| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49171 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49169 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49194 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49177 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49193 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49195 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49176 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49173 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49170 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49191 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49196 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49190 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49192 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49175 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49161 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49197 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49174 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49172 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49198 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49189 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49185 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 0.0 |
n/a |
108.61.179.223 |
80 |
10.1.1.213 |
49199 |
Malware Command and Control Activity Detected |
ET MALWARE |
[PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response |
1 |
| 276.0 |
46 |
10.1.1.213 |
55269 |
10.1.1.1 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query for Suspicious .gdn Domain |
2 |
| 276.0 |
57 |
10.1.1.213 |
49158 |
185.92.222.9 |
443 |
Potentially Bad Traffic |
ET INFO |
Suspicious Domain (*.gdn) in TLS SNI |
2 |
| 276.0 |
60 |
185.92.222.9 |
443 |
10.1.1.213 |
49158 |
Potentially Bad Traffic |
ET HUNTING |
Observed Let's Encrypt Certificate for Suspicious TLD (.gdn) |
2 |
| 355.0 |
2778 |
184.172.60.198 |
5938 |
10.1.1.213 |
49168 |
Misc activity |
ET POLICY |
TeamViewer Keep-alive inbound |
3 |
| 526.0 |
2828 |
184.172.60.198 |
5938 |
10.1.1.213 |
49168 |
Misc activity |
ET POLICY |
TeamViewer Keep-alive inbound |
3 |
| 697.0 |
2902 |
184.172.60.198 |
5938 |
10.1.1.213 |
49168 |
Misc activity |
ET POLICY |
TeamViewer Keep-alive inbound |
3 |
| 867.0 |
2959 |
184.172.60.198 |
5938 |
10.1.1.213 |
49168 |
Misc activity |
ET POLICY |
TeamViewer Keep-alive inbound |
3 |