Alert Table for 2017-02-11-traffic-analysis-exercise.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
279.0 6719 10.3.14.131 49437 216.58.194.99 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6733 10.3.14.131 49438 216.58.194.99 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6734 10.3.14.131 49436 216.58.194.99 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6735 10.3.14.131 49435 216.58.194.100 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6738 10.3.14.131 49439 216.58.194.100 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6742 10.3.14.131 49440 216.58.194.100 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6746 10.3.14.131 49441 216.58.194.100 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6810 10.3.14.131 49442 216.58.194.110 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
279.0 6817 10.3.14.131 49443 216.58.194.106 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
337.0 8553 10.3.14.134 51734 10.3.14.1 53 Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile 2
339.0 8570 10.3.14.134 49249 104.155.4.180 80 Potentially Bad Traffic ET INFO HTTP Request to a *.top domain 2
339.0 8607 104.155.4.180 80 10.3.14.134 49249 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
339.0 8607 104.155.4.180 80 10.3.14.134 49249 A Network Trojan was detected ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 1
339.0 8607 104.155.4.180 80 10.3.14.134 49249 A Network Trojan was detected ET MALWARE JS/WSF Downloader Dec 08 2016 M6 1
339.0 8607 104.155.4.180 80 10.3.14.134 49249 Misc activity ET HUNTING Possible EXE Download From Suspicious TLD 3
339.0 8607 104.155.4.180 80 10.3.14.134 49249 Misc activity ET INFO EXE - Served Attached HTTP 3
340.0 8823 10.3.14.134 51735 91.119.56.3 6892 Malware Command and Control Activity Detected ET MALWARE Ransomware/Cerber Checkin M3 (4) 1
351.0 11036 10.3.14.134 50205 10.3.14.1 53 A Network Trojan was detected ET MALWARE Ransomware/Cerber Onion Domain Lookup 1
354.0 11100 10.3.14.131 49480 216.58.194.142 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11215 10.3.14.131 49483 216.58.194.67 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11218 10.3.14.131 49481 216.58.194.67 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11228 10.3.14.131 49482 216.58.194.67 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11234 10.3.14.131 49486 172.217.6.131 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11238 10.3.14.131 49485 172.217.6.131 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11242 10.3.14.131 49484 172.217.6.131 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11246 10.3.14.131 49488 216.58.194.78 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11250 10.3.14.131 49489 216.58.194.78 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11256 10.3.14.131 49487 216.58.194.78 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11415 10.3.14.131 49491 216.58.194.67 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
370.0 11422 10.3.14.131 49490 216.58.194.67 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
372.0 12105 10.3.14.131 49494 172.217.6.129 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
372.0 12110 10.3.14.131 49493 216.58.194.65 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
372.0 12114 10.3.14.131 49492 216.58.194.65 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
379.0 13773 10.3.14.131 49523 216.58.194.46 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
379.0 14378 10.3.14.131 49529 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
379.0 14382 10.3.14.131 49528 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
379.0 14385 10.3.14.131 49527 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
414.0 15468 10.3.14.131 49576 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
414.0 15476 10.3.14.131 49578 94.31.29.64 443 Unknown Traffic ET JA3 Hash - Possible Malware - Eitest Chrome Popup 3
414.0 15476 10.3.14.131 49578 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
414.0 15481 10.3.14.131 49577 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
414.0 15494 10.3.14.131 49575 94.31.29.64 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
420.0 15619 67.210.245.241 80 10.3.14.131 49554 Possible Social Engineering Attempted ET EXPLOIT_KIT EITest SocEng Inject Jan 15 2017 M1 2
420.0 15653 10.3.14.131 49581 173.194.64.157 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
422.0 15714 10.3.14.131 49583 94.31.29.138 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
428.0 15937 193.255.242.61 80 10.3.14.131 49594 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
428.0 15937 193.255.242.61 80 10.3.14.131 49594 Misc activity ET INFO EXE - Served Attached HTTP 3
475.0 16341 10.3.14.134 63203 10.3.14.1 53 A Network Trojan was detected ET MALWARE Ransomware/Cerber Onion Domain Lookup 1
475.0 16341 10.3.14.134 63203 10.3.14.1 53 Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile 2
480.0 16399 10.3.14.134 49254 217.12.208.17 80 Potentially Bad Traffic ET INFO HTTP Request to a *.top domain 2
510.0 16655 10.3.14.134 49254 217.12.208.17 80 Potentially Bad Traffic ET INFO HTTP Request to a *.top domain 2
523.0 16747 10.3.14.131 64890 10.3.14.1 53 A Network Trojan was detected ET MALWARE Spora Ransomware DNS Query 1
523.0 16747 10.3.14.131 64890 10.3.14.1 53 Potentially Bad Traffic ET INFO Observed DNS Query to .biz TLD 2
523.0 16750 10.3.14.131 64890 10.3.14.1 53 A Network Trojan was detected ET MALWARE Spora Ransomware DNS Query 1
523.0 16750 10.3.14.131 64890 10.3.14.1 53 Potentially Bad Traffic ET INFO Observed DNS Query to .biz TLD 2
531.0 16772 10.3.14.131 49618 186.2.163.47 80 Malware Command and Control Activity Detected ET MALWARE Spora Ransomware Checkin 1
639.0 17248 10.3.14.131 49647 172.217.6.142 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
647.0 17317 10.3.14.134 49256 217.12.208.17 80 Potentially Bad Traffic ET INFO HTTP Request to a *.top domain 2
Alerts provided by Emerging Threats 2020-07-08
Open in new window Done