2017-11-23-Necurs-Botnet-malspam-pushes-Scarab-ransomware.pcap

MD52ec5cbdd23318b6ddea08d598af13d32
Submission Date2017-11-26 20:13:53
Tagspeexe scarab
Alert 3
Showing 1-3 of 3 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-11-23T09:17:05.909444-08005.2.88.7910.11.23.101ET POLICY PE EXE or DLL Windows file download HTTP
2
2017-11-23T09:17:05.909444-08005.2.88.7910.11.23.101ET TROJAN Possible Windows executable sent when remote host claims to send a Text File
3
2017-11-23T09:17:05.909444-08005.2.88.7910.11.23.101ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2
DNS 3
Showing 1-3 of 3 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2017-11-23T09:17:05.728053-080010.11.23.10110.11.23.1querypamplonarecados.comA(not set)
2
2017-11-23T09:17:13.775943-080010.11.23.10110.11.23.1queryiplogger.coA(not set)
3
2017-11-23T09:17:13.948046-080010.11.23.110.11.23.101answeriplogger.coA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 2
Showing 1-2 of 2 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-11-23T09:17:14.265929-080010.11.23.101iplogger.co80GET/18RtV6.jpg200
2
2017-11-23T09:17:05.909444-080010.11.23.101pamplonarecados.com80GET/JHgd476?200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 5
Showing 1-5 of 5 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-11-23T09:17:05.909444-08001629177775201269flow10.11.23.1015410610.11.23.153UDPpcapanalyzer
2
2017-11-23T09:17:05.909444-0800563643633760955flow10.11.23.101491595.2.88.7980TCPpcapanalyzer
3
2017-11-23T09:17:05.909444-0800154767042643655flow10.11.23.1014916088.99.66.3180TCPpcapanalyzer
4
2017-11-23T09:17:05.909444-0800870209809929991flow10.11.23.1015382810.11.23.153UDPpcapanalyzer
5
2017-11-23T09:17:05.909444-08001629177775251588flow10.11.23.15310.11.23.10154106UDPpcapanalyzer
File 2
Showing 1-2 of 2 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-11-23T09:17:14.265929-080088.99.66.3110.11.23.101/18RtV6.jpgPNG image data, 1 x 1, 1-bit colormap, non-interlaced116
2
2017-11-23T09:17:06.563050-08005.2.88.7910.11.23.101/JHgd476PE32 executable (GUI) Intel 80386, for MS Windows55875

Commentshttp://malware-traffic-analysis.net/2017/11/23/index.html

Update Download PCAP Delete