2019-MTA-workshop-block-8.pcap

MD59ffde29eed603e61ac9ea3dcdcbe92a6
Submission Date2019-08-20 21:36:22
Tags(not set)
Alert 32
Showing 1-20 of 32 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-05-05T19:02:17.205464-0700172.16.2.97209.90.88.136ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile*
2
2019-05-05T19:03:07.458513-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
3
2019-05-05T19:03:16.078170-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
4
2019-05-05T19:03:23.598384-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
5
2019-05-05T19:03:31.698444-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
6
2019-05-05T19:03:39.818505-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
7
2019-05-05T19:03:56.039052-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
8
2019-05-05T19:04:04.148458-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
9
2019-05-05T19:04:12.258373-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
10
2019-05-05T19:04:20.708548-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
11
2019-05-05T19:04:28.498216-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
12
2019-05-05T19:04:36.588612-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
13
2019-05-05T19:04:44.708725-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
14
2019-05-05T19:04:52.828805-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
15
2019-05-05T19:05:00.938547-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
16
2019-05-05T19:05:13.220858-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
17
2019-05-05T19:05:17.158515-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
18
2019-05-05T19:05:25.688579-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
19
2019-05-05T19:05:33.388954-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
20
2019-05-05T19:05:41.491535-0700172.16.2.97185.247.228.192ET TROJAN Possible NanoCore C2 64B*
DNS 403
Showing 1-20 of 403 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-05-05T18:59:37.725190-0700172.16.2.115172.16.2.2querydetectportal.firefox.comA(not set)
2
2019-05-05T18:59:37.725312-0700172.16.2.115172.16.2.2querydetectportal.firefox.comA(not set)
3
2019-05-05T18:59:39.283991-0700172.16.2.115172.16.2.2querydetectportal.firefox.comA(not set)
4
2019-05-05T18:59:40.807218-0700172.16.2.2193.108.91.240querydetectportal.firefox.comA(not set)
5
2019-05-05T18:59:41.039866-0700193.108.91.240172.16.2.2answerdetectportal.firefox.com(not set)(not set)
6
2019-05-05T18:59:41.157879-0700172.16.2.2172.16.2.115answerdetectportal.firefox.com(not set)(not set)
7
2019-05-05T18:59:37.724381-0700172.16.2.115172.16.2.2querywastatedairy.comA(not set)
8
2019-05-05T18:59:37.726156-0700172.16.2.115172.16.2.2querywastatedairy.comA(not set)
9
2019-05-05T18:59:37.729051-0700172.16.2.2172.16.2.115answerwastatedairy.com(not set)(not set)
10
2019-05-05T18:59:39.283326-0700172.16.2.115172.16.2.2querywastatedairy.comA(not set)
11
2019-05-05T18:59:39.283509-0700172.16.2.2172.16.2.115answerwastatedairy.com(not set)(not set)
12
2019-05-05T18:59:39.289220-0700172.16.2.115172.16.2.2queryshavar.services.mozilla.comA(not set)
13
2019-05-05T18:59:39.353387-0700172.16.2.2172.16.2.115answershavar.services.mozilla.com(not set)(not set)
14
2019-05-05T18:59:42.360369-0700172.16.2.115172.16.2.2queryi2.wp.comA(not set)
15
2019-05-05T18:59:42.360515-0700172.16.2.2172.16.2.115answeri2.wp.com(not set)(not set)
16
2019-05-05T18:59:42.155753-0700172.16.2.115172.16.2.2queryfonts.gstatic.comA(not set)
17
2019-05-05T18:59:42.221085-0700172.16.2.2172.16.2.115answerfonts.gstatic.com(not set)(not set)
18
2019-05-05T18:59:42.360614-0700172.16.2.115172.16.2.2querys0.wp.comA(not set)
19
2019-05-05T18:59:42.360697-0700172.16.2.2172.16.2.115answers0.wp.com(not set)(not set)
20
2019-05-05T18:59:42.361191-0700172.16.2.115172.16.2.2querystats.wp.comA(not set)
TLS 96
Showing 1-20 of 96 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-05-05T18:59:40.295037-0700172.16.2.11535.160.231.181TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
2
2019-05-05T18:59:42.065316-0700172.16.2.115192.0.77.32TLS 1.3(not set)
3
2019-05-05T18:59:42.115926-0700172.16.2.11523.111.9.35TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
4
2019-05-05T18:59:42.073106-0700172.16.2.115192.0.76.3TLS 1.3(not set)
5
2019-05-05T18:59:42.138367-0700172.16.2.115172.217.5.74TLS 1.3(not set)
6
2019-05-05T18:59:44.502552-0700172.16.2.11554.192.146.180TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
7
2019-05-05T18:59:45.771508-0700172.16.2.11574.125.20.94TLS 1.3(not set)
8
2019-05-05T18:59:45.774701-0700172.16.2.11574.125.20.94TLS 1.3(not set)
9
2019-05-05T18:59:46.005843-0700172.16.2.11574.125.20.94TLS 1.3(not set)
10
2019-05-05T18:59:46.095607-0700172.16.2.11574.125.20.94TLS 1.3(not set)
11
2019-05-05T18:59:46.270875-0700172.16.2.11554.192.146.177TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
12
2019-05-05T18:59:47.422944-0700172.16.2.11552.84.242.37TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
13
2019-05-05T18:59:53.138967-0700172.16.2.11552.84.242.117TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
14
2019-05-05T19:00:31.228248-0700172.16.2.209172.217.11.74TLS 1.3(not set)
15
2019-05-05T19:00:34.783034-0700172.16.2.209104.28.6.113TLS 1.3(not set)
16
2019-05-05T18:59:43.463880-0700172.16.2.115192.0.77.2TLS 1.3(not set)
17
2019-05-05T18:59:45.770495-0700172.16.2.11574.125.20.94TLS 1.3(not set)
18
2019-05-05T18:59:48.045307-0700172.16.2.11554.192.146.39TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
19
2019-05-05T18:59:48.069231-0700172.16.2.11554.192.146.39TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
20
2019-05-05T19:00:43.876622-0700172.16.2.8317.248.129.178TLS 1.2CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 393
Showing 1-20 of 393 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-05-05T18:59:41.891140-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/gutenberg/build/block-library/theme.css?ver=1556761022200
2
2019-05-05T18:59:41.544534-0700172.16.2.115wastatedairy.com80GET/200
3
2019-05-05T18:59:41.824750-0700172.16.2.115wastatedairy.com80GET/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1200
4
2019-05-05T18:59:41.892451-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/simple-staff-list/public/css/simple-staff-list-public.css?ver=2.1.1200
5
2019-05-05T18:59:41.894083-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/gutenberg/build/block-library/style.css?ver=1556761022200
6
2019-05-05T18:59:42.095950-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/business-directory-plugin/assets/css/widgets.min.css?ver=5.5.4200
7
2019-05-05T18:59:42.388672-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css?ver=1200
8
2019-05-05T18:59:42.469938-0700172.16.2.115detectportal.firefox.com80GET/success.txt200
9
2019-05-05T18:59:41.892449-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/jetpack/modules/theme-tools/compat/twentyfourteen.css?ver=7.2.1200
10
2019-05-05T18:59:42.094780-0700172.16.2.115wastatedairy.com80GET/wp-content/themes/twentyfourteen/css/blocks.css?ver=20181230200
11
2019-05-05T18:59:42.824473-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20130122200
12
2019-05-05T18:59:43.227473-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=7.2.1200
13
2019-05-05T18:59:42.133351-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1200
14
2019-05-05T18:59:42.185769-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/business-directory-plugin/themes/default/assets/styles.css?ver=4.0.4200
15
2019-05-05T18:59:42.172063-0700172.16.2.115wastatedairy.com80GET/wp-content/themes/twentyfourteen/style.css?ver=5.1.1200
16
2019-05-05T18:59:43.794359-0700172.16.2.115pixel.wp.com80GET/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.30672538408992644200
17
2019-05-05T18:59:42.226765-0700172.16.2.115wastatedairy.com80GET/wp-content/plugins/jetpack/css/jetpack.css?ver=7.2.1200
18
2019-05-05T18:59:42.464334-0700172.16.2.115wastatedairy.com80GET/wp-includes/js/jquery/jquery.js?ver=1.12.4200
19
2019-05-05T19:00:07.420304-0700172.16.2.209www.msftncsi.com80GET/ncsi.txt200
20
2019-05-05T18:59:42.834392-0700172.16.2.115wastatedairy.com80GET/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b200
SMB 61
Showing 1-20 of 61 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2019-05-05T19:00:10.610398-0700172.16.2.209172.16.2.22.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2019-05-05T19:00:10.728646-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
3
2019-05-05T19:00:10.750866-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_SESSION_SETUP43983820555450
4
2019-05-05T19:00:10.753760-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_TREE_CONNECT43983820555451
5
2019-05-05T19:00:10.757588-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_CREATE43983820555451
6
2019-05-05T19:00:22.937823-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
7
2019-05-05T19:00:22.961643-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_SESSION_SETUP43983820555490
8
2019-05-05T19:00:22.964310-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_TREE_CONNECT43983820555491
9
2019-05-05T19:00:23.195795-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_CREATE43983820555491
10
2019-05-05T19:00:36.751442-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_READ43983820555451
11
2019-05-05T19:00:36.965797-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_CLOSE43983820555451
12
2019-05-05T19:00:36.965798-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_CLOSE43983820555491
13
2019-05-05T19:00:48.763276-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_TREE_DISCONNECT43983820555451
14
2019-05-05T19:00:48.766954-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_SESSION_LOGOFF43983820555450
15
2019-05-05T19:00:48.769364-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_TREE_DISCONNECT43983820555491
16
2019-05-05T19:00:48.784986-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_SESSION_LOGOFF43983820555490
17
2019-05-05T19:00:10.495610-0700172.16.2.209172.16.2.22.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
18
2019-05-05T19:00:10.549402-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
19
2019-05-05T19:00:10.552697-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_SESSION_SETUP43983820555330
20
2019-05-05T19:00:10.556197-0700172.16.2.209172.16.2.22.10SMB2_COMMAND_SESSION_SETUP43983820555330
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 517
Showing 1-20 of 517 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-05-05T19:00:36.409720-07001281204131520982flow172.16.2.20958660224.0.0.2525355UDPpcapanalyzer
2
2019-05-05T19:00:36.409720-0700485883562465237flow172.16.2.20962196224.0.0.2525355UDPpcapanalyzer
3
2019-05-05T19:00:36.409720-07001776942141765320flow172.16.2.20959839224.0.0.2525355UDPpcapanalyzer
4
2019-05-05T19:07:14.298491-07001267086578245782flow172.16.2.8361069172.16.2.253UDPpcapanalyzer
5
2019-05-05T19:07:14.298491-0700704402907159740flow172.16.2.11533682192.0.76.380TCPpcapanalyzer
6
2019-05-05T19:07:14.298491-07001689904631609126flow172.16.2.20958140224.0.0.2525355UDPpcapanalyzer
7
2019-05-05T19:07:14.298491-0700282980724212692flow172.16.2.9749179172.16.2.288TCPpcapanalyzer
8
2019-05-05T19:07:14.298491-07001550253766341347flow172.16.2.11546930192.254.233.180TCPpcapanalyzer
9
2019-05-05T19:07:14.298491-0700987316703234453flow172.16.2.8360755172.16.2.253UDPpcapanalyzer
10
2019-05-05T19:07:14.298491-0700705867506137429flow172.16.2.14655866172.217.5.66443TCPpcapanalyzer
11
2019-05-05T19:07:14.298491-0700283788193884348flow172.16.2.2416407923.52.248.57443TCPpcapanalyzer
12
2019-05-05T19:07:14.298491-0700143604741206360flow172.16.2.9749185172.16.2.288TCPpcapanalyzer
13
2019-05-05T19:07:14.298491-07001551812850033082flow172.16.2.14649220172.217.11.78443TCPpcapanalyzer
14
2019-05-05T19:07:14.298491-07001692971249765170flow172.16.2.14658518.8.8.853UDPpcapanalyzer
15
2019-05-05T19:07:14.298491-07001552276700070891flow172.16.2.20949592172.16.2.253UDPpcapanalyzer
16
2019-05-05T19:07:14.298491-0700285755290979015flow172.16.2.12784388.8.8.853UDPpcapanalyzer
17
2019-05-05T19:07:14.298491-0700707976346792556flow172.16.2.127339348.8.8.853UDPpcapanalyzer
18
2019-05-05T19:07:14.298491-07001411732482977380flow172.16.2.20949170172.16.2.2389TCPpcapanalyzer
19
2019-05-05T19:07:14.298491-07001552534401820420flow172.16.2.9760039172.16.2.2389UDPpcapanalyzer
20
2019-05-05T19:07:14.298491-0700426896490850177flow172.16.2.14668172.16.2.267UDPpcapanalyzer
File 391
Showing 1-20 of 391 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-05-05T18:59:41.544534-0700192.254.233.1172.16.2.115/HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators37566
2
2019-05-05T18:59:41.891140-0700192.254.233.1172.16.2.115/wp-content/plugins/gutenberg/build/block-library/theme.cssASCII text, with very long lines, with no line terminators1875
3
2019-05-05T18:59:41.894083-0700192.254.233.1172.16.2.115/wp-content/plugins/gutenberg/build/block-library/style.cssASCII text, with very long lines, with no line terminators29971
4
2019-05-05T18:59:41.892451-0700192.254.233.1172.16.2.115/wp-content/plugins/simple-staff-list/public/css/simple-staff-list-public.cssASCII text457
5
2019-05-05T18:59:42.095950-0700192.254.233.1172.16.2.115/wp-content/plugins/business-directory-plugin/assets/css/widgets.min.cssASCII text, with no line terminators181
6
2019-05-05T18:59:41.824750-0700192.254.233.1172.16.2.115/wp-includes/js/wp-emoji-release.min.jsASCII text, with very long lines12034
7
2019-05-05T18:59:42.388672-0700192.254.233.1172.16.2.115/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.cssASCII text, with very long lines, with no line terminators26726
8
2019-05-05T18:59:42.469938-070070.163.84.250172.16.2.115/success.txtASCII text8
9
2019-05-05T18:59:41.892449-0700192.254.233.1172.16.2.115/wp-content/plugins/jetpack/modules/theme-tools/compat/twentyfourteen.cssASCII text7543
10
2019-05-05T18:59:42.094780-0700192.254.233.1172.16.2.115/wp-content/themes/twentyfourteen/css/blocks.cssASCII text7429
11
2019-05-05T18:59:42.824473-0700192.254.233.1172.16.2.115/wp-content/plugins/jetpack/_inc/build/photon/photon.min.jsASCII text, with very long lines580
12
2019-05-05T18:59:42.133351-0700192.254.233.1172.16.2.115/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.cssASCII text, with very long lines28266
13
2019-05-05T18:59:42.172063-0700192.254.233.1172.16.2.115/wp-content/themes/twentyfourteen/style.cssASCII text, with very long lines81216
14
2019-05-05T18:59:43.227473-0700192.254.233.1172.16.2.115/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.jsASCII text, with very long lines8053
15
2019-05-05T18:59:42.185769-0700192.254.233.1172.16.2.115/wp-content/plugins/business-directory-plugin/themes/default/assets/styles.cssASCII text1088
16
2019-05-05T18:59:43.794359-0700192.0.76.3172.16.2.115/g.gifGIF image data, version 89a, 6 x 550
17
2019-05-05T18:59:42.464334-0700192.254.233.1172.16.2.115/wp-includes/js/jquery/jquery.jsASCII text, with very long lines97183
18
2019-05-05T19:00:07.420304-070072.165.185.64172.16.2.209/ncsi.txtASCII text, with no line terminators14
19
2019-05-05T18:59:42.226765-0700192.254.233.1172.16.2.115/wp-content/plugins/jetpack/css/jetpack.cssASCII text, with very long lines70494
20
2019-05-05T18:59:42.379096-0700192.254.233.1172.16.2.115/wp-content/plugins/simple-contact-form/style.cssHTML document, ASCII text, with no line terminators83

Comments(not set)

Update Download PCAP Delete