Alert Table for 2017-11-21-traffic-analysis-exercise-6-of-6.pcap

Relative Time	Packet	Source	Source Port	Destination	Dest Port	Category	Rule Set	Signature	Severity
6.0	310	192.168.9.155	49676	65.52.108.254	443	Unknown Traffic	ET JA3	Hash - Possible Malware - Fake Firefox Font Update	3
6.0	310	192.168.9.155	49676	65.52.108.254	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Tofsee	3
7.0	353	192.168.9.155	49678	131.253.34.238	443	Unknown Traffic	ET JA3	Hash - Possible Malware - Fake Firefox Font Update	3
7.0	353	192.168.9.155	49678	131.253.34.238	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Tofsee	3
63.0	956	192.168.9.155	49734	131.253.34.230	443	Unknown Traffic	ET JA3	Hash - Possible Malware - Fake Firefox Font Update	3
63.0	956	192.168.9.155	49734	131.253.34.230	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Tofsee	3
63.0	983	192.168.9.155	49735	65.52.108.229	443	Unknown Traffic	ET JA3	Hash - Possible Malware - Fake Firefox Font Update	3
63.0	983	192.168.9.155	49735	65.52.108.229	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Tofsee	3
97.0	1486	116.90.60.136	80	192.168.9.155	49754	A Network Trojan was detected	ET POLICY	Terse Named Filename EXE Download - Possibly Hostile	1
106.0	1963	192.168.9.155	49759	194.88.246.242	443	Potentially Bad Traffic	ET POLICY	HTTP traffic on port 443 (POST)	2
106.0	1963	192.168.9.155	49759	194.88.246.242	443	Potentially Bad Traffic	ET HUNTING	GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	2
656.0	n/a	116.90.60.136	80	192.168.9.155	49754	Potential Corporate Privacy Violation	ET POLICY	PE EXE or DLL Windows file download HTTP	1
656.0	n/a	116.90.60.136	80	192.168.9.155	49754	Potentially Bad Traffic	ET INFO	Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	2
656.0	n/a	116.90.60.136	80	192.168.9.155	49754	Misc activity	ET INFO	EXE - Served Attached HTTP	3

Alerts provided by Emerging Threats 2022-04-08

Open in new window Done