2018-01-02-fake-Flash-player-installs-coinminer-malware.pcap

MD5cd4b49bcfe13efbd505c2ae339bcb2be
Submission Date2019-08-12 19:55:50
Tags(not set)
Alert 4
Showing 1-4 of 4 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2018-01-02T14:23:33.904136-0800104.27.152.18310.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
2
2018-01-02T14:23:47.292009-0800138.201.224.910.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
3
2018-01-02T14:23:47.292009-0800138.201.224.910.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
4
2018-01-02T14:23:33.904136-0800104.27.152.18310.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
DNS 48
Showing 1-20 of 48 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2018-01-02T14:22:46.727640-080010.1.2.10210.1.2.1queryzad33a.ruA(not set)
2
2018-01-02T14:22:46.885164-080010.1.2.110.1.2.102answerzad33a.ruA(not set)
3
2018-01-02T14:22:47.260868-080010.1.2.10210.1.2.1query5chrup56.ruA(not set)
4
2018-01-02T14:22:47.447650-080010.1.2.110.1.2.102answer5chrup56.ruA(not set)
5
2018-01-02T14:22:47.886381-080010.1.2.10210.1.2.1queryadobeflashplayer.ki1ahb.xyzA(not set)
6
2018-01-02T14:22:48.060621-080010.1.2.110.1.2.102answeradobeflashplayer.ki1ahb.xyzA(not set)
7
2018-01-02T14:22:50.688683-080010.1.2.10210.1.2.1query1sjs21891.ruA(not set)
8
2018-01-02T14:22:50.855422-080010.1.2.110.1.2.102answer1sjs21891.ruA(not set)
9
2018-01-02T14:22:51.217836-080010.1.2.10210.1.2.1querygithub.comA(not set)
10
2018-01-02T14:22:51.376991-080010.1.2.110.1.2.102answergithub.comA(not set)
11
2018-01-02T14:22:52.536566-080010.1.2.10210.1.2.1queryraw.githubusercontent.comA(not set)
12
2018-01-02T14:22:52.696902-080010.1.2.110.1.2.102answerraw.githubusercontent.comA(not set)
13
2018-01-02T14:23:18.256997-080010.1.2.10210.1.2.1querypronetads.comA(not set)
14
2018-01-02T14:23:11.296636-080010.1.2.10210.1.2.1query1sjs21891.ruA(not set)
15
2018-01-02T14:23:18.436150-080010.1.2.110.1.2.102answerpronetads.comA(not set)
16
2018-01-02T14:24:08.065984-080010.1.2.10210.1.2.1querypronetads.comA(not set)
17
2018-01-02T14:24:08.231154-080010.1.2.110.1.2.102answerpronetads.comA(not set)
18
2018-01-02T14:26:07.931760-080010.1.2.10210.1.2.1querypronetads.comA(not set)
19
2018-01-02T14:26:08.072180-080010.1.2.110.1.2.102answerpronetads.comA(not set)
20
2018-01-02T14:28:07.932663-080010.1.2.10210.1.2.1querypronetads.comA(not set)
TLS 4
Showing 1-4 of 4 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2018-01-02T14:22:51.882123-080010.1.2.102192.30.253.112TLS 1.2github.com
2
2018-01-02T14:22:53.024265-080010.1.2.102151.101.0.133TLS 1.2raw.githubusercontent.com
3
2018-01-02T14:22:53.024265-080010.1.2.102151.101.0.133TLS 1.2raw.githubusercontent.com
4
2018-01-02T14:22:51.882123-080010.1.2.102192.30.253.112TLS 1.2github.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 14
Showing 1-14 of 14 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2018-01-02T14:22:47.256896-080010.1.2.102zad33a.ru80GET/WW12hz?sub_id_1=zerderusset-hornet&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428&sub_id_3=zerde927508302
2
2018-01-02T14:22:47.880232-080010.1.2.1025chrup56.ru80GET/?W3hmqY&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428302
3
2018-01-02T14:22:48.395198-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/blocked.php?l=en&c=42-99-201801030022450bcc54d62e&key=35dfb814149925895f643474&reason=update200
4
2018-01-02T14:22:48.570166-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/img/logo.png?id=rHaLv200
5
2018-01-02T14:22:51.212036-080010.1.2.1021sjs21891.ru80GET/direct.php?sub2=42-99-201801030022450bcc54d62e&f=flashupdate.exe302
6
2018-01-02T14:23:11.808054-080010.1.2.1021sjs21891.ru80GET/tnk.php302
7
2018-01-02T14:26:08.072180-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/thunderbird/default.mp3?iq=rHaLv200
8
2018-01-02T14:22:48.395198-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/blocked.php?l=en&c=42-99-201801030022450bcc54d62e&key=35dfb814149925895f643474&reason=update200
9
2018-01-02T14:22:47.256896-080010.1.2.102zad33a.ru80GET/WW12hz?sub_id_1=zerderusset-hornet&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428&sub_id_3=zerde927508302
10
2018-01-02T14:22:51.212036-080010.1.2.1021sjs21891.ru80GET/direct.php?sub2=42-99-201801030022450bcc54d62e&f=flashupdate.exe302
11
2018-01-02T14:22:47.880232-080010.1.2.1025chrup56.ru80GET/?W3hmqY&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428302
12
2018-01-02T14:22:48.570166-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/img/logo.png?id=rHaLv200
13
2018-01-02T14:23:11.808054-080010.1.2.1021sjs21891.ru80GET/tnk.php302
14
2018-01-02T14:28:08.570965-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/thunderbird/default.mp3?iq=rHaLv200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 50
Showing 1-20 of 50 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2018-01-02T14:26:08.072180-08001413738002924998flow10.1.2.102500425.187.2.2083333TCPpcapanalyzer
2
2018-01-02T14:26:08.072180-0800711955358429174flow10.1.2.1025084610.1.2.153UDPpcapanalyzer
3
2018-01-02T14:26:08.072180-0800431232000624767flow10.1.2.10249984138.201.224.980TCPpcapanalyzer
4
2018-01-02T14:26:08.072180-08001704483658672884flow10.1.2.102500415.187.2.2083333TCPpcapanalyzer
5
2018-01-02T14:26:08.072180-08001711190238519731flow10.1.2.10249997212.224.112.20980TCPpcapanalyzer
6
2018-01-02T14:26:08.072180-0800449408315373488flow10.1.2.1025126010.1.2.153UDPpcapanalyzer
7
2018-01-02T14:26:08.072180-0800314765374097084flow10.1.2.1025984310.1.2.153UDPpcapanalyzer
8
2018-01-02T14:26:08.072180-08001865841271959503flow10.1.2.1024998737.97.225.9080TCPpcapanalyzer
9
2018-01-02T14:26:08.072180-08002008301070922513flow10.1.2.1026433810.1.2.153UDPpcapanalyzer
10
2018-01-02T14:26:08.072180-08001026203083122590flow10.1.2.10249996151.101.0.133443TCPpcapanalyzer
11
2018-01-02T14:26:08.072180-0800745649376727220flow10.1.2.10249991212.224.112.20980TCPpcapanalyzer
12
2018-01-02T14:26:08.072180-0800467335495800859flow10.1.2.10249986104.27.152.18380TCPpcapanalyzer
13
2018-01-02T14:26:08.072180-0800193499123679680flow10.1.2.1026094010.1.2.153UDPpcapanalyzer
14
2018-01-02T14:26:08.072180-080061336534313957flow10.1.2.1025277610.1.2.153UDPpcapanalyzer
15
2018-01-02T14:26:08.072180-080073302311338539flow10.1.2.1026297010.1.2.153UDPpcapanalyzer
16
2018-01-02T14:26:08.072180-08002191979613488749flow10.1.2.1025613710.1.2.153UDPpcapanalyzer
17
2018-01-02T14:26:08.072180-08001081700504743504flow10.1.2.102500315.187.2.2083333TCPpcapanalyzer
18
2018-01-02T14:26:08.072180-08002220423034313304flow10.1.2.1025497510.1.2.153UDPpcapanalyzer
19
2018-01-02T14:26:08.072180-0800537684912634628flow10.1.2.1024940710.1.2.153UDPpcapanalyzer
20
2018-01-02T14:26:08.072180-0800118854763192787flow10.1.2.102500435.187.2.2083333TCPpcapanalyzer
File 6
Showing 1-6 of 6 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2018-01-02T14:22:48.395198-080037.97.225.9010.1.2.102/blocked.phpHTML document, UTF-8 Unicode text, with very long lines9542
2
2018-01-02T14:22:48.570166-080037.97.225.9010.1.2.102/img/logo.pngPNG image data, 111 x 110, 8-bit colormap, non-interlaced3910
3
2018-01-02T14:26:08.072180-080037.97.225.9010.1.2.102/thunderbird/default.mp3Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, JntStereo49505
4
2018-01-02T14:22:48.395198-080037.97.225.9010.1.2.102/blocked.phpHTML document, UTF-8 Unicode text, with very long lines9542
5
2018-01-02T14:22:48.570166-080037.97.225.9010.1.2.102/img/logo.pngPNG image data, 111 x 110, 8-bit colormap, non-interlaced3910
6
2018-01-02T14:28:08.570965-080037.97.225.9010.1.2.102/thunderbird/default.mp3Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, JntStereo49505

Comments(not set)

Update Download PCAP Delete