Alert Table for 2017-11-21-traffic-analysis-exercise-6-of-6.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
0.0 n/a 116.90.60.136 80 192.168.9.155 49754 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
0.0 n/a 116.90.60.136 80 192.168.9.155 49754 Potentially Bad Traffic ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download 2
0.0 n/a 116.90.60.136 80 192.168.9.155 49754 Misc activity ET INFO EXE - Served Attached HTTP 3
1.0 16 192.168.9.155 49668 13.107.4.52 80 Misc activity ET INFO Microsoft Connection Test 3
6.0 310 192.168.9.155 49676 65.52.108.254 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
6.0 310 192.168.9.155 49676 65.52.108.254 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
7.0 353 192.168.9.155 49678 131.253.34.238 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
7.0 353 192.168.9.155 49678 131.253.34.238 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
63.0 956 192.168.9.155 49734 131.253.34.230 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
63.0 956 192.168.9.155 49734 131.253.34.230 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
63.0 983 192.168.9.155 49735 65.52.108.229 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
63.0 983 192.168.9.155 49735 65.52.108.229 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
97.0 1486 116.90.60.136 80 192.168.9.155 49754 A Network Trojan was detected ET POLICY Terse Named Filename EXE Download - Possibly Hostile 1
106.0 1963 192.168.9.155 49759 194.88.246.242 443 Malware Command and Control Activity Detected ET MALWARE W32/Emotet.v4 Checkin 1
106.0 1963 192.168.9.155 49759 194.88.246.242 443 Potentially Bad Traffic ET POLICY HTTP traffic on port 443 (POST) 2
106.0 1963 192.168.9.155 49759 194.88.246.242 443 Potentially Bad Traffic ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 2
180.0 3469 192.168.9.155 49786 13.107.4.52 80 Misc activity ET INFO Microsoft Connection Test 3
198.0 4855 192.168.9.155 49779 23.53.120.145 443 Generic Protocol Command Decode SURICATA STREAM Packet with invalid ack 3
198.0 4855 192.168.9.155 49779 23.53.120.145 443 Generic Protocol Command Decode SURICATA STREAM SHUTDOWN RST invalid ack 3
198.0 4860 192.168.9.155 49774 23.53.120.145 443 Generic Protocol Command Decode SURICATA STREAM Packet with invalid ack 3
198.0 4860 192.168.9.155 49774 23.53.120.145 443 Generic Protocol Command Decode SURICATA STREAM SHUTDOWN RST invalid ack 3
198.0 4867 192.168.9.155 49778 23.53.120.145 443 Generic Protocol Command Decode SURICATA STREAM Packet with invalid ack 3
198.0 4867 192.168.9.155 49778 23.53.120.145 443 Generic Protocol Command Decode SURICATA STREAM SHUTDOWN RST invalid ack 3
263.0 6715 192.168.9.155 49900 23.50.125.142 443 Generic Protocol Command Decode SURICATA Applayer Wrong direction first Data 3
264.0 6736 13.107.13.88 443 192.168.9.155 49813 Generic Protocol Command Decode SURICATA STREAM Packet with invalid ack 3
264.0 6736 13.107.13.88 443 192.168.9.155 49813 Generic Protocol Command Decode SURICATA STREAM SHUTDOWN RST invalid ack 3
304.0 6896 192.168.9.155 49963 64.4.54.254 443 Generic Protocol Command Decode SURICATA Applayer Wrong direction first Data 3
326.0 7002 192.168.9.155 49829 23.50.125.142 443 Generic Protocol Command Decode SURICATA STREAM Packet with invalid ack 3
326.0 7002 192.168.9.155 49829 23.50.125.142 443 Generic Protocol Command Decode SURICATA STREAM SHUTDOWN RST invalid ack 3
607.0 7416 192.168.9.155 49991 64.4.54.254 443 Generic Protocol Command Decode SURICATA STREAM bad window update 3
607.0 7418 192.168.9.155 49991 64.4.54.254 443 Generic Protocol Command Decode SURICATA STREAM bad window update 3
Open in new window Done