Alert Table for 2017-12-15-traffic-analysis-exercise-2-of-2.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
276.0 46 10.1.1.213 55269 10.1.1.1 53 Potentially Bad Traffic ET INFO DNS Query for Suspicious .gdn Domain 2
276.0 57 10.1.1.213 49158 185.92.222.9 443 Potentially Bad Traffic ET INFO Suspicious Domain (*.gdn) in TLS SNI 2
276.0 60 185.92.222.9 443 10.1.1.213 49158 Potentially Bad Traffic ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.gdn) 2
355.0 2778 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
526.0 2828 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
577.0 n/a 108.61.179.223 80 10.1.1.213 49191 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49172 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49190 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49177 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49193 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49171 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49169 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49176 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49198 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49175 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49195 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49161 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49194 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49185 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49196 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49199 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49174 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49192 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49173 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49189 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49170 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
577.0 n/a 108.61.179.223 80 10.1.1.213 49197 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
697.0 2902 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
867.0 2959 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
Alerts provided by Emerging Threats 2022-04-08
Open in new window Done