Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
https://180.178.106.50/sat1/TEST22-PC_W617601.5D67FB324A9D0823B317377F32B3F2A7/5/file/
REQUEST
RESPONSE
BODY
GET /sat1/TEST22-PC_W617601.5D67FB324A9D0823B317377F32B3F2A7/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 180.178.106.50
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Thu, 10 Jun 2021 13:44:30 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 114.7.240.221 | 192.168.56.102 | 3 | |
| 81.200.55.153 | 192.168.56.102 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49812 -> 178.72.192.20:443 | 2404307 | ET CNC Feodo Tracker Reported CnC Server group 8 | A Network Trojan was detected |
| TCP 192.168.56.102:49813 -> 180.178.106.50:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 180.178.106.50:443 -> 192.168.56.102:49813 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49813 180.178.106.50:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 57:a5:47:89:03:bd:10:1a:51:a8:68:ac:ea:f3:b9:47:d1:31:e5:c7 |
Snort Alerts
No Snort Alerts