Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 22, 2021, 7:25 a.m. | April 22, 2021, 7:28 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\file.rtf
1016
Name | Response | Post-Analysis Lookup |
---|---|---|
asw-sns.link | 203.55.176.12 | |
mofa.iugur.live | 185.163.45.56 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49201 -> 185.163.45.56:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49207 -> 203.55.176.12:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49206 -> 203.55.176.12:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49201 185.163.45.56:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.iugur.live | e3:d0:2e:6f:dd:cc:f9:aa:87:9f:48:cc:c6:70:fc:71:9b:74:f8:ec |
TLSv1 192.168.56.101:49207 203.55.176.12:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=asw-sns.link | ce:10:29:73:2b:ca:8e:65:59:93:ea:2f:41:2d:91:23:4f:a2:b5:61 |
TLSv1 192.168.56.101:49206 203.55.176.12:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=asw-sns.link | ce:10:29:73:2b:ca:8e:65:59:93:ea:2f:41:2d:91:23:4f:a2:b5:61 |
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d= | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA== | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2 | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 |
request | GET https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d= |
request | GET https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/ |
request | GET https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA== |
request | GET https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi |
request | GET https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg |
request | GET https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1 |
request | GET https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2 |
request | POST https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 |
request | GET https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 |
request | POST https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | file.rtf |