filenet.pcap

MD5624bc595194c7077e719cb8bd9ae646c
Submission Date2017-12-20 20:29:49
Tagsxmaya6 encrypted-peexe pedll rig-ek cve-2016-0189
Alert 22
Showing 1-20 of 22 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-02-15T00:35:42.880683-0800192.168.30.12913.76.98.135ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017*
2
2017-02-15T00:35:42.186876-0800192.168.30.12913.76.96.38ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017*
3
2017-02-15T00:35:40.381910-080052.230.19.131192.168.30.129ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016 M3*
4
2017-02-15T00:35:40.381910-080052.230.19.131192.168.30.129ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016 M4*
5
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M1*
6
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M2*
7
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
8
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET CURRENT_EVENTS CVE-2016-0189 Exploit*
9
2017-02-15T00:35:43.125350-0800192.168.30.12913.76.98.135ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017*
10
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M1*
11
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M2*
12
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
13
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET CURRENT_EVENTS CVE-2016-0189 Exploit*
14
2017-02-15T00:35:43.801674-080013.76.98.135192.168.30.129ET POLICY PE EXE or DLL Windows file download HTTP*
15
2017-02-15T00:35:43.801674-080013.76.98.135192.168.30.129ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)*
16
2017-02-15T00:35:44.734213-080013.76.98.135192.168.30.129ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)*
17
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve*
18
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M1*
19
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M2*
20
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
DNS 0
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
No results found.
TLS 18
Showing 1-18 of 18 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2017-02-15T00:35:04.765745-0800192.168.30.129204.79.197.203TLS 1.2www.msn.com
2
2017-02-15T00:35:05.279513-0800192.168.30.129103.20.94.1TLS 1.2www.linkedin.com
3
2017-02-15T00:35:05.985352-0800192.168.30.12954.251.253.37TLS 1.2dc.ads.linkedin.com
4
2017-02-15T00:35:15.719936-0800192.168.30.129131.253.61.80TLS 1.2login.live.com
5
2017-02-15T00:35:20.893515-0800192.168.30.12913.107.21.200TLS 1.2www.bing.com
6
2017-02-15T00:35:26.150112-0800192.168.30.129172.217.24.36TLS 1.2www.google.com
7
2017-02-15T00:35:28.327379-0800192.168.30.129216.58.196.67TLS 1.2www.gstatic.com
8
2017-02-15T00:35:27.951121-0800192.168.30.129216.58.196.67TLS 1.2ssl.gstatic.com
9
2017-02-15T00:35:28.325717-0800192.168.30.129216.58.196.67TLS 1.2www.gstatic.com
10
2017-02-15T00:35:15.626235-0800192.168.30.129131.253.61.80TLS 1.2login.live.com
11
2017-02-15T00:35:20.893460-0800192.168.30.12913.107.21.200TLS 1.2www.bing.com
12
2017-02-15T00:35:27.947684-0800192.168.30.129216.58.196.67TLS 1.2ssl.gstatic.com
13
2017-02-15T00:35:28.831467-0800192.168.30.129216.58.196.78TLS 1.2apis.google.com
14
2017-02-15T00:35:29.897397-0800192.168.30.129117.18.232.200TLS 1.2iecvlist.microsoft.com
15
2017-02-15T00:35:28.835230-0800192.168.30.129216.58.196.78TLS 1.2apis.google.com
16
2017-02-15T00:35:56.708324-0800192.168.30.129111.221.29.46TLS 1.2arc.msn.com
17
2017-02-15T00:36:05.295391-0800192.168.30.129204.79.197.200TLS 1.2ieonline.microsoft.com
18
2017-02-15T00:36:05.301309-0800192.168.30.129204.79.197.200TLS 1.2ieonline.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 89
Showing 61-80 of 89 items.
#
TimestampSourceHostnamePortMethodURLStatus
61
2017-02-15T00:35:42.935639-0800192.168.30.129cx.xmaya.my80POST/r?q=ITuyVUAiMaE3LKWyVTyhVUEbnKZtpTSwn2SaMFOcplOjLKW0VT9zVUEbMFOLYH1urJRtAvNbZwNkAlx_&oq=V0hZRE9OVFlPVU1BS0VZT1VSU0VMRlVTRUZVTExSRVRBUkQ_&tuif=1337&br_fl=0703&ct=kaenlupuf&yus=kaenlupuf.2k17.480x290&biw=r0xd4n3t.81jv99.200
62
2017-02-15T00:35:40.661192-0800192.168.30.129fonts.googleapis.com80GET/css?family=Open+Sans200
63
2017-02-15T00:35:40.716225-0800192.168.30.129www.kpdnkk.xmaya.my80aders/blue-flower.jpgHTTP/1.1200
64
2017-02-15T00:35:40.937569-0800192.168.30.129www.kpdnkk.xmaya.my80GET/media/jui/js/bootstrap.min.js200
65
2017-02-15T00:35:42.186876-0800192.168.30.129www.maybank.xmaya.my80GET/t/?q=ITuyVUAiMaE3LKWyVTyhVUEbnKZtpTSwn2SaMFOcplOjLKW0VT9zVUEbMFOLYH1urJRtAvNbZwNkAlx_&oq=V0hZRE9OVFlPVU1BS0VZT1VSU0VMRlVTRUZVTExSRVRBUkQ_&tuif=1337&br_fl=0703&ct=kaenlupuf&yus=kaenlupuf.2k17.480x290&biw=r0xd4n3t.81jv99200
66
2017-02-15T00:35:49.707553-0800192.168.30.129www.petronas.xmaya.my80GET/media/cms/css/style.css200
67
2017-02-15T00:35:40.678890-0800192.168.30.129www.kpdnkk.xmaya.my80mplates/protostar/css/template.css?cbea64f8f931e4c7ce75fbc37ca45f38HTTP/1.1200
68
2017-02-15T00:35:41.907538-0800192.168.30.129www.kpdnkk.xmaya.my80GET/media/jui/js/jquery.min.js200
69
2017-02-15T00:35:42.255408-0800192.168.30.129fonts.gstatic.com80GET/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff200
70
2017-02-15T00:35:42.340356-0800192.168.30.129www.kpdnkk.xmaya.my80/fonts/IcoMoon.eot?HTTP/1.1200
71
2017-02-15T00:35:42.638540-0800192.168.30.129www.kpdnkk.xmaya.my80GET/templates/protostar/favicon.ico200
72
2017-02-15T00:35:43.411488-0800192.168.30.129cx.xmaya.my80GET/favicon.ico404
73
2017-02-15T00:35:44.940150-0800192.168.30.129ping.chartbeat.net80GET/ping?h=en-my.msn.com&p=%2Fen-my&u=wjIFSQMIsUDBa34W&d=msn.com&g=42635&g0=homepage&n=0&f=80101&c=0.5&x=0&m=0&y=5881&o=1130&w=637&j=60&R=0&W=0&I=1&E=0&e=0&r=&b=1067&t=CKhLU2CyCfB4CQKCLnawl1ZZct1J&V=89&tz=-480&_cdname=easia&sn=2&EE=0&sv=DFFH95J7pj2ChkBhTBKxWgewaEtF&_200
74
2017-02-15T00:35:47.810125-0800192.168.30.129cx.xmaya.my80GET/garbage/rzps.txt200
75
2017-02-15T00:36:26.265535-0800192.168.30.129api.bing.com80ml.aspx?query=http%3A%2F%2Fasuk.xmaya.my&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IESS02&market=en-US&pc=EUPP_HTTP/1.1200
76
2017-02-15T00:36:29.924390-0800192.168.30.129ping.chartbeat.net80GET/ping?h=en-my.msn.com&p=%2Fen-my&u=wjIFSQMIsUDBa34W&d=msn.com&g=42635&g0=homepage&n=0&f=80101&c=1.25&x=0&m=0&y=5881&o=1130&w=637&j=90&R=0&W=0&I=1&E=0&e=0&r=&b=1067&t=CKhLU2CyCfB4CQKCLnawl1ZZct1J&V=89&tz=-480&_cdname=easia&sn=3&EE=0&sv=DFFH95J7pj2ChkBhTBKxWgewaEtF&_200
77
2017-02-15T00:36:00.007483-0800192.168.30.129asuk.xmaya.my80POST/GbDeNZinG6WcupDkGbDA6pncPyVgqL4g6picqLVCNtGANwExNpHzQwHSGbXYQpN71IcgQ8971ZOTGIY8QZrzGLN8Gw9UlF9KQFGLQp9zGFggGIqUGIriGIOp1bmSGZmU1wXg1O==200
78
2017-02-15T00:36:00.475607-0800192.168.30.129asuk.xmaya.my80GET/GbDeNZinG6WcupDkGbDA6pncPyVgqL4g6picqLVCNtGANwExNpHzQwHSGbXYQpN71IcgQ8971ZOTGIY8QZrzGLN8Gw9UlF9KQFGLQp9zGFggGIqUGIriGIOp1bmSGZmU1wXg1O==200
79
2017-02-15T00:36:26.863184-0800192.168.30.129asuk.xmaya.my80GET/200
80
2017-02-15T00:36:27.005891-0800192.168.30.129asuk.xmaya.my80GET/favicon.ico200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 119
Showing 1-20 of 119 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-02-15T00:36:30.404731-0800423037416663844flow54.169.157.10880192.168.30.12950249TCPpcapanalyzer
2
2017-02-15T00:36:30.404731-08001971171261192328flow192.168.30.12950310216.58.196.67443TCPpcapanalyzer
3
2017-02-15T00:36:30.404731-08001830800991622844flow192.168.30.12950252111.221.29.3080TCPpcapanalyzer
4
2017-02-15T00:36:30.404731-0800705341319053512flow192.168.30.1295026023.99.125.5580TCPpcapanalyzer
5
2017-02-15T00:36:30.404731-0800567251678301062flow157.240.0.5443192.168.30.12950657TCPpcapanalyzer
6
2017-02-15T00:36:30.404731-0800568288914235418flow192.168.30.1295032652.230.19.13180TCPpcapanalyzer
7
2017-02-15T00:36:30.404731-0800570103535593632flow192.168.30.12950263117.18.237.2980TCPpcapanalyzer
8
2017-02-15T00:36:30.404731-0800288881962102540flow192.168.30.12950235104.103.70.880TCPpcapanalyzer
9
2017-02-15T00:36:30.404731-08001418406822521455flow192.168.30.12950304172.217.24.36443TCPpcapanalyzer
10
2017-02-15T00:36:30.404731-0800434590877414958flow192.168.30.12950331216.58.196.6780TCPpcapanalyzer
11
2017-02-15T00:36:30.404731-08001004099245880922flow192.168.30.1295033452.230.19.13180TCPpcapanalyzer
12
2017-02-15T00:36:30.404731-0800723762433672679flow192.168.30.12950287131.253.61.80443TCPpcapanalyzer
13
2017-02-15T00:36:30.404731-08001429165714259643flow192.168.30.12950279104.66.29.7180TCPpcapanalyzer
14
2017-02-15T00:36:30.404731-0800725542697672368flow192.168.30.1295025313.107.21.20080TCPpcapanalyzer
15
2017-02-15T00:36:30.404731-08001992283173429054flow192.168.30.12950315104.66.2.7580TCPpcapanalyzer
16
2017-02-15T00:36:30.404731-0800446762812884884flow192.168.30.12950288131.253.61.80443TCPpcapanalyzer
17
2017-02-15T00:36:30.404731-08001291911444395749flow192.168.30.12950272103.20.94.1443TCPpcapanalyzer
18
2017-02-15T00:36:30.404731-0800590072985913180flow125.252.232.13680192.168.30.12950264TCPpcapanalyzer
19
2017-02-15T00:36:30.404731-0800872318909332440flow192.168.30.12950271204.79.197.203443TCPpcapanalyzer
20
2017-02-15T00:36:30.404731-0800872372597769306flow192.168.30.12950301216.58.196.7880TCPpcapanalyzer
File 65
Showing 1-20 of 65 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-02-15T00:35:04.436921-080023.51.43.27192.168.30.129/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6bw==data1377
2
2017-02-15T00:35:05.350828-0800104.66.29.71192.168.30.129/msn-malaysia-home/trc/3/jsonASCII text, with very long lines, with no line terminators5188
3
2017-02-15T00:35:05.693449-080054.251.249.152192.168.30.129/track/cmf/genericHTML document, ASCII text, with no line terminators237
4
2017-02-15T00:35:05.877571-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_334,w_207,c_fill,g_faces,e_sharpen/http:/dailylifetech.com/banners/trackr/v1/001.jpgJPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 1614379
5
2017-02-15T00:35:05.877572-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_334,w_207,c_fill,g_faces,e_sharpen/http:/cdn.taboolasyndication.com/libtrc/static/thumbnails/d49216656db35e33d9c1379504aa1ffb.jpgJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 207x334, frames 310280
6
2017-02-15T00:35:06.071264-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_334,w_207,c_fill,g_faces,e_sharpen/http:/dailylifetech.com/banners/lumify/v1dt/2.pngJPEG image data, JFIF standard 1.01, aspect ratio, density 37x37, segment length 16, baseline, precision 8, 207x334, frames 35854
7
2017-02-15T00:35:06.143058-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_368,w_622,c_fill,g_faces,e_sharpen/http:/img-s-msn-com.akamaized.net/tenant/amp/entityid/BBr9sAf.imgJPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 622x368, frames 334276
8
2017-02-15T00:35:09.114898-080054.243.94.211192.168.30.129/pingGIF image data, version 89a, 1 x 143
9
2017-02-15T00:35:14.925787-080054.243.94.211192.168.30.129/pingGIF image data, version 89a, 1 x 143
10
2017-02-15T00:35:14.451570-0800192.168.30.129103.243.221.51/ut/v2ASCII text, with very long lines, with no line terminators1566
11
2017-02-15T00:35:15.741098-0800104.66.29.71192.168.30.129/msn-malaysia-home/trc/3/jsonASCII text, with very long lines, with no line terminators4359
12
2017-02-15T00:35:16.486834-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_368,w_622,c_fill,g_faces,e_sharpen/http:/img-s-msn-com.akamaized.net/tenant/amp/entityid/BBonE8K.imgJPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 622x368, frames 387078
13
2017-02-15T00:35:25.706078-0800216.58.196.78192.168.30.129/HTML document, ASCII text, with CRLF, LF line terminators219
14
2017-02-15T00:35:26.584873-080023.51.43.27192.168.30.129/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==data1377
15
2017-02-15T00:35:14.451730-0800192.168.30.129103.243.221.51/ut/v2ASCII text, with very long lines, with no line terminators672
16
2017-02-15T00:35:14.989038-0800103.243.221.51192.168.30.129/ut/v2ASCII text, with no line terminators163
17
2017-02-15T00:35:15.053569-0800103.243.221.51192.168.30.129/ut/v2ASCII text, with no line terminators164
18
2017-02-15T00:35:23.619648-080013.107.5.80192.168.30.129/qsml.aspxXML 1.0 document, ASCII text, with very long lines, with no line terminators499
19
2017-02-15T00:35:25.959126-0800172.217.24.36192.168.30.129/HTML document, ASCII text, with CRLF, LF line terminators231
20
2017-02-15T00:35:27.170424-0800216.58.196.78192.168.30.129/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEa4U7mufcaddata463

Comments

Update Download PCAP Delete