« Back to Threat Assessment « Previous Threat | Next Threat »

Hash - [Abuse.ch] Possible Tofsee detected in 2017-11-21-traffic-analysis-exercise-6-of-6.pcap

Time Packet Protocol Source Destination Additional Threats
2017/11/21 01:59:51 +0000 983 TLS / tcp 192.168.9.155:49735 65.52.108.229:443 source | dest | ip pair

Payload (191 bytes) show as: hex | ascii | follow stream

00000000 00000010 00000020 00000030 00000040 00000050 00000060 00000070 00000080 00000090 000000A0 000000B0
16 03 03 00 ba 01 00 00  b6 03 03 5a 13 88 97 13 40 a1 3d 2a b4 5f 22 b4  d8 51 5d 2d 01 dc a2 7f 43 a8 a4 72 e3 d0 9b 61  e4 5a ab 00 00 2e c0 2c c0 2b c0 30 c0 2f 00 9f  00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14  c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 0a  00 05 00 04 01 00 00 5f 00 00 00 24 00 22 00 00  1f 42 4e 33 53 43 48 30 32 30 30 32 32 32 35 38  2e 77 6e 73 2e 77 69 6e 64 6f 77 73 2e 63 6f 6d  00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02  01 00 00 0d 00 14 00 12 04 01 05 01 02 01 04 03  05 03 02 03 02 02 06 01 06 03 00 23 00 00 00 17  00 00 ff 01 00 01 00
........ ...Z.... @.=*._". .Q]-.... C..r...a .Z....., .+.0./.. ...$.#.( .'...... .......= .<.5./.. ......._ ...$.".. .BN3SCH0 20022258 .wns.win dows.com ........ ........ ........ ........ ........ ...#.... .......

2 Alerts

Alerts provided by Emerging Threats 2022-04-08
Signature Category SID.rev Rule Set
3 Hash - [Abuse.ch] Possible Tofsee Unknown Traffic 2028787.2 ET JA3
3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 2028370.2 ET JA3

External References

The following URLs have been provided as references for some of the alerts found in this capture file. These links are not maintained by CloudShark and will redirect outside of the application.

Community ID

Community ID is an open standard for hashing network flows into identifiers and can be used to correlate connections across different tools.

Zeek: conn.log: 1:2kbk1VadJkg0yBEsDY9lhz7KNgA=