Alert Table for 2017-02-11-traffic-analysis-exercise.pcap

Relative Time Packet Source Source Port Destination Dest Port Category RuleSet Signature Severity
337.0 8553 10.3.14.134 51734 10.3.14.1 53 Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile 2
339.0 8607 104.155.4.180 80 10.3.14.134 49249 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
340.0 8826 10.3.14.134 51735 91.119.56.6 6892 A Network Trojan was Detected ET TROJAN Ransomware/Cerber Checkin M3 (4) 1
340.0 8956 10.3.14.134 51735 91.121.56.72 6892 A Network Trojan was Detected ET TROJAN Ransomware/Cerber Checkin M3 (4) 1
350.0 11020 10.3.14.134 49250 54.87.5.88 80 A Network Trojan was Detected ETPRO TROJAN Cerber Blockchain Query 1
351.0 11036 10.3.14.134 50205 10.3.14.1 53 A Network Trojan was Detected ET TROJAN Ransomware/Cerber Onion Domain Lookup 1
351.0 11036 10.3.14.134 50205 10.3.14.1 53 A Network Trojan was Detected ETPRO TROJAN DNS Query matching Cerber Domain Format (.top TLD) 1
351.0 11036 10.3.14.134 50205 10.3.14.1 53 Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile 2
420.0 15619 67.210.245.241 80 10.3.14.131 49554 A Network Trojan was Detected ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 M1 1
427.0 15890 10.3.14.131 49594 193.255.242.61 80 A Network Trojan was Detected ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1 1
428.0 15937 193.255.242.61 80 10.3.14.131 49594 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
428.0 15937 193.255.242.61 80 10.3.14.131 49594 A Network Trojan was Detected ETPRO CURRENT_EVENTS Possible EITest SocEng Chrome Fonts DL Feb 06 M2 1
475.0 16341 10.3.14.134 63203 10.3.14.1 53 A Network Trojan was Detected ET TROJAN Ransomware/Cerber Onion Domain Lookup 1
475.0 16341 10.3.14.134 63203 10.3.14.1 53 A Network Trojan was Detected ETPRO TROJAN DNS Query matching Cerber Domain Format (.top TLD) 1
475.0 16341 10.3.14.134 63203 10.3.14.1 53 Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile 2
523.0 16747 10.3.14.131 64890 10.3.14.1 53 A Network Trojan was Detected ET TROJAN Spora Ransomware DNS Query 1
523.0 16750 10.3.14.131 64890 10.3.14.1 53 A Network Trojan was Detected ET TROJAN Spora Ransomware DNS Query 1
531.0 16772 10.3.14.131 49618 186.2.163.47 80 A Network Trojan was Detected ET TROJAN Spora Ransomware Checkin 1
Alerts provided by Emerging Threats 2020-01-27
Open in new window Done