2018-01-02-fake-Flash-player-installs-coinminer-malware.pcap

MD5cd4b49bcfe13efbd505c2ae339bcb2be
Submission Date2019-08-12 19:55:50
Tags(not set)
Alert 4
Showing 1-4 of 4 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2018-01-02T14:23:33.904136-0800104.27.152.18310.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
2
2018-01-02T14:23:47.292009-0800138.201.224.910.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
3
2018-01-02T14:23:47.292009-0800138.201.224.910.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
4
2018-01-02T14:23:33.904136-0800104.27.152.18310.1.2.102ET CURRENT_EVENTS Possible Keitaro TDS Redirect*
DNS 48
Showing 1-20 of 48 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2018-01-02T14:22:46.727640-080010.1.2.10210.1.2.1queryzad33a.ruA(not set)
2
2018-01-02T14:22:46.885164-080010.1.2.110.1.2.102answerzad33a.ruA(not set)
3
2018-01-02T14:22:47.260868-080010.1.2.10210.1.2.1query5chrup56.ruA(not set)
4
2018-01-02T14:22:47.447650-080010.1.2.110.1.2.102answer5chrup56.ruA(not set)
5
2018-01-02T14:22:47.886381-080010.1.2.10210.1.2.1queryadobeflashplayer.ki1ahb.xyzA(not set)
6
2018-01-02T14:22:48.060621-080010.1.2.110.1.2.102answeradobeflashplayer.ki1ahb.xyzA(not set)
7
2018-01-02T14:22:50.688683-080010.1.2.10210.1.2.1query1sjs21891.ruA(not set)
8
2018-01-02T14:22:50.855422-080010.1.2.110.1.2.102answer1sjs21891.ruA(not set)
9
2018-01-02T14:22:51.217836-080010.1.2.10210.1.2.1querygithub.comA(not set)
10
2018-01-02T14:22:51.376991-080010.1.2.110.1.2.102answergithub.comA(not set)
11
2018-01-02T14:22:52.536566-080010.1.2.10210.1.2.1queryraw.githubusercontent.comA(not set)
12
2018-01-02T14:22:52.696902-080010.1.2.110.1.2.102answerraw.githubusercontent.comA(not set)
13
2018-01-02T14:23:18.256997-080010.1.2.10210.1.2.1querypronetads.comA(not set)
14
2018-01-02T14:23:11.296636-080010.1.2.10210.1.2.1query1sjs21891.ruA(not set)
15
2018-01-02T14:23:18.436150-080010.1.2.110.1.2.102answerpronetads.comA(not set)
16
2018-01-02T14:24:08.065984-080010.1.2.10210.1.2.1querypronetads.comA(not set)
17
2018-01-02T14:24:08.231154-080010.1.2.110.1.2.102answerpronetads.comA(not set)
18
2018-01-02T14:26:07.931760-080010.1.2.10210.1.2.1querypronetads.comA(not set)
19
2018-01-02T14:26:08.072180-080010.1.2.110.1.2.102answerpronetads.comA(not set)
20
2018-01-02T14:28:07.932663-080010.1.2.10210.1.2.1querypronetads.comA(not set)
TLS 4
Showing 1-4 of 4 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2018-01-02T14:22:51.882123-080010.1.2.102192.30.253.112TLS 1.2github.com
2
2018-01-02T14:22:53.024265-080010.1.2.102151.101.0.133TLS 1.2raw.githubusercontent.com
3
2018-01-02T14:22:53.024265-080010.1.2.102151.101.0.133TLS 1.2raw.githubusercontent.com
4
2018-01-02T14:22:51.882123-080010.1.2.102192.30.253.112TLS 1.2github.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 14
Showing 1-14 of 14 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2018-01-02T14:22:47.256896-080010.1.2.102zad33a.ru80GET/WW12hz?sub_id_1=zerderusset-hornet&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428&sub_id_3=zerde927508302
2
2018-01-02T14:22:47.880232-080010.1.2.1025chrup56.ru80GET/?W3hmqY&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428302
3
2018-01-02T14:22:48.395198-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/blocked.php?l=en&c=42-99-201801030022450bcc54d62e&key=35dfb814149925895f643474&reason=update200
4
2018-01-02T14:22:48.570166-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/img/logo.png?id=rHaLv200
5
2018-01-02T14:22:51.212036-080010.1.2.1021sjs21891.ru80GET/direct.php?sub2=42-99-201801030022450bcc54d62e&f=flashupdate.exe302
6
2018-01-02T14:23:11.808054-080010.1.2.1021sjs21891.ru80GET/tnk.php302
7
2018-01-02T14:26:08.072180-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/thunderbird/default.mp3?iq=rHaLv200
8
2018-01-02T14:22:48.395198-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/blocked.php?l=en&c=42-99-201801030022450bcc54d62e&key=35dfb814149925895f643474&reason=update200
9
2018-01-02T14:22:47.256896-080010.1.2.102zad33a.ru80GET/WW12hz?sub_id_1=zerderusset-hornet&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428&sub_id_3=zerde927508302
10
2018-01-02T14:22:51.212036-080010.1.2.1021sjs21891.ru80GET/direct.php?sub2=42-99-201801030022450bcc54d62e&f=flashupdate.exe302
11
2018-01-02T14:22:47.880232-080010.1.2.1025chrup56.ru80GET/?W3hmqY&sub_id_2=zv73e4a40af00b11e78d3b063e70912a684ff9bf0a5f8c41ca9867d782a0403934026350c6b3f7e82428302
12
2018-01-02T14:22:48.570166-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/img/logo.png?id=rHaLv200
13
2018-01-02T14:23:11.808054-080010.1.2.1021sjs21891.ru80GET/tnk.php302
14
2018-01-02T14:28:08.570965-080010.1.2.102adobeflashplayer.ki1ahb.xyz80GET/thunderbird/default.mp3?iq=rHaLv200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 50
Showing 21-40 of 50 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
21
2018-01-02T14:26:08.072180-0800963988354972471flow10.1.2.1025639410.1.2.153UDPpcapanalyzer
22
2018-01-02T14:26:08.072180-08001388412707492588flow10.1.2.1026190710.1.2.153UDPpcapanalyzer
23
2018-01-02T14:26:08.072180-0800267675356403539flow10.1.2.102500405.187.2.2083333TCPpcapanalyzer
24
2018-01-02T14:26:08.072180-08001682489118093270flow10.1.2.1024998837.97.225.9080TCPpcapanalyzer
25
2018-01-02T14:26:08.072180-08002246643810026715flow10.1.2.10249994192.30.253.112443TCPpcapanalyzer
26
2018-01-02T14:28:08.570965-0800585732711940651flow10.1.2.1026297010.1.2.153UDPpcapanalyzer
27
2018-01-02T14:28:08.570965-0800476945485353708flow10.1.2.1026190710.1.2.153UDPpcapanalyzer
28
2018-01-02T14:28:08.570965-08001605630678238829flow10.1.2.1025613710.1.2.153UDPpcapanalyzer
29
2018-01-02T14:28:08.570965-0800624812619078232flow10.1.2.1025497510.1.2.153UDPpcapanalyzer
30
2018-01-02T14:28:08.570965-0800771638225232307flow10.1.2.10249997212.224.112.20980TCPpcapanalyzer
31
2018-01-02T14:28:08.570965-080069413218286340flow10.1.2.1024940710.1.2.153UDPpcapanalyzer
32
2018-01-02T14:28:08.570965-08001373723919396854flow10.1.2.1025084610.1.2.153UDPpcapanalyzer
33
2018-01-02T14:28:08.570965-0800825069764335643flow10.1.2.10249986104.27.152.18380TCPpcapanalyzer
34
2018-01-02T14:28:08.570965-08001837135857879167flow10.1.2.10249984138.201.224.980TCPpcapanalyzer
35
2018-01-02T14:28:08.570965-08001008424066000798flow10.1.2.10249996151.101.0.133443TCPpcapanalyzer
36
2018-01-02T14:28:08.570965-08001580560955705020flow10.1.2.1025984310.1.2.153UDPpcapanalyzer
37
2018-01-02T14:28:08.570965-080036681301402067flow10.1.2.102500435.187.2.2083333TCPpcapanalyzer
38
2018-01-02T14:28:08.570965-0800460923111664613flow10.1.2.1025277610.1.2.153UDPpcapanalyzer
39
2018-01-02T14:28:08.570965-08002157261245518004flow10.1.2.10249991212.224.112.20980TCPpcapanalyzer
40
2018-01-02T14:28:08.570965-0800750799047623104flow10.1.2.1026094010.1.2.153UDPpcapanalyzer
File 6
Showing 1-6 of 6 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2018-01-02T14:22:48.395198-080037.97.225.9010.1.2.102/blocked.phpHTML document, UTF-8 Unicode text, with very long lines9542
2
2018-01-02T14:22:48.570166-080037.97.225.9010.1.2.102/img/logo.pngPNG image data, 111 x 110, 8-bit colormap, non-interlaced3910
3
2018-01-02T14:26:08.072180-080037.97.225.9010.1.2.102/thunderbird/default.mp3Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, JntStereo49505
4
2018-01-02T14:22:48.395198-080037.97.225.9010.1.2.102/blocked.phpHTML document, UTF-8 Unicode text, with very long lines9542
5
2018-01-02T14:22:48.570166-080037.97.225.9010.1.2.102/img/logo.pngPNG image data, 111 x 110, 8-bit colormap, non-interlaced3910
6
2018-01-02T14:28:08.570965-080037.97.225.9010.1.2.102/thunderbird/default.mp3Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, JntStereo49505

Comments(not set)

Update Download PCAP Delete