M10_Group B.pcap

MD5a6b5d43ae80598b43af083f35c866385
Submission Date2019-10-09 11:53:32
Tags(not set)
Alert 1
Showing 1-1 of 1 item.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-09-11T20:31:03.775389-070010.249.53.5910.249.52.231ET ATTACK_RESPONSE Net User Command Response*
DNS 14
Showing 1-14 of 14 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-09-11T20:29:11.624592-070010.249.53.598.8.4.4querycheckappexec.microsoft.comA(not set)
2
2019-09-11T20:28:37.351030-070010.249.53.598.8.8.8querypop3.189.cnA(not set)
3
2019-09-11T20:29:11.670518-07008.8.4.410.249.53.59answercheckappexec.microsoft.com(not set)(not set)
4
2019-09-11T20:28:37.367826-07008.8.8.810.249.53.59answerpop3.189.cn(not set)(not set)
5
2019-09-11T20:29:11.602479-070010.249.53.598.8.8.8querycheckappexec.microsoft.comA(not set)
6
2019-09-11T20:29:11.682464-07008.8.8.810.249.53.59answercheckappexec.microsoft.com(not set)(not set)
7
2019-09-11T20:30:12.841997-070010.249.53.598.8.4.4queryv20.events.data.microsoft.comA(not set)
8
2019-09-11T20:30:12.957186-07008.8.4.410.249.53.59answerv20.events.data.microsoft.com(not set)(not set)
9
2019-09-11T20:29:47.796583-070010.249.53.598.8.8.8querydownload.cdn.mozilla.netA(not set)
10
2019-09-11T20:29:47.826989-070010.249.53.598.8.4.4querydownload.cdn.mozilla.netA(not set)
11
2019-09-11T20:29:47.837666-07008.8.8.810.249.53.59answerdownload.cdn.mozilla.net(not set)(not set)
12
2019-09-11T20:29:47.845832-07008.8.4.410.249.53.59answerdownload.cdn.mozilla.net(not set)(not set)
13
2019-09-11T20:30:12.823330-070010.249.53.598.8.8.8queryv20.events.data.microsoft.comA(not set)
14
2019-09-11T20:30:13.135140-07008.8.8.810.249.53.59answerv20.events.data.microsoft.com(not set)(not set)
TLS 4
Showing 1-4 of 4 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-09-11T20:29:12.058352-070010.249.53.59104.215.76.184TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2
2
2019-09-11T20:29:12.059380-070010.249.53.59104.215.76.184TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2
3
2019-09-11T20:29:21.410289-070010.249.53.59104.215.76.184TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2
4
2019-09-11T20:30:13.471314-070010.249.53.5952.114.74.44TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 1
Showing 1-1 of 1 item.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-09-11T20:29:47.942169-070010.249.53.59download.cdn.mozilla.net80GET/pub/thunderbird/releases/38.5.0/update/win32/en-US/thunderbird-38.5.0.complete.mar206
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 17
Showing 1-17 of 17 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-09-11T20:30:36.289360-0700594619892704974flow10.249.53.5913710.249.53.255137UDPpcapanalyzer
2
2019-09-11T20:30:36.289360-0700564653907351567flow10.249.53.5955849104.215.76.184443TCPpcapanalyzer
3
2019-09-11T20:30:36.289360-0700424461879161199flow10.249.53.59588218.8.8.853UDPpcapanalyzer
4
2019-09-11T20:30:36.289360-07002139528223821858flow10.249.53.59633278.8.8.853UDPpcapanalyzer
5
2019-09-11T20:30:36.289360-07001014792249100947flow10.249.53.5955847104.215.76.184443TCPpcapanalyzer
6
2019-09-11T20:30:36.289360-0700596166081643078flow10.249.53.595574440.90.189.152443TCPpcapanalyzer
7
2019-09-11T20:30:36.289360-0700458168780282678flow10.249.53.59557328.8.8.853UDPpcapanalyzer
8
2019-09-11T20:30:36.289360-0700322443518779479flow10.249.53.595584647.254.17.28110TCPpcapanalyzer
9
2019-09-11T20:30:36.289360-0700616434036431117flow10.249.53.59633278.8.4.453UDPpcapanalyzer
10
2019-09-11T20:30:36.289360-0700898385754496430flow10.249.53.595585352.114.74.44443TCPpcapanalyzer
11
2019-09-11T20:30:36.289360-07001054911540993645flow10.249.53.59574838.8.4.453UDPpcapanalyzer
12
2019-09-11T20:30:36.289360-07001208920478263207flow10.249.53.59574838.8.8.853UDPpcapanalyzer
13
2019-09-11T20:30:36.289360-07001070905999215312flow10.249.53.5955852104.70.237.8580TCPpcapanalyzer
14
2019-09-11T20:30:36.289360-07001775083065509779flow10.249.53.595585010.249.52.23131337TCPpcapanalyzer
15
2019-09-11T20:30:36.289360-0700650583319586300flow10.249.53.595585147.254.17.28110TCPpcapanalyzer
16
2019-09-11T20:30:36.289360-0700371603716655763flow10.249.53.5955848104.215.76.184443TCPpcapanalyzer
17
2019-09-11T20:30:36.289360-07001924324588488656flow10.249.53.59588218.8.4.453UDPpcapanalyzer
File 1
Showing 1-1 of 1 item.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-09-11T20:29:47.942169-0700104.70.237.8510.249.53.59/pub/thunderbird/releases/38.5.0/update/win32/en-US/thunderbird-38.5.0.complete.marPGP\011Secret Sub-key -300000

Comments(not set)

Update Download PCAP Delete