Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| mail.namusoft.kr | 182.162.89.146 | |
| www.jinjinpig.co.kr | 222.122.49.28 |
- TCP Requests
-
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49813 182.162.89.146:80mail.namusoft.kr
-
192.168.56.102:49814 182.162.89.146:80mail.namusoft.kr
-
192.168.56.102:49816 182.162.89.146:80mail.namusoft.kr
-
192.168.56.102:49811 222.122.49.28:80www.jinjinpig.co.kr
-
192.168.56.102:49815 222.122.49.28:80www.jinjinpig.co.kr
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
POST
404
http://www.jinjinpig.co.kr/Anyboard/skin/board.php
REQUEST
RESPONSE
BODY
POST /Anyboard/skin/board.php HTTP/1.1
User-Agent: Mozilla/4.0 (Windows NT 5.0; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/34.0.1952.34 Safari/35.15 Infopath.-17397249
Host: www.jinjinpig.co.kr
Content-type: application/x-www-form-urlencoded
Content-length: 0
HTTP/1.1 404 Not Found
Date: Wed, 16 Jun 2021 00:19:39 GMT
Server: Microsoft-IIS/5.0
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1
POST
404
http://mail.namusoft.kr/jsp/user/eam/board.jsp
REQUEST
RESPONSE
BODY
POST /jsp/user/eam/board.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (Windows NT 6.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/42.0.1861.42 Safari/1.19 Infopath.-17397249
Host: mail.namusoft.kr
Content-type: application/x-www-form-urlencoded
Content-length: 0
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Date: Wed, 16 Jun 2021 00:20:06 GMT
Server: Postian Web Server
POST
404
http://mail.namusoft.kr/jsp/user/eam/board.jsp
REQUEST
RESPONSE
BODY
POST /jsp/user/eam/board.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20121104 Firefox/12.0 Infopath.-17397249
Host: mail.namusoft.kr
Content-type: application/x-www-form-urlencoded
Content-length: 0
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Date: Wed, 16 Jun 2021 00:20:26 GMT
Server: Postian Web Server
POST
404
http://www.jinjinpig.co.kr/Anyboard/skin/board.php
REQUEST
RESPONSE
BODY
POST /Anyboard/skin/board.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.2; WOW64; Trident/4.0; Infopath.-17397249)
Host: www.jinjinpig.co.kr
Content-type: application/x-www-form-urlencoded
Content-length: 0
HTTP/1.1 404 Not Found
Date: Wed, 16 Jun 2021 00:20:40 GMT
Server: Microsoft-IIS/5.0
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1
POST
404
http://mail.namusoft.kr/jsp/user/eam/board.jsp
REQUEST
RESPONSE
BODY
POST /jsp/user/eam/board.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; WOW64; Trident/5.0; Infopath.-17397249)
Host: mail.namusoft.kr
Content-type: application/x-www-form-urlencoded
Content-length: 0
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Date: Wed, 16 Jun 2021 00:21:06 GMT
Server: Postian Web Server
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49816 -> 182.162.89.146:80 | 2016897 | ET MALWARE Possible Win32/Gapz MSIE 9 on Windows NT 5 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts