12-31T17:03:47.448573-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

wpad.lan

(not set)

1969-12-31T22:03:56.106751-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

wpad.lan

(not set)

1969-12-31T17:04:08.410638-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

wpad.lan

(not set)

1969-12-31T17:04:08.411225-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

wpad.lan

(not set)

1969-12-31T17:04:11.065140-0800

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

fd2d:ab8c:0225:0000:0000:0000:0000:0001

query

zonne-lening.nl

(not set)

1969-12-31T17:04:11.073206-0800

fd2d:ab8c:0225:0000:0000:0000:0000:0001

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

answer

zonne-lening.nl

(not set)

TLS 0

#		Timestamp	Source IP	Destination IP	TLS Version	Server Name Indication
No results found.

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 132

Showing 1-20 of 132 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

1970-01-01T10:04:25.873129-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM

302

1969-12-31T22:03:59.242280-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:53%20PM

302

1969-12-31T17:03:50.613423-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM

302

1970-01-01T10:04:29.948413-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM

200

1969-12-31T22:03:59.923364-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:53%20PM

200

1969-12-31T17:03:55.867704-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM

200

1969-12-31T17:04:11.474804-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM

302

1969-12-31T17:04:12.071349-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM

200

1969-12-31T22:04:00.164034-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:53%20PM

302

1970-01-01T10:04:30.219152-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20AM

302

1969-12-31T22:04:15.135432-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20PM

302

1970-01-01T10:04:32.942860-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20AM

200

1969-12-31T22:04:15.895814-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20PM

200

1969-12-31T22:04:01.144758-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:53%20PM

200

1969-12-31T22:04:16.146868-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20PM

302

1970-01-02T10:04:19.292156-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM

302

1970-01-01T04:04:04.128350-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=7:53%20PM

302

1970-01-02T10:04:19.927694-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM

200

1970-01-02T10:04:20.300989-0800

192.168.1.110

zonne-lening.nl

GET

/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20AM

302

1969-12-31T22:04:17.137714-0800

192.168.1.110

zonne-lening.nl

GET

/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20PM

200

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 142

Showing 1-20 of 142 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

1969-12-31T17:03:50.609762-0800

2129154876052465

flow

192.168.1.110

53020

8.8.8.8

UDP

pcapanalyzer

1969-12-31T17:03:50.609762-0800

1789223246957995

flow

192.168.1.110

50501

8.8.8.8

UDP

pcapanalyzer

1969-12-31T17:03:50.609762-0800

1403822946343129

flow

fe80:0000:0000:0000:da58:d7ff:fe00:0f72

(not set)

fe80:0000:0000:0000:3d1a:8135:9ed5:db1c

(not set)

IPv6-ICMP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1829934525750345

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

61758

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1126568521859824

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

63469

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

845653259964289

flow

192.168.1.110

49198

185.56.145.73

TCP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1409175906947111

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

50643

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

284635213328642

flow

192.168.1.110

65240

8.8.8.8

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

285852979438940

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

60706

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1131224216943647

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

50493

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

287603037679300

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

62808

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1694990166574310

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

53951

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

2120592776775577

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

50339

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

713292326078389

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

53348

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

575393950794605

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

51773

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1842646989374781

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

64600

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

858127305517374

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

52705

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1422500262945615

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

63426

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1844864516315928

flow

fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa

63717

fd2d:ab8c:0225:0000:0000:0000:0000:0001

UDP

pcapanalyzer

1970-01-06T05:07:09.217698-0800

1563502671996451

flow

192.168.1.110

49194

185.56.145.73

TCP

pcapanalyzer

File 132

Showing 1-20 of 132 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

1970-01-01T10:04:25.873129-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

345

1969-12-31T22:03:59.242280-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

345

1969-12-31T17:03:50.613423-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

379

1970-01-01T10:04:29.948413-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1969-12-31T22:03:59.923364-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1969-12-31T17:03:55.867704-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1969-12-31T17:04:11.474804-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

379

1969-12-31T17:04:12.071349-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text

7314

1970-01-01T10:04:30.219152-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

379

1969-12-31T22:04:15.135432-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

345

1969-12-31T22:04:00.164034-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

379

1970-01-01T10:04:32.942860-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text

7314

1969-12-31T22:04:01.144758-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1969-12-31T22:04:15.895814-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1969-12-31T22:04:16.146868-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

379

1970-01-02T10:04:19.292156-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

345

1970-01-01T04:04:04.128350-0800

185.56.145.73

192.168.1.110

/wp-content/plugins/advanced-custom-fields/rajah/post.php

HTML document, ASCII text

345

1970-01-02T10:04:19.927694-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1969-12-31T22:04:17.137714-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

1970-01-01T04:04:04.736727-0800

185.56.145.73

192.168.1.110

/cgi-sys/suspendedpage.cgi

HTML document, ASCII text, with very long lines

7314

Comments	(not set)

Update Download PCAP Delete