01.pcap

MD57032f7c0745ee3e2536b853f9276f01f
Submission Date2021-12-14 20:20:06
Tags(not set)
Alert 98
Showing 1-20 of 98 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
1969-12-31T17:03:50.609762-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
2
1970-01-01T10:04:25.872642-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
3
1969-12-31T22:03:59.241746-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
4
1970-01-01T10:04:25.872642-0800192.168.1.110185.56.145.73ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious*
5
1969-12-31T22:03:59.241746-0800192.168.1.110185.56.145.73ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious*
6
1969-12-31T17:04:11.469896-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
7
1969-12-31T22:04:00.163541-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
8
1970-01-01T10:04:30.218412-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
9
1969-12-31T22:04:15.135015-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
10
1969-12-31T22:04:15.135015-0800192.168.1.110185.56.145.73ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious*
11
1969-12-31T22:04:16.146531-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
12
1970-01-02T10:04:19.292156-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
13
1970-01-02T10:04:19.292156-0800192.168.1.110185.56.145.73ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious*
14
1970-01-01T04:04:04.124715-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
15
1970-01-01T04:04:04.124715-0800192.168.1.110185.56.145.73ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious*
16
1970-01-02T10:04:20.298376-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
17
1970-01-01T04:04:19.936189-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
18
1970-01-01T04:04:19.936189-0800192.168.1.110185.56.145.73ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious*
19
1970-01-01T04:04:05.086091-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
20
1970-01-01T04:04:22.040382-0800192.168.1.110185.56.145.73ET TROJAN KeyBase Keylogger HTTP Pattern*
DNS 216
Showing 1-20 of 216 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
1969-12-31T16:00:15.200107-0800192.168.1.1108.8.8.8querydns.msftncsi.comA(not set)
2
1969-12-31T17:03:50.118229-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001queryzonne-lening.nlAAAA(not set)
3
1969-12-31T17:03:50.178711-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001queryzonne-lening.nlAAAA(not set)
4
1969-12-31T17:03:50.079192-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001queryzonne-lening.nlA(not set)
5
1969-12-31T16:00:15.201318-08008.8.8.8192.168.1.110answerdns.msftncsi.comA(not set)
6
1969-12-31T17:03:50.117701-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerzonne-lening.nlA(not set)
7
1969-12-31T16:00:15.201713-0800192.168.1.1108.8.8.8querydns.msftncsi.comAAAA(not set)
8
1969-12-31T17:03:50.224153-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerzonne-lening.nlAAAA(not set)
9
1969-12-31T17:03:50.224190-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerzonne-lening.nlAAAA(not set)
10
1969-12-31T17:04:11.073764-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001queryzonne-lening.nlAAAA(not set)
11
1969-12-31T17:04:11.075077-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerzonne-lening.nlAAAA(not set)
12
1969-12-31T22:03:56.009564-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001querywpad.lanA(not set)
13
1969-12-31T16:00:15.202766-08008.8.8.8192.168.1.110answerdns.msftncsi.comAAAA(not set)
14
1969-12-31T17:03:47.446555-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001querywpad.lanA(not set)
15
1969-12-31T17:03:47.448573-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerwpad.lanA(not set)
16
1969-12-31T22:03:56.106751-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerwpad.lanA(not set)
17
1969-12-31T17:04:08.410638-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001querywpad.lanA(not set)
18
1969-12-31T17:04:08.411225-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerwpad.lanA(not set)
19
1969-12-31T17:04:11.065140-0800fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aafd2d:ab8c:0225:0000:0000:0000:0000:0001queryzonne-lening.nlA(not set)
20
1969-12-31T17:04:11.073206-0800fd2d:ab8c:0225:0000:0000:0000:0000:0001fd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aaanswerzonne-lening.nlA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 132
Showing 1-20 of 132 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
1970-01-01T10:04:25.873129-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM302
2
1969-12-31T22:03:59.242280-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:53%20PM302
3
1969-12-31T17:03:50.613423-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM302
4
1970-01-01T10:04:29.948413-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM200
5
1969-12-31T22:03:59.923364-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:53%20PM200
6
1969-12-31T17:03:55.867704-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM200
7
1969-12-31T17:04:11.474804-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM302
8
1969-12-31T17:04:12.071349-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=8:53%20AM200
9
1969-12-31T22:04:00.164034-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:53%20PM302
10
1970-01-01T10:04:30.219152-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20AM302
11
1969-12-31T22:04:15.135432-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20PM302
12
1970-01-01T10:04:32.942860-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20AM200
13
1969-12-31T22:04:15.895814-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20PM200
14
1969-12-31T22:04:01.144758-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:53%20PM200
15
1969-12-31T22:04:16.146868-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20PM302
16
1970-01-02T10:04:19.292156-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM302
17
1970-01-01T04:04:04.128350-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=7:53%20PM302
18
1970-01-02T10:04:19.927694-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=rundll32.exe&keystrokestyped=&machinetime=1:54%20AM200
19
1970-01-02T10:04:20.300989-0800192.168.1.110zonne-lening.nl80GET/wp-content/plugins/advanced-custom-fields/rajah/post.php?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20AM302
20
1969-12-31T22:04:17.137714-0800192.168.1.110zonne-lening.nl80GET/cgi-sys/suspendedpage.cgi?type=keystrokes&machinename=WIN1&windowtitle=C:%5CUsers%5CAdministrator%5CDesktop%5Cmalware&keystrokestyped=&machinetime=1:54%20PM200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 142
Showing 1-20 of 142 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
1969-12-31T17:03:50.609762-08002129154876052465flow192.168.1.110530208.8.8.853UDPpcapanalyzer
2
1969-12-31T17:03:50.609762-08001789223246957995flow192.168.1.110505018.8.8.853UDPpcapanalyzer
3
1969-12-31T17:03:50.609762-08001403822946343129flowfe80:0000:0000:0000:da58:d7ff:fe00:0f72(not set)fe80:0000:0000:0000:3d1a:8135:9ed5:db1c(not set)IPv6-ICMPpcapanalyzer
4
1970-01-06T05:07:09.217698-08001829934525750345flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa61758fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
5
1970-01-06T05:07:09.217698-08001126568521859824flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa63469fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
6
1970-01-06T05:07:09.217698-0800845653259964289flow192.168.1.11049198185.56.145.7380TCPpcapanalyzer
7
1970-01-06T05:07:09.217698-08001409175906947111flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa50643fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
8
1970-01-06T05:07:09.217698-0800284635213328642flow192.168.1.110652408.8.8.853UDPpcapanalyzer
9
1970-01-06T05:07:09.217698-0800285852979438940flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa60706fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
10
1970-01-06T05:07:09.217698-08001131224216943647flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa50493fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
11
1970-01-06T05:07:09.217698-0800287603037679300flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa62808fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
12
1970-01-06T05:07:09.217698-08001694990166574310flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa53951fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
13
1970-01-06T05:07:09.217698-08002120592776775577flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa50339fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
14
1970-01-06T05:07:09.217698-0800713292326078389flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa53348fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
15
1970-01-06T05:07:09.217698-0800575393950794605flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa51773fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
16
1970-01-06T05:07:09.217698-08001842646989374781flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa64600fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
17
1970-01-06T05:07:09.217698-0800858127305517374flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa52705fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
18
1970-01-06T05:07:09.217698-08001422500262945615flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa63426fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
19
1970-01-06T05:07:09.217698-08001844864516315928flowfd2d:ab8c:0225:0000:1dd1:f146:ce60:e3aa63717fd2d:ab8c:0225:0000:0000:0000:0000:000153UDPpcapanalyzer
20
1970-01-06T05:07:09.217698-08001563502671996451flow192.168.1.11049194185.56.145.7380TCPpcapanalyzer
File 132
Showing 1-20 of 132 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
1970-01-01T10:04:25.873129-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text345
2
1969-12-31T22:03:59.242280-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text345
3
1969-12-31T17:03:50.613423-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text379
4
1970-01-01T10:04:29.948413-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
5
1969-12-31T22:03:59.923364-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
6
1969-12-31T17:03:55.867704-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
7
1969-12-31T17:04:11.474804-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text379
8
1969-12-31T17:04:12.071349-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text7314
9
1970-01-01T10:04:30.219152-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text379
10
1969-12-31T22:04:15.135432-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text345
11
1969-12-31T22:04:00.164034-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text379
12
1970-01-01T10:04:32.942860-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text7314
13
1969-12-31T22:04:01.144758-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
14
1969-12-31T22:04:15.895814-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
15
1969-12-31T22:04:16.146868-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text379
16
1970-01-02T10:04:19.292156-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text345
17
1970-01-01T04:04:04.128350-0800185.56.145.73192.168.1.110/wp-content/plugins/advanced-custom-fields/rajah/post.phpHTML document, ASCII text345
18
1970-01-02T10:04:19.927694-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
19
1969-12-31T22:04:17.137714-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314
20
1970-01-01T04:04:04.736727-0800185.56.145.73192.168.1.110/cgi-sys/suspendedpage.cgiHTML document, ASCII text, with very long lines7314

Comments(not set)

Update Download PCAP Delete