filenet.pcap

MD5624bc595194c7077e719cb8bd9ae646c
Submission Date2017-12-20 20:29:49
Tagsxmaya6 encrypted-peexe pedll rig-ek cve-2016-0189
Alert 22
Showing 1-20 of 22 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-02-15T00:35:42.880683-0800192.168.30.12913.76.98.135ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017*
2
2017-02-15T00:35:42.186876-0800192.168.30.12913.76.96.38ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017*
3
2017-02-15T00:35:40.381910-080052.230.19.131192.168.30.129ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016 M3*
4
2017-02-15T00:35:40.381910-080052.230.19.131192.168.30.129ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016 M4*
5
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M1*
6
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M2*
7
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
8
2017-02-15T00:35:43.051387-080013.76.98.135192.168.30.129ET CURRENT_EVENTS CVE-2016-0189 Exploit*
9
2017-02-15T00:35:43.125350-0800192.168.30.12913.76.98.135ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017*
10
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M1*
11
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M2*
12
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
13
2017-02-15T00:35:43.335813-080013.76.98.135192.168.30.129ET CURRENT_EVENTS CVE-2016-0189 Exploit*
14
2017-02-15T00:35:43.801674-080013.76.98.135192.168.30.129ET POLICY PE EXE or DLL Windows file download HTTP*
15
2017-02-15T00:35:43.801674-080013.76.98.135192.168.30.129ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)*
16
2017-02-15T00:35:44.734213-080013.76.98.135192.168.30.129ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)*
17
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve*
18
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M1*
19
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET EXPLOIT CVE-2016-0189 Common Construct M2*
20
2017-02-15T00:35:49.894159-080013.76.98.135192.168.30.129ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
DNS 0
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
No results found.
TLS 18
Showing 1-18 of 18 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2017-02-15T00:35:04.765745-0800192.168.30.129204.79.197.203TLS 1.2www.msn.com
2
2017-02-15T00:35:05.279513-0800192.168.30.129103.20.94.1TLS 1.2www.linkedin.com
3
2017-02-15T00:35:05.985352-0800192.168.30.12954.251.253.37TLS 1.2dc.ads.linkedin.com
4
2017-02-15T00:35:15.719936-0800192.168.30.129131.253.61.80TLS 1.2login.live.com
5
2017-02-15T00:35:20.893515-0800192.168.30.12913.107.21.200TLS 1.2www.bing.com
6
2017-02-15T00:35:26.150112-0800192.168.30.129172.217.24.36TLS 1.2www.google.com
7
2017-02-15T00:35:28.327379-0800192.168.30.129216.58.196.67TLS 1.2www.gstatic.com
8
2017-02-15T00:35:27.951121-0800192.168.30.129216.58.196.67TLS 1.2ssl.gstatic.com
9
2017-02-15T00:35:28.325717-0800192.168.30.129216.58.196.67TLS 1.2www.gstatic.com
10
2017-02-15T00:35:15.626235-0800192.168.30.129131.253.61.80TLS 1.2login.live.com
11
2017-02-15T00:35:20.893460-0800192.168.30.12913.107.21.200TLS 1.2www.bing.com
12
2017-02-15T00:35:27.947684-0800192.168.30.129216.58.196.67TLS 1.2ssl.gstatic.com
13
2017-02-15T00:35:28.831467-0800192.168.30.129216.58.196.78TLS 1.2apis.google.com
14
2017-02-15T00:35:29.897397-0800192.168.30.129117.18.232.200TLS 1.2iecvlist.microsoft.com
15
2017-02-15T00:35:28.835230-0800192.168.30.129216.58.196.78TLS 1.2apis.google.com
16
2017-02-15T00:35:56.708324-0800192.168.30.129111.221.29.46TLS 1.2arc.msn.com
17
2017-02-15T00:36:05.295391-0800192.168.30.129204.79.197.200TLS 1.2ieonline.microsoft.com
18
2017-02-15T00:36:05.301309-0800192.168.30.129204.79.197.200TLS 1.2ieonline.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 89
Showing 81-89 of 89 items.
#
TimestampSourceHostnamePortMethodURLStatus
81
2017-02-15T00:35:43.130680-0800192.168.30.129cx.xmaya.my80GET/r?q=ITuyVUAiMaE3LKWyVTyhVUEbnKZtpTSwn2SaMFOcplOjLKW0VT9zVUEbMFOLYH1urJRtAvNbZwNkAlx_&oq=V0hZRE9OVFlPVU1BS0VZT1VSU0VMRlVTRUZVTExSRVRBUkQ_&tuif=1337&br_fl=0703&ct=kaenlupuf&yus=kaenlupuf.2k17.480x290&biw=r0xd4n3t.81jv99.200
82
2017-02-15T00:35:43.674511-0800192.168.30.129cx.xmaya.my80GET/garbage/ieshell32.dll200
83
2017-02-15T00:35:44.338253-0800192.168.30.129cx.xmaya.my80GET/garbage/ielocalserver.dll200
84
2017-02-15T00:35:44.803129-0800192.168.30.129cx.xmaya.my80GET/garbage/rzex.html200
85
2017-02-15T00:36:30.404731-0800192.168.30.129api.bing.com80GET/qsml.aspx?query=www.xma&maxwidth=398&rowheight=20&sectionHeight=160&FORM=IESS02&market=en-US&pc=EUPP_(not set)
86
2017-02-15T00:36:30.404731-0800192.168.30.129api.bing.com80GET/qsml.aspx?query=ww&maxwidth=398&rowheight=20&sectionHeight=160&FORM=IESS02&market=en-US&pc=EUPP_(not set)
87
2017-02-15T00:36:30.404731-0800192.168.30.129api.bing.com80GET/qsml.aspx?query=w&maxwidth=398&rowheight=20&sectionHeight=160&FORM=IESS02&market=en-US&pc=EUPP_(not set)
88
2017-02-15T00:36:30.404731-0800192.168.30.129(not set)80(not set)/libhtp::request_uri_not_seen408
89
2017-02-15T00:36:30.404731-0800192.168.30.129api.bing.com80GET/qsml.aspx?query=xm&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IESS02&market=en-US&pc=EUPP_(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 119
Showing 1-20 of 119 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-02-15T00:36:30.404731-0800423037416663844flow54.169.157.10880192.168.30.12950249TCPpcapanalyzer
2
2017-02-15T00:36:30.404731-08001971171261192328flow192.168.30.12950310216.58.196.67443TCPpcapanalyzer
3
2017-02-15T00:36:30.404731-08001830800991622844flow192.168.30.12950252111.221.29.3080TCPpcapanalyzer
4
2017-02-15T00:36:30.404731-0800705341319053512flow192.168.30.1295026023.99.125.5580TCPpcapanalyzer
5
2017-02-15T00:36:30.404731-0800567251678301062flow157.240.0.5443192.168.30.12950657TCPpcapanalyzer
6
2017-02-15T00:36:30.404731-0800568288914235418flow192.168.30.1295032652.230.19.13180TCPpcapanalyzer
7
2017-02-15T00:36:30.404731-0800570103535593632flow192.168.30.12950263117.18.237.2980TCPpcapanalyzer
8
2017-02-15T00:36:30.404731-0800288881962102540flow192.168.30.12950235104.103.70.880TCPpcapanalyzer
9
2017-02-15T00:36:30.404731-08001418406822521455flow192.168.30.12950304172.217.24.36443TCPpcapanalyzer
10
2017-02-15T00:36:30.404731-0800434590877414958flow192.168.30.12950331216.58.196.6780TCPpcapanalyzer
11
2017-02-15T00:36:30.404731-08001004099245880922flow192.168.30.1295033452.230.19.13180TCPpcapanalyzer
12
2017-02-15T00:36:30.404731-0800723762433672679flow192.168.30.12950287131.253.61.80443TCPpcapanalyzer
13
2017-02-15T00:36:30.404731-08001429165714259643flow192.168.30.12950279104.66.29.7180TCPpcapanalyzer
14
2017-02-15T00:36:30.404731-0800725542697672368flow192.168.30.1295025313.107.21.20080TCPpcapanalyzer
15
2017-02-15T00:36:30.404731-08001992283173429054flow192.168.30.12950315104.66.2.7580TCPpcapanalyzer
16
2017-02-15T00:36:30.404731-0800446762812884884flow192.168.30.12950288131.253.61.80443TCPpcapanalyzer
17
2017-02-15T00:36:30.404731-08001291911444395749flow192.168.30.12950272103.20.94.1443TCPpcapanalyzer
18
2017-02-15T00:36:30.404731-0800590072985913180flow125.252.232.13680192.168.30.12950264TCPpcapanalyzer
19
2017-02-15T00:36:30.404731-0800872318909332440flow192.168.30.12950271204.79.197.203443TCPpcapanalyzer
20
2017-02-15T00:36:30.404731-0800872372597769306flow192.168.30.12950301216.58.196.7880TCPpcapanalyzer
File 65
Showing 1-20 of 65 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-02-15T00:35:04.436921-080023.51.43.27192.168.30.129/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6bw==data1377
2
2017-02-15T00:35:05.350828-0800104.66.29.71192.168.30.129/msn-malaysia-home/trc/3/jsonASCII text, with very long lines, with no line terminators5188
3
2017-02-15T00:35:05.693449-080054.251.249.152192.168.30.129/track/cmf/genericHTML document, ASCII text, with no line terminators237
4
2017-02-15T00:35:05.877571-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_334,w_207,c_fill,g_faces,e_sharpen/http:/dailylifetech.com/banners/trackr/v1/001.jpgJPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 1614379
5
2017-02-15T00:35:05.877572-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_334,w_207,c_fill,g_faces,e_sharpen/http:/cdn.taboolasyndication.com/libtrc/static/thumbnails/d49216656db35e33d9c1379504aa1ffb.jpgJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 207x334, frames 310280
6
2017-02-15T00:35:06.071264-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_334,w_207,c_fill,g_faces,e_sharpen/http:/dailylifetech.com/banners/lumify/v1dt/2.pngJPEG image data, JFIF standard 1.01, aspect ratio, density 37x37, segment length 16, baseline, precision 8, 207x334, frames 35854
7
2017-02-15T00:35:06.143058-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_368,w_622,c_fill,g_faces,e_sharpen/http:/img-s-msn-com.akamaized.net/tenant/amp/entityid/BBr9sAf.imgJPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 622x368, frames 334276
8
2017-02-15T00:35:09.114898-080054.243.94.211192.168.30.129/pingGIF image data, version 89a, 1 x 143
9
2017-02-15T00:35:14.925787-080054.243.94.211192.168.30.129/pingGIF image data, version 89a, 1 x 143
10
2017-02-15T00:35:14.451570-0800192.168.30.129103.243.221.51/ut/v2ASCII text, with very long lines, with no line terminators1566
11
2017-02-15T00:35:15.741098-0800104.66.29.71192.168.30.129/msn-malaysia-home/trc/3/jsonASCII text, with very long lines, with no line terminators4359
12
2017-02-15T00:35:16.486834-0800104.66.29.71192.168.30.129/taboola/image/fetch/f_jpg,q_80,h_368,w_622,c_fill,g_faces,e_sharpen/http:/img-s-msn-com.akamaized.net/tenant/amp/entityid/BBonE8K.imgJPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 622x368, frames 387078
13
2017-02-15T00:35:25.706078-0800216.58.196.78192.168.30.129/HTML document, ASCII text, with CRLF, LF line terminators219
14
2017-02-15T00:35:26.584873-080023.51.43.27192.168.30.129/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==data1377
15
2017-02-15T00:35:14.451730-0800192.168.30.129103.243.221.51/ut/v2ASCII text, with very long lines, with no line terminators672
16
2017-02-15T00:35:14.989038-0800103.243.221.51192.168.30.129/ut/v2ASCII text, with no line terminators163
17
2017-02-15T00:35:15.053569-0800103.243.221.51192.168.30.129/ut/v2ASCII text, with no line terminators164
18
2017-02-15T00:35:23.619648-080013.107.5.80192.168.30.129/qsml.aspxXML 1.0 document, ASCII text, with very long lines, with no line terminators499
19
2017-02-15T00:35:25.959126-0800172.217.24.36192.168.30.129/HTML document, ASCII text, with CRLF, LF line terminators231
20
2017-02-15T00:35:27.170424-0800216.58.196.78192.168.30.129/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEa4U7mufcaddata463

Comments

Update Download PCAP Delete