2017-06-12-Trickbot-malspam-traffic.pcap

MD5c37b17c7fd77b03d4eacc1d26404b2c1
Submission Date2019-08-21 04:39:53
Tags(not set)
Alert 8
Showing 1-8 of 8 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-06-12T11:00:29.672796-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
2
2017-06-12T11:00:29.672796-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
3
2017-06-12T11:06:35.632088-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
4
2017-06-12T11:06:35.632088-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
5
2017-06-12T11:13:18.879799-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
6
2017-06-12T11:13:18.879799-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
7
2017-06-12T10:58:23.450496-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
8
2017-06-12T10:58:23.450496-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
DNS 4
Showing 1-4 of 4 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2017-06-12T10:57:59.526451-070010.6.12.10410.6.12.1queryythongye.comA(not set)
2
2017-06-12T10:57:59.793611-070010.6.12.110.6.12.104answerythongye.com(not set)(not set)
3
2017-06-12T10:58:22.161913-070010.6.12.10410.6.12.1queryip.anysrc.netA(not set)
4
2017-06-12T10:58:22.189039-070010.6.12.110.6.12.104answerip.anysrc.net(not set)(not set)
TLS 8
Showing 1-8 of 8 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2017-06-12T11:00:29.436148-070010.6.12.10489.231.13.27TLSv1C=AU, ST=f2tee4, L=gf23et65adt, O=tg4r6tds, OU=rst, CN=rvgvtfdf
2
2017-06-12T11:06:35.399582-070010.6.12.10489.231.13.27TLSv1C=AU, ST=f2tee4, L=gf23et65adt, O=tg4r6tds, OU=rst, CN=rvgvtfdf
3
2017-06-12T11:09:56.918491-070010.6.12.10489.231.13.27TLSv1(not set)
4
2017-06-12T11:13:18.622897-070010.6.12.10489.231.13.27TLSv1C=AU, ST=f2tee4, L=gf23et65adt, O=tg4r6tds, OU=rst, CN=rvgvtfdf
5
2017-06-12T10:58:23.222399-070010.6.12.10489.231.13.27TLSv1C=AU, ST=f2tee4, L=gf23et65adt, O=tg4r6tds, OU=rst, CN=rvgvtfdf
6
2017-06-12T11:00:28.213953-070010.6.12.10485.228.193.94TLS 1.2CN=sd-97597.dedibox.fr
7
2017-06-12T11:02:21.512309-070010.6.12.10485.228.193.94TLS 1.2CN=sd-97597.dedibox.fr
8
2017-06-12T11:02:24.982440-070010.6.12.10489.231.13.27TLSv1(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 2
Showing 1-2 of 2 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-06-12T10:58:22.697245-070010.6.12.104ip.anysrc.net80GET/plain/clientip200
2
2017-06-12T10:58:02.818937-070010.6.12.104ythongye.com80GET/8yhf2ui??uKabRFOeQ=dAUOkfrl200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 19
Showing 1-19 of 19 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-06-12T11:04:19.928410-07003134625577081flow10.6.12.1045088910.6.12.153UDPpcapanalyzer
2
2017-06-12T11:04:19.928410-07001699247281393358flow10.6.12.104497195.45.87.24447TCPpcapanalyzer
3
2017-06-12T11:04:19.928410-0700298456577998278flow10.6.12.104497165.45.87.24447TCPpcapanalyzer
4
2017-06-12T11:04:19.928410-0700731844557683823flow10.6.12.104497235.45.87.24447TCPpcapanalyzer
5
2017-06-12T11:04:19.928410-07001576647442564343flow10.6.12.104497225.45.87.24447TCPpcapanalyzer
6
2017-06-12T11:04:19.928410-0700335281624920852flow10.6.12.10449713103.249.108.12880TCPpcapanalyzer
7
2017-06-12T11:04:19.928410-07002170207617878131flow10.6.12.1045066610.6.12.153UDPpcapanalyzer
8
2017-06-12T11:04:19.928410-07001492792500834809flow10.6.12.1044972189.231.13.27443TCPpcapanalyzer
9
2017-06-12T11:04:19.928410-07001213744180596521flow10.6.12.1044972085.228.193.94447TCPpcapanalyzer
10
2017-06-12T11:04:19.928410-0700397017499666918flow10.6.12.104497295.45.87.24447TCPpcapanalyzer
11
2017-06-12T11:04:19.928410-07001390013925223499flow10.6.12.1044971437.120.182.20880TCPpcapanalyzer
12
2017-06-12T11:04:19.928410-0700698000208010643flow10.6.12.104497185.45.87.24447TCPpcapanalyzer
13
2017-06-12T11:04:19.928410-0700577204249335040flow10.6.12.1044971589.231.13.27443TCPpcapanalyzer
14
2017-06-12T11:04:19.928410-0700732484555673288flow10.6.12.1044976489.231.13.27443TCPpcapanalyzer
15
2017-06-12T11:04:19.928410-07002207943217769798flow10.6.12.1044973185.228.193.94447TCPpcapanalyzer
16
2017-06-12T11:04:19.928410-07001655004862877519flow10.6.12.1044976189.231.13.27443TCPpcapanalyzer
17
2017-06-12T11:04:19.928410-0700829997477564610flow10.6.12.1044967365.52.108.226443TCPpcapanalyzer
18
2017-06-12T11:04:19.928410-07001124864151411025flow10.6.12.1044974089.231.13.27443TCPpcapanalyzer
19
2017-06-12T11:04:19.928410-07001125632934183190flow10.6.12.1044973289.231.13.27443TCPpcapanalyzer
File 2
Showing 1-2 of 2 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-06-12T10:58:22.697245-070037.120.182.20810.6.12.104/plain/clientipASCII text, with no line terminators15
2
2017-06-12T10:58:02.818937-0700103.249.108.12810.6.12.104/8yhf2uidata495616

Comments(not set)

Update Download PCAP Delete