Alert Table for 2017-11-21-traffic-analysis-exercise-6-of-6.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
6.0 310 192.168.9.155 49676 65.52.108.254 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
6.0 310 192.168.9.155 49676 65.52.108.254 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
7.0 353 192.168.9.155 49678 131.253.34.238 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
7.0 353 192.168.9.155 49678 131.253.34.238 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
63.0 956 192.168.9.155 49734 131.253.34.230 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
63.0 956 192.168.9.155 49734 131.253.34.230 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
63.0 983 192.168.9.155 49735 65.52.108.229 443 Unknown Traffic ET JA3 Hash - Possible Malware - Fake Firefox Font Update 3
63.0 983 192.168.9.155 49735 65.52.108.229 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Tofsee 3
97.0 1486 116.90.60.136 80 192.168.9.155 49754 A Network Trojan was detected ET POLICY Terse Named Filename EXE Download - Possibly Hostile 1
106.0 1963 192.168.9.155 49759 194.88.246.242 443 Potentially Bad Traffic ET POLICY HTTP traffic on port 443 (POST) 2
106.0 1963 192.168.9.155 49759 194.88.246.242 443 Potentially Bad Traffic ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 2
656.0 n/a 116.90.60.136 80 192.168.9.155 49754 Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP 1
656.0 n/a 116.90.60.136 80 192.168.9.155 49754 Potentially Bad Traffic ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download 2
656.0 n/a 116.90.60.136 80 192.168.9.155 49754 Misc activity ET INFO EXE - Served Attached HTTP 3
Alerts provided by Emerging Threats 2022-04-08
Open in new window Done