2017-06-12-Trickbot-malspam-traffic.pcap

MD5c37b17c7fd77b03d4eacc1d26404b2c1
Submission Date2019-08-21 04:39:53
Tags(not set)
Alert 16
Showing 1-16 of 16 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-06-12T11:06:35.632088-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
2
2017-06-12T11:06:35.632088-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
3
2017-06-12T10:58:23.450496-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
4
2017-06-12T10:58:23.450496-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
5
2017-06-12T11:00:29.672796-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
6
2017-06-12T11:00:29.672796-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
7
2017-06-12T11:13:18.879799-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
8
2017-06-12T11:13:18.879799-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
9
2017-06-12T11:00:29.672796-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
10
2017-06-12T11:00:29.672796-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
11
2017-06-12T11:13:18.879799-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
12
2017-06-12T11:13:18.879799-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
13
2017-06-12T10:58:23.450496-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
14
2017-06-12T10:58:23.450496-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
15
2017-06-12T11:06:35.632088-070089.231.13.2710.6.12.104ET TROJAN Possible Dyre SSL Cert (fake state)*
16
2017-06-12T11:06:35.632088-070089.231.13.2710.6.12.104ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)*
DNS 8
Showing 1-8 of 8 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2017-06-12T10:57:59.526451-070010.6.12.10410.6.12.1queryythongye.comA(not set)
2
2017-06-12T10:57:59.793611-070010.6.12.110.6.12.104answerythongye.comA(not set)
3
2017-06-12T10:58:22.161913-070010.6.12.10410.6.12.1queryip.anysrc.netA(not set)
4
2017-06-12T10:58:22.189039-070010.6.12.110.6.12.104answerip.anysrc.netA(not set)
5
2017-06-12T10:58:22.161913-070010.6.12.10410.6.12.1queryip.anysrc.netA(not set)
6
2017-06-12T10:58:22.189039-070010.6.12.110.6.12.104answerip.anysrc.netA(not set)
7
2017-06-12T10:57:59.526451-070010.6.12.10410.6.12.1queryythongye.comA(not set)
8
2017-06-12T10:57:59.793611-070010.6.12.110.6.12.104answerythongye.comA(not set)
TLS 16
Showing 1-16 of 16 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2017-06-12T11:02:21.512309-070010.6.12.10485.228.193.94TLS 1.2(not set)
2
2017-06-12T11:06:35.399582-070010.6.12.10489.231.13.27TLSv1(not set)
3
2017-06-12T10:58:23.222399-070010.6.12.10489.231.13.27TLSv1(not set)
4
2017-06-12T11:00:28.213953-070010.6.12.10485.228.193.94TLS 1.2(not set)
5
2017-06-12T11:00:29.436148-070010.6.12.10489.231.13.27TLSv1(not set)
6
2017-06-12T11:02:24.982440-070010.6.12.10489.231.13.27TLSv1(not set)
7
2017-06-12T11:09:56.918491-070010.6.12.10489.231.13.27TLSv1(not set)
8
2017-06-12T11:13:18.622897-070010.6.12.10489.231.13.27TLSv1(not set)
9
2017-06-12T11:00:28.213953-070010.6.12.10485.228.193.94TLS 1.2(not set)
10
2017-06-12T11:00:29.436148-070010.6.12.10489.231.13.27TLSv1(not set)
11
2017-06-12T11:02:21.512309-070010.6.12.10485.228.193.94TLS 1.2(not set)
12
2017-06-12T11:09:56.918491-070010.6.12.10489.231.13.27TLSv1(not set)
13
2017-06-12T11:13:18.622897-070010.6.12.10489.231.13.27TLSv1(not set)
14
2017-06-12T10:58:23.222399-070010.6.12.10489.231.13.27TLSv1(not set)
15
2017-06-12T11:02:24.982440-070010.6.12.10489.231.13.27TLSv1(not set)
16
2017-06-12T11:06:35.399582-070010.6.12.10489.231.13.27TLSv1(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 4
Showing 1-4 of 4 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-06-12T10:58:22.697245-070010.6.12.104ip.anysrc.net80GET/plain/clientip200
2
2017-06-12T10:58:02.818937-070010.6.12.104ythongye.com80GET/8yhf2ui??uKabRFOeQ=dAUOkfrl200
3
2017-06-12T10:58:02.818937-070010.6.12.104ythongye.com80GET/8yhf2ui??uKabRFOeQ=dAUOkfrl200
4
2017-06-12T10:58:22.697245-070010.6.12.104ip.anysrc.net80GET/plain/clientip200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 38
Showing 1-20 of 38 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-06-12T11:01:54.050990-07001185826893464823flow10.6.12.104497225.45.87.24447TCPpcapanalyzer
2
2017-06-12T11:01:54.050990-07001899392752680390flow10.6.12.104497165.45.87.24447TCPpcapanalyzer
3
2017-06-12T11:01:54.050990-07001625408201268627flow10.6.12.104497185.45.87.24447TCPpcapanalyzer
4
2017-06-12T11:01:54.050990-0700660092829028046flow10.6.12.104497195.45.87.24447TCPpcapanalyzer
5
2017-06-12T11:01:54.050990-0700554183223096084flow10.6.12.10449713103.249.108.12880TCPpcapanalyzer
6
2017-06-12T11:01:54.050990-07001398960342101067flow10.6.12.1044971437.120.182.20880TCPpcapanalyzer
7
2017-06-12T11:01:54.050990-07001409848092364585flow10.6.12.1044972085.228.193.94447TCPpcapanalyzer
8
2017-06-12T11:01:54.050990-07001160516642699385flow10.6.12.1045088910.6.12.153UDPpcapanalyzer
9
2017-06-12T11:01:54.050990-0700175453067185864flow10.6.12.1044976489.231.13.27443TCPpcapanalyzer
10
2017-06-12T11:01:54.050990-07001586302531419247flow10.6.12.104497235.45.87.24447TCPpcapanalyzer
11
2017-06-12T11:01:54.050990-07001049762336730438flow10.6.12.1044973185.228.193.94447TCPpcapanalyzer
12
2017-06-12T11:01:54.050990-07001051016451495168flow10.6.12.1044971589.231.13.27443TCPpcapanalyzer
13
2017-06-12T11:01:54.050990-07001060349447657809flow10.6.12.1044974089.231.13.27443TCPpcapanalyzer
14
2017-06-12T11:01:54.050990-07002199726972768450flow10.6.12.1044967365.52.108.226443TCPpcapanalyzer
15
2017-06-12T11:01:54.050990-07001366443160535318flow10.6.12.1044973289.231.13.27443TCPpcapanalyzer
16
2017-06-12T11:01:54.050990-07002234919937118031flow10.6.12.1044976189.231.13.27443TCPpcapanalyzer
17
2017-06-12T11:01:54.050990-0700551559007851001flow10.6.12.1044972189.231.13.27443TCPpcapanalyzer
18
2017-06-12T11:01:54.050990-07001116789579122803flow10.6.12.1045066610.6.12.153UDPpcapanalyzer
19
2017-06-12T11:01:54.050990-0700982301283027430flow10.6.12.104497295.45.87.24447TCPpcapanalyzer
20
2017-06-12T11:07:41.738841-0700705774093797491flow10.6.12.1045066610.6.12.153UDPpcapanalyzer
File 4
Showing 1-4 of 4 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-06-12T10:58:22.697245-070037.120.182.20810.6.12.104/plain/clientipASCII text, with no line terminators15
2
2017-06-12T10:58:02.818937-0700103.249.108.12810.6.12.104/8yhf2uidata495616
3
2017-06-12T10:58:02.818937-0700103.249.108.12810.6.12.104/8yhf2uidata495616
4
2017-06-12T10:58:22.697245-070037.120.182.20810.6.12.104/plain/clientipASCII text, with no line terminators15

Comments(not set)

Update Download PCAP Delete