2019-MTA-workshop-block-1-02.pcap

MD567dabb24ace9619cb4db9959f1abb7c4
Submission Date2019-08-20 20:22:29
Tags(not set)
Alert 0
#
TimestampSrc IpDest IpAlert SignatureP
No results found.
DNS 193
Showing 1-20 of 193 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-07-09T17:36:44.574101-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.netSRV(not set)
2
2019-07-09T17:36:44.574397-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.net(not set)(not set)
3
2019-07-09T17:36:44.828212-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.rootdreams.netSRV(not set)
4
2019-07-09T17:36:44.828486-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.rootdreams.net(not set)(not set)
5
2019-07-09T17:36:45.482752-070010.7.10.10110.7.10.7queryujjyetgdqf.bridgebeat.netA(not set)
6
2019-07-09T17:36:45.541192-070010.7.10.710.7.10.101answerujjyetgdqf.bridgebeat.net(not set)(not set)
7
2019-07-09T17:36:44.967696-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.rootdreams.netSRV(not set)
8
2019-07-09T17:36:44.967969-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.rootdreams.net(not set)(not set)
9
2019-07-09T17:36:45.140249-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.rootdreams.netSRV(not set)
10
2019-07-09T17:36:45.140513-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.rootdreams.net(not set)(not set)
11
2019-07-09T17:36:48.148685-070010.7.10.10110.7.10.7querykv501-prod.do.dsp.mp.microsoft.comA(not set)
12
2019-07-09T17:36:48.234224-070010.7.10.710.7.10.101answerkv501-prod.do.dsp.mp.microsoft.com(not set)(not set)
13
2019-07-09T17:36:48.797929-070010.7.10.10110.7.10.7querydisc501-prod.do.dsp.mp.microsoft.comA(not set)
14
2019-07-09T17:36:48.857869-070010.7.10.10110.7.10.7queryNairobi-c39f-PC.rootdreams.netSOA(not set)
15
2019-07-09T17:36:48.858161-070010.7.10.710.7.10.101answerNairobi-c39f-PC.rootdreams.net(not set)(not set)
16
2019-07-09T17:36:48.938358-070010.7.10.710.7.10.101answerdisc501-prod.do.dsp.mp.microsoft.com(not set)(not set)
17
2019-07-09T17:36:47.949489-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.netSRV(not set)
18
2019-07-09T17:36:47.949771-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.net(not set)(not set)
19
2019-07-09T17:36:48.511725-070010.7.10.10110.7.10.7querycp501-prod.do.dsp.mp.microsoft.comA(not set)
20
2019-07-09T17:36:48.512010-070010.7.10.710.7.10.101answercp501-prod.do.dsp.mp.microsoft.com(not set)(not set)
TLS 152
Showing 1-20 of 152 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-07-09T17:36:48.906934-070010.7.10.101104.108.127.93TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
2
2019-07-09T17:36:48.611334-070010.7.10.101104.108.127.93TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
3
2019-07-09T17:36:49.438610-070010.7.10.10140.79.65.78TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Content Distribution Secure Server CA 2.1
4
2019-07-09T17:36:49.944014-070010.7.10.101104.108.127.93TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
5
2019-07-09T17:36:49.037186-070010.7.10.101104.108.127.93TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
6
2019-07-09T17:36:49.250771-070010.7.10.101104.108.127.93TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
7
2019-07-09T17:36:49.574004-070010.7.10.10140.79.66.194TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Content Distribution Secure Server CA 2.1
8
2019-07-09T17:36:49.605498-070010.7.10.101104.108.127.93TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
9
2019-07-09T17:36:49.944346-070010.7.10.10140.79.70.158TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Content Distribution Secure Server CA 2.1
10
2019-07-09T17:36:50.588940-070010.7.10.10140.79.70.158TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Content Distribution Secure Server CA 2.1
11
2019-07-09T17:38:04.326117-070010.7.10.101204.79.197.200TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2
12
2019-07-09T17:38:15.180525-070010.7.10.10140.117.150.237TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2
13
2019-07-09T17:38:24.507091-070010.7.10.101104.19.196.151TLS 1.2C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
14
2019-07-09T17:38:24.507166-070010.7.10.10123.196.116.142TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
15
2019-07-09T17:38:24.507558-070010.7.10.10123.196.116.142TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
16
2019-07-09T17:38:24.513077-070010.7.10.101172.217.164.170TLS 1.2C=US, O=Google Trust Services, CN=Google Internet Authority G3
17
2019-07-09T17:38:24.513509-070010.7.10.101172.217.164.170TLS 1.2C=US, O=Google Trust Services, CN=Google Internet Authority G3
18
2019-07-09T17:38:24.567545-070010.7.10.101104.18.239.229TLS 1.2C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA
19
2019-07-09T17:38:24.568049-070010.7.10.10113.249.44.106TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
20
2019-07-09T17:38:25.132709-070010.7.10.101172.217.7.206TLS 1.2C=US, O=Google Trust Services, CN=Google Internet Authority G3
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 5
Showing 1-5 of 5 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-07-09T17:38:23.414224-070010.7.10.101blog.eskill.com80GET/cyber-security-skills-shortage/301
2
2019-07-09T17:38:26.989068-070010.7.10.101ocsp.comodoca.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEFgo7t9gbZlUmh0Q15O%2Fpto%3D200
3
2019-07-09T17:38:44.297965-070010.7.10.101ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D200
4
2019-07-09T17:38:51.817936-070010.7.10.101ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D200
5
2019-07-09T17:39:18.815705-070010.7.10.101tile-service.weather.microsoft.com80GET/en-US/livetile/preinstall?region=US&appid=C98EA5B0842DBB9405BBF071E1DA76512D21FE36&FORM=Threshold200
SMB 35
Showing 1-20 of 35 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2019-07-09T17:36:45.259596-070010.7.10.10110.7.10.72.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2019-07-09T17:36:45.279535-070010.7.10.10110.7.10.73.11SMB2_COMMAND_NEGOTIATE_PROTOCOL00
3
2019-07-09T17:36:45.304407-070010.7.10.10110.7.10.73.11SMB2_COMMAND_SESSION_SETUP703692139397890
4
2019-07-09T17:36:45.304750-070010.7.10.10110.7.10.73.11SMB2_COMMAND_TREE_CONNECT703692139397891
5
2019-07-09T17:36:45.325182-070010.7.10.10110.7.10.73.11SMB2_COMMAND_IOCTL703692139397890
6
2019-07-09T17:36:45.370580-070010.7.10.10110.7.10.73.11SMB2_COMMAND_IOCTL703692139397890
7
2019-07-09T17:36:45.429609-070010.7.10.10110.7.10.73.11SMB2_COMMAND_IOCTL703692139397890
8
2019-07-09T17:36:46.694954-070010.7.10.10110.7.10.73.11SMB2_COMMAND_SESSION_SETUP703692139397930
9
2019-07-09T17:36:46.696025-070010.7.10.10110.7.10.73.11SMB2_COMMAND_TREE_CONNECT703692139397931
10
2019-07-09T17:36:46.696726-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
11
2019-07-09T17:36:46.703361-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
12
2019-07-09T17:36:46.704713-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
13
2019-07-09T17:36:46.704713-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
14
2019-07-09T17:36:46.705360-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
15
2019-07-09T17:36:46.706557-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
16
2019-07-09T17:36:46.706557-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
17
2019-07-09T17:36:46.707084-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
18
2019-07-09T17:36:46.708342-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
19
2019-07-09T17:36:46.708342-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
20
2019-07-09T17:36:46.708886-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 319
Showing 1-20 of 319 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-07-09T17:39:28.431936-07002002814974628199flow10.7.10.1014966810.7.10.7389TCPpcapanalyzer
2
2019-07-09T17:39:28.431936-07001082903846774244flow10.7.10.10113710.7.10.255137UDPpcapanalyzer
3
2019-07-09T17:39:28.431936-07001829712760300940flow10.7.10.1014969210.7.10.788TCPpcapanalyzer
4
2019-07-09T17:39:28.431936-0700282309064508310flow10.7.10.10149799172.217.7.226443TCPpcapanalyzer
5
2019-07-09T17:39:28.431936-07001971274888737110flow10.7.10.10149740162.243.48.117443TCPpcapanalyzer
6
2019-07-09T17:39:28.431936-0700141932347110389flow10.7.10.10149711104.108.127.93443TCPpcapanalyzer
7
2019-07-09T17:39:28.431936-0700142187897640466flow10.7.10.10149706104.108.127.93443TCPpcapanalyzer
8
2019-07-09T17:39:28.431936-07001409035747002143flow10.7.10.1015408310.7.10.753UDPpcapanalyzer
9
2019-07-09T17:39:28.431936-0700987042329073350flow10.7.10.1014972210.7.10.788TCPpcapanalyzer
10
2019-07-09T17:39:28.431936-0700705685466946616flow10.7.10.1014985672.21.91.2980TCPpcapanalyzer
11
2019-07-09T17:39:28.431936-0700846910426274749flow10.7.10.1015653810.7.10.753UDPpcapanalyzer
12
2019-07-09T17:39:28.431936-07002114619422369188flow10.7.10.1015045710.7.10.753UDPpcapanalyzer
13
2019-07-09T17:39:28.431936-07002115113337015322flow10.7.10.1015546310.7.10.7389UDPpcapanalyzer
14
2019-07-09T17:39:28.431936-0700848752967257928flow10.7.10.1014968910.7.10.788TCPpcapanalyzer
15
2019-07-09T17:39:28.431936-07004708148353168flow10.7.10.10149825151.139.128.1480TCPpcapanalyzer
16
2019-07-09T17:39:28.431936-07001130644562633098flow10.7.10.1014978010.7.10.753UDPpcapanalyzer
17
2019-07-09T17:39:28.431936-07001130874343618820flow10.7.10.1015423110.7.10.753UDPpcapanalyzer
18
2019-07-09T17:39:28.431936-0700286986283873387flow10.7.10.1016296210.7.10.753UDPpcapanalyzer
19
2019-07-09T17:39:28.431936-07001976723055008590flow10.7.10.1015631110.7.10.753UDPpcapanalyzer
20
2019-07-09T17:39:28.431936-07001554570712980507flow10.7.10.1015517010.7.10.753UDPpcapanalyzer
File 9
Showing 1-9 of 9 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-07-09T17:36:46.719227-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.infLittle-endian UTF-16 Unicode text, with CRLF, CR line terminators1098
2
2019-07-09T17:38:23.414224-0700162.243.48.11710.7.10.101/cyber-security-skills-shortage/HTML document, ASCII text, with CRLF line terminators178
3
2019-07-09T17:36:46.726005-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Registry.poldata2796
4
2019-07-09T17:36:46.728122-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
5
2019-07-09T17:36:46.731469-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
6
2019-07-09T17:38:26.989068-0700151.139.128.1410.7.10.101/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEFgo7t9gbZlUmh0Q15O/pto=data471
7
2019-07-09T17:38:44.297965-070072.21.91.2910.7.10.101/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEAtqs7A+san2xGCSaqjN/rM=data1507
8
2019-07-09T17:38:51.817936-070072.21.91.2910.7.10.101/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI=data1507
9
2019-07-09T17:39:18.815705-070023.196.126.22110.7.10.101/en-US/livetile/preinstallXML 1.0 document, UTF-8 Unicode text, with very long lines, with no line terminators4291

Comments(not set)

Update Download PCAP Delete