Alert Table for 2017-10-21-traffic-analysis-exercise.pcap

Alerts provided by Emerging Threats 2020-07-08
Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
2.0 62 10.0.1.95 49672 65.52.108.254 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
2.0 62 10.0.1.95 49672 65.52.108.254 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
3.0 117 10.0.1.95 49674 65.52.108.212 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
3.0 117 10.0.1.95 49674 65.52.108.212 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
55.0 613 107.180.41.148 80 10.0.1.95 49691 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
55.0 613 107.180.41.148 80 10.0.1.95 49691 Potentially Bad Traffic ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download 2
77.0 722 10.0.1.95 49671 65.52.108.254 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
77.0 722 10.0.1.95 49671 65.52.108.254 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
80.0 848 10.0.1.95 49676 65.52.108.254 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
80.0 848 10.0.1.95 49676 65.52.108.254 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
81.0 874 10.0.1.95 49677 40.77.224.255 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
81.0 874 10.0.1.95 49677 40.77.224.255 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
120.0 1052 10.0.1.95 52527 130.255.78.223 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
130.0 1065 10.0.1.95 57621 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
130.0 1077 10.0.1.95 57622 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
137.0 1230 10.0.1.95 57624 65.52.108.254 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
137.0 1230 10.0.1.95 57624 65.52.108.254 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
137.0 1267 10.0.1.95 57625 65.52.108.225 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
137.0 1267 10.0.1.95 57625 65.52.108.225 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
171.0 1340 10.0.1.95 61981 144.76.133.38 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
172.0 1354 10.0.1.95 61982 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
173.0 1478 10.0.1.95 49411 62.113.203.99 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
174.0 1488 10.0.1.95 53978 93.170.96.235 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
186.0 1507 10.0.1.95 55224 31.3.135.232 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
186.0 1521 10.0.1.95 55225 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
187.0 1638 10.0.1.95 63016 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
188.0 1650 10.0.1.95 63017 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
190.0 1778 10.0.1.95 54664 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
191.0 1788 10.0.1.95 54665 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
193.0 1797 10.0.1.95 53279 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
193.0 1810 10.0.1.95 53280 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
194.0 1820 10.0.1.95 53131 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
195.0 1834 10.0.1.95 53132 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
196.0 1888 10.0.1.95 60206 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
197.0 1952 10.0.1.95 60208 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
198.0 2221 10.0.1.95 53917 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
199.0 2234 10.0.1.95 53918 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
201.0 2285 10.0.1.95 63962 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
201.0 2296 10.0.1.95 63963 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
203.0 2507 10.0.1.95 51538 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
204.0 2518 10.0.1.95 51539 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
205.0 2541 10.0.1.95 58179 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
206.0 2552 10.0.1.95 58180 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
219.0 2757 10.0.1.95 54277 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
220.0 2767 10.0.1.95 54278 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
221.0 2798 10.0.1.95 59592 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
222.0 2817 10.0.1.95 59593 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
223.0 2829 10.0.1.95 64717 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
224.0 2839 10.0.1.95 64718 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
226.0 2848 10.0.1.95 58092 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
226.0 2859 10.0.1.95 58093 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
228.0 3085 10.0.1.95 49337 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
229.0 3096 10.0.1.95 49338 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
231.0 3148 10.0.1.95 59989 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
231.0 3159 10.0.1.95 59990 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
232.0 3177 10.0.1.95 56324 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
233.0 3181 10.0.1.95 54148 144.76.133.38 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
233.0 3198 10.0.1.95 54150 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
233.0 3203 10.0.1.95 54149 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
235.0 3418 10.0.1.95 56620 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
236.0 3430 10.0.1.95 56621 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
238.0 3651 10.0.1.95 58353 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
238.0 3666 10.0.1.95 58354 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
239.0 3684 10.0.1.95 53210 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
240.0 3694 10.0.1.95 53211 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
242.0 3703 10.0.1.95 58218 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
242.0 3713 10.0.1.95 58219 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
243.0 3722 10.0.1.95 60887 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
244.0 3735 10.0.1.95 60888 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
247.0 3744 10.0.1.95 62007 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
247.0 3754 10.0.1.95 62008 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
251.0 3772 10.0.1.95 60414 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
251.0 3782 10.0.1.95 60415 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
254.0 3793 10.0.1.95 59627 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
254.0 3803 10.0.1.95 59628 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
254.0 3806 10.0.1.95 59628 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
255.0 3814 10.0.1.95 57446 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
255.0 3824 10.0.1.95 57447 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
255.0 3827 10.0.1.95 57447 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
256.0 3835 10.0.1.95 51096 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
256.0 3845 10.0.1.95 51097 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
257.0 3866 10.0.1.95 63716 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
257.0 3877 10.0.1.95 63718 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
257.0 3880 10.0.1.95 63718 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
258.0 3888 10.0.1.95 57746 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
258.0 3898 10.0.1.95 57747 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
539.0 4549 10.0.1.95 49510 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
540.0 4636 10.0.1.95 49513 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
612.0 5847 10.0.1.95 61112 188.165.200.156 53 Potentially Bad Traffic ET INFO DNS Query Domain .bit 2
612.0 5866 10.0.1.95 61115 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
634.0 n/a 10.0.1.95 51097 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
634.0 n/a 10.0.1.95 60415 35.198.166.240 80 Potentially Bad Traffic ET HUNTING Suspicious HTTP Request to .bit domain 2
635.0 7322 104.18.61.210 80 10.0.1.95 61209 Exploit Kit Activity Detected ET EXPLOIT_KIT EITest Inject July 25 2017 1
635.0 7681 10.0.1.95 61209 104.18.61.210 80 Potential Corporate Privacy Violation ET POLICY Outdated Flash Version M1 1
638.0 8894 10.0.1.95 61313 172.226.84.55 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
692.0 9518 10.0.1.95 55963 10.0.1.1 53 Potentially Bad Traffic ET DNS Query to a .tk domain - Likely Hostile 2
692.0 9519 10.0.1.95 55963 10.0.1.1 53 Potentially Bad Traffic ET DNS Query to a .tk domain - Likely Hostile 2
693.0 9534 10.0.1.95 61356 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
693.0 9537 162.244.35.36 80 10.0.1.95 61356 Possible Social Engineering Attempted ET WEB_CLIENT Tech Support Phone Scam Landing (err.mp3) Aug 12 2016 2
693.0 9537 162.244.35.36 80 10.0.1.95 61356 Possible Social Engineering Attempted ET WEB_CLIENT Fake AV Phone Scam Landing Feb 12 2
693.0 9544 10.0.1.95 61357 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
693.0 9580 10.0.1.95 61356 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
698.0 9653 10.0.1.95 61356 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
698.0 9656 10.0.1.95 61357 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
702.0 9917 162.244.35.33 80 10.0.1.95 61354 Exploit Kit Activity Detected ET EXPLOIT_KIT Possible Keitaro TDS Redirect 1