2019-MTA-workshop-block-7-02.pcap

MD5030a8510d8308ac7299f0860185a64bc
Submission Date2019-09-11 00:48:24
Tags(not set)
Alert 7
Showing 1-7 of 7 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-05-03T07:40:29.380363-070010.0.40.11910.0.40.4ET DNS Query to a *.top domain - Likely Hostile*
2
2019-05-03T07:40:32.728540-070010.0.40.119151.106.15.200ET INFO Dotted Quad Host RAR Request*
3
2019-05-03T07:40:29.286029-070010.0.40.119208.67.222.222ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup)*
4
2019-05-03T07:45:33.332557-070010.0.40.119151.106.15.200ET INFO Dotted Quad Host RAR Request*
5
2019-05-03T07:38:47.579474-0700194.147.35.11210.0.40.119ET POLICY PE EXE or DLL Windows file download HTTP*
6
2019-05-03T07:38:47.579474-0700194.147.35.11210.0.40.119ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download*
7
2019-05-03T07:38:47.579474-0700194.147.35.11210.0.40.119ET INFO EXE - Served Attached HTTP*
DNS 57
Showing 1-20 of 57 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-05-03T07:38:08.751367-070010.0.40.11910.0.40.4query_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pizzajukebox.comSRV(not set)
2
2019-05-03T07:38:08.751584-070010.0.40.410.0.40.119answer_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pizzajukebox.comSRV(not set)
3
2019-05-03T07:38:08.753045-070010.0.40.11910.0.40.4querypizzajukebox-dc.pizzajukebox.comA(not set)
4
2019-05-03T07:38:08.753157-070010.0.40.410.0.40.119answerpizzajukebox-dc.pizzajukebox.comA(not set)
5
2019-05-03T07:38:08.753219-070010.0.40.11910.0.40.4querypizzajukebox-dc.pizzajukebox.comA(not set)
6
2019-05-03T07:38:08.753315-070010.0.40.410.0.40.119answerpizzajukebox-dc.pizzajukebox.comA(not set)
7
2019-05-03T07:38:08.747104-070010.0.40.11910.0.40.4query_ldap._tcp.dc._msdcs.pizzajukebox.comSRV(not set)
8
2019-05-03T07:38:08.747390-070010.0.40.410.0.40.119answer_ldap._tcp.dc._msdcs.pizzajukebox.comSRV(not set)
9
2019-05-03T07:38:08.946905-070010.0.40.11910.0.40.4query_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pizzajukebox.comSRV(not set)
10
2019-05-03T07:38:08.947081-070010.0.40.410.0.40.119answer_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pizzajukebox.comSRV(not set)
11
2019-05-03T07:38:08.920939-070010.0.40.11910.0.40.4query_ldap._tcp.Default-First-Site-Name._sites.pizzajukebox.comSRV(not set)
12
2019-05-03T07:38:08.922410-070010.0.40.410.0.40.119answer_ldap._tcp.Default-First-Site-Name._sites.pizzajukebox.comSRV(not set)
13
2019-05-03T07:38:10.029175-070010.0.40.11910.0.40.4query_ldap._tcp.Default-First-Site-Name._sites.PizzaJukebox-DC.pizzajukebox.comSRV(not set)
14
2019-05-03T07:38:10.029428-070010.0.40.410.0.40.119answer_ldap._tcp.Default-First-Site-Name._sites.PizzaJukebox-DC.pizzajukebox.comSRV(not set)
15
2019-05-03T07:38:10.029861-070010.0.40.11910.0.40.4query_ldap._tcp.PizzaJukebox-DC.pizzajukebox.comSRV(not set)
16
2019-05-03T07:38:10.029971-070010.0.40.410.0.40.119answer_ldap._tcp.PizzaJukebox-DC.pizzajukebox.comSRV(not set)
17
2019-05-03T07:38:09.061139-070010.0.40.11910.0.40.4query_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pizzajukebox.comSRV(not set)
18
2019-05-03T07:38:09.061291-070010.0.40.410.0.40.119answer_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pizzajukebox.comSRV(not set)
19
2019-05-03T07:38:16.514535-070010.0.40.11910.0.40.4queryBeijing-5cd1-PC.pizzajukebox.comSOA(not set)
20
2019-05-03T07:38:16.514762-070010.0.40.410.0.40.119answerBeijing-5cd1-PC.pizzajukebox.comSOA(not set)
TLS 20
Showing 1-20 of 20 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-05-03T07:39:50.396939-070010.0.40.11972.21.81.200TLS 1.2r20swj13mr.microsoft.com
2
2019-05-03T07:39:50.397184-070010.0.40.11972.21.81.200TLS 1.2iecvlist.microsoft.com
3
2019-05-03T07:40:30.252926-070010.0.40.119185.139.70.182TLS 1.2mconorbenjamin.top
4
2019-05-03T07:50:32.683349-070010.0.40.119185.25.50.168TLS 1.2(not set)
5
2019-05-03T07:50:33.622623-070010.0.40.119185.25.50.168TLS 1.2(not set)
6
2019-05-03T08:05:35.338570-070010.0.40.119185.25.50.168TLS 1.2(not set)
7
2019-05-03T08:10:34.979962-070010.0.40.119185.25.50.168TLS 1.2(not set)
8
2019-05-03T08:20:36.112907-070010.0.40.119185.25.50.168TLS 1.2(not set)
9
2019-05-03T07:40:31.576748-070010.0.40.119185.139.70.182TLS 1.2mconorbenjamin.top
10
2019-05-03T08:00:34.780144-070010.0.40.119185.25.50.168TLS 1.2(not set)
11
2019-05-03T08:10:35.978518-070010.0.40.119185.25.50.168TLS 1.2(not set)
12
2019-05-03T08:25:37.797462-070010.0.40.119185.25.50.168TLS 1.2(not set)
13
2019-05-03T07:39:50.386883-070010.0.40.11972.21.81.200TLS 1.2r20swj13mr.microsoft.com
14
2019-05-03T07:40:43.116205-070010.0.40.119185.139.70.182TLS 1.2mconorbenjamin.top
15
2019-05-03T07:45:32.113078-070010.0.40.119185.25.50.168TLS 1.2(not set)
16
2019-05-03T07:50:44.916285-070010.0.40.119185.25.50.168TLS 1.2(not set)
17
2019-05-03T07:55:34.224383-070010.0.40.119185.25.50.168TLS 1.2(not set)
18
2019-05-03T08:00:33.818057-070010.0.40.119185.25.50.168TLS 1.2(not set)
19
2019-05-03T08:15:36.540116-070010.0.40.119185.25.50.168TLS 1.2(not set)
20
2019-05-03T08:20:37.191617-070010.0.40.119185.25.50.168TLS 1.2(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 9
Showing 1-9 of 9 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-05-03T07:38:14.149972-070010.0.40.119www.msftncsi.com80GET/ncsi.txt200
2
2019-05-03T07:40:32.728540-070010.0.40.119151.106.15.20080GET/client.rar200
3
2019-05-03T07:39:21.976962-070010.0.40.119nvr82644ooei.info80GET/images/ZJMCKxNxyytMktSy/JyYmUvy2DXPWA5r/kS4dS0KmJYiHk_2FmI/EQ2ANH488/4Bl18c_2F91IuiOhJR_2/F5zzVOZKdx2GfqlRyYo/VIPe6fhbBOWW6RpTUAU_2B/RgBg_2Fkzyh5Z/MwDvm0g5/xAaF_2F1aum/OCgLtcd6iO/9.avi200
4
2019-05-03T07:39:22.180795-070010.0.40.119nvr82644ooei.info80GET/favicon.ico200
5
2019-05-03T07:39:25.297363-070010.0.40.119nvr82644ooei.info80GET/images/We26kfzMbrKgMuVj7zer/DchzzyrBalZkNlhDEjg/KwZBwSa25xGrdXLpUzTMGU/noteOa6XjFfDD/8oTy2G_2/FhcmIo6P48fOf8Bgh0PXN4L/iY_2BRPCP0/lAT3V655UxwaA3O5H/RCsZLyft3_2B/XCNFvthnfck/1YiiYu3oauSR6qSxIxJN/Ax.avi200
6
2019-05-03T07:45:33.332557-070010.0.40.119151.106.15.20080GET/client.rar200
7
2019-05-03T07:38:47.578207-070010.0.40.119w53uli34zk.club80GET/skoex/po2.php?l=elof3.fgs200
8
2019-05-03T07:39:24.187529-070010.0.40.119nvr82644ooei.info80GET/images/R_2BRNHdQ0Vcjf/a_2B_2BfjBKfPq0DixgkO/URu15lrjBSm2bm_2/FcWh1TEMuSU74TY/TFGqTcZqqCNGzMVjB2/EwDNbNGPn/gX9lTHfzjpr_2FTef_2F/JOGIbPTg1kP_2FM9Q0v/XcZ07NSGVU6OX2lNFF1ypZ/JiG8mizkp/y.avi200
9
2019-05-03T07:40:30.710163-070010.0.40.119www.download.windowsupdate.com80GET/msdownload/update/v3/static/trustedr/en/authrootstl.cab200
SMB 60
Showing 1-20 of 60 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2019-05-03T07:38:08.950708-070010.0.40.11910.0.40.42.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2019-05-03T07:38:08.973823-070010.0.40.11910.0.40.42.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
3
2019-05-03T07:38:08.977057-070010.0.40.11910.0.40.42.10SMB2_COMMAND_SESSION_SETUP43980465111890
4
2019-05-03T07:38:08.981271-070010.0.40.11910.0.40.42.10SMB2_COMMAND_TREE_CONNECT43980465111891
5
2019-05-03T07:38:09.192867-070010.0.40.11910.0.40.42.10SMB2_COMMAND_IOCTL43980465111891
6
2019-05-03T07:38:09.465630-070010.0.40.11910.0.40.42.10SMB2_COMMAND_IOCTL43980465111891
7
2019-05-03T07:38:10.057216-070010.0.40.11910.0.40.42.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
8
2019-05-03T07:38:24.563679-070010.0.40.11910.0.40.42.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
9
2019-05-03T07:38:24.567232-070010.0.40.11910.0.40.42.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
10
2019-05-03T07:38:24.568148-070010.0.40.11910.0.40.42.10SMB2_COMMAND_SESSION_SETUP43980465111970
11
2019-05-03T07:38:24.568395-070010.0.40.11910.0.40.42.10SMB2_COMMAND_TREE_CONNECT43980465111971
12
2019-05-03T07:38:24.682171-070010.0.40.11910.0.40.42.10SMB2_COMMAND_IOCTL43980465111971
13
2019-05-03T07:38:24.894555-070010.0.40.11910.0.40.42.10SMB2_COMMAND_TREE_CONNECT43980465111975
14
2019-05-03T07:38:25.081874-070010.0.40.11910.0.40.42.10SMB2_COMMAND_NEGOTIATE_PROTOCOL00
15
2019-05-03T07:38:25.083084-070010.0.40.11910.0.40.42.10SMB2_COMMAND_SESSION_SETUP43980465112010
16
2019-05-03T07:38:25.083581-070010.0.40.11910.0.40.42.10SMB2_COMMAND_TREE_CONNECT43980465112011
17
2019-05-03T07:38:25.084134-070010.0.40.11910.0.40.42.10SMB2_COMMAND_CREATE43980465112011
18
2019-05-03T07:38:31.754876-070010.0.40.11910.0.40.42.10SMB2_COMMAND_CREATE43980465111975
19
2019-05-03T07:38:37.519334-070010.0.40.11910.0.40.42.10SMB2_COMMAND_TREE_DISCONNECT43980465111971
20
2019-05-03T07:38:10.058660-070010.0.40.11910.0.40.42.10SMB2_COMMAND_SESSION_SETUP43980465111930
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 123
Showing 1-20 of 123 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-05-03T07:38:45.966981-0700764058883297459flow10.0.40.11949215224.0.0.2525355UDPpcapanalyzer
2
2019-05-03T07:38:45.966981-07001954602342901086flow10.0.40.11956984224.0.0.2525355UDPpcapanalyzer
3
2019-05-03T08:22:36.004223-07001832406233923679flow10.0.40.444510.0.40.11949204TCPpcapanalyzer
4
2019-05-03T08:22:36.004223-0700847959049273043flow10.0.40.11949230185.25.50.168443TCPpcapanalyzer
5
2019-05-03T08:22:36.004223-0700144799761222275flow10.0.40.1196181310.0.40.453UDPpcapanalyzer
6
2019-05-03T08:22:36.004223-0700708668837560188flow10.0.40.46710.0.40.11968UDPpcapanalyzer
7
2019-05-03T08:22:36.004223-0700849412768166617flow10.0.40.1196270010.0.40.453UDPpcapanalyzer
8
2019-05-03T08:22:36.004223-0700286838683528243flow10.0.40.1194922410.0.40.4445TCPpcapanalyzer
9
2019-05-03T08:22:36.004223-07002117263579860648flow10.0.40.11949227185.25.50.168443TCPpcapanalyzer
10
2019-05-03T08:22:36.004223-07001274472801260244flow10.0.40.1195293810.0.40.453UDPpcapanalyzer
11
2019-05-03T08:22:36.004223-07002120351602302375flow10.0.40.11949220151.106.15.20080TCPpcapanalyzer
12
2019-05-03T08:22:36.004223-070010764578340109flow10.0.40.1194921523.63.255.7580TCPpcapanalyzer
13
2019-05-03T08:22:36.004223-07002122421747362936flow10.0.40.1195995910.0.40.4389UDPpcapanalyzer
14
2019-05-03T08:22:36.004223-07001278185800495223flow10.0.40.11949206185.189.12.13980TCPpcapanalyzer
15
2019-05-03T08:22:36.004223-07001560921345408216flow10.0.40.1194916410.0.40.488TCPpcapanalyzer
16
2019-05-03T08:22:36.004223-07001139097575903726flow10.0.40.1194919510.0.40.488TCPpcapanalyzer
17
2019-05-03T08:22:36.004223-0700717097710665399flow10.0.40.11913710.0.40.255137UDPpcapanalyzer
18
2019-05-03T08:22:36.004223-0700577865609419827flow10.0.40.1194919810.0.40.488TCPpcapanalyzer
19
2019-05-03T08:22:36.004223-0700158300991663193flow10.0.40.1194919310.0.40.488TCPpcapanalyzer
20
2019-05-03T08:22:36.004223-0700723353339840639flow10.0.40.1194999210.0.40.453UDPpcapanalyzer
File 11
Showing 1-11 of 11 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-05-03T07:38:14.149972-070023.63.254.17610.0.40.119/ncsi.txtASCII text, with no line terminators14
2
2019-05-03T07:38:24.680349-070010.0.40.410.0.40.119pizzajukebox.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
3
2019-05-03T07:38:49.334153-070010.0.40.410.0.40.119pizzajukebox.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
4
2019-05-03T07:40:32.728540-0700151.106.15.20010.0.40.119/client.rardata606
5
2019-05-03T07:39:21.976962-0700185.189.12.13910.0.40.119/images/ZJMCKxNxyytMktSy/JyYmUvy2DXPWA5r/kS4dS0KmJYiHk_2FmI/EQ2ANH488/4Bl18c_2F91IuiOhJR_2/F5zzVOZKdx2GfqlRyYo/VIPe6fhbBOWW6RpTUAU_2B/RgBg_2Fkzyh5Z/MwDvm0g5/xAaF_2F1aum/OCgLtcd6iO/9.aviASCII text, with very long lines, with no line terminators218552
6
2019-05-03T07:39:22.180795-0700185.189.12.13910.0.40.119/favicon.icoMS Windows icon resource - 2 icons, 16x165430
7
2019-05-03T07:39:25.297363-0700185.189.12.13910.0.40.119/images/We26kfzMbrKgMuVj7zer/DchzzyrBalZkNlhDEjg/KwZBwSa25xGrdXLpUzTMGU/noteOa6XjFfDD/8oTy2G_2/FhcmIo6P48fOf8Bgh0PXN4L/iY_2BRPCP0/lAT3V655UxwaA3O5H/RCsZLyft3_2B/XCNFvthnfck/1YiiYu3oauSR6qSxIxJN/Ax.aviASCII text, with very long lines, with no line terminators2392
8
2019-05-03T07:45:33.332557-0700151.106.15.20010.0.40.119/client.rardata606
9
2019-05-03T07:38:47.578207-0700194.147.35.11210.0.40.119elof3.fgsPE32 executable (GUI) Intel 80386, for MS Windows329728
10
2019-05-03T07:39:24.187529-0700185.189.12.13910.0.40.119/images/R_2BRNHdQ0Vcjf/a_2B_2BfjBKfPq0DixgkO/URu15lrjBSm2bm_2/FcWh1TEMuSU74TY/TFGqTcZqqCNGzMVjB2/EwDNbNGPn/gX9lTHfzjpr_2FTef_2F/JOGIbPTg1kP_2FM9Q0v/XcZ07NSGVU6OX2lNFF1ypZ/JiG8mizkp/y.aviASCII text, with very long lines, with no line terminators274536
11
2019-05-03T07:40:30.710163-070023.63.255.7510.0.40.119/msdownload/update/v3/static/trustedr/en/authrootstl.cabMicrosoft Cabinet archive data, 57523 bytes, 1 file57523

Comments(not set)

Update Download PCAP Delete