Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
https://186.4.193.75/tot152/TEST22-PC_W617601.3BBA0CFF68E3F779B5F041BB34213194/5/kps/
REQUEST
RESPONSE
BODY
GET /tot152/TEST22-PC_W617601.3BBA0CFF68E3F779B5F041BB34213194/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 186.4.193.75
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 24 Sep 2021 08:07:22 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 177.91.75.182 | 192.168.56.102 | 11 | |
| 177.91.75.182 | 192.168.56.102 | 11 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49170 -> 184.74.99.214:443 | 2404309 | ET CNC Feodo Tracker Reported CnC Server group 10 | A Network Trojan was detected |
| TCP 186.4.193.75:443 -> 192.168.56.102:49166 | 2015686 | ET POLICY Signed TLS Certificate with md5WithRSAEncryption | Misc activity |
| TCP 192.168.56.102:49166 -> 186.4.193.75:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 186.4.193.75:443 -> 192.168.56.102:49166 | 2015686 | ET POLICY Signed TLS Certificate with md5WithRSAEncryption | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49166 186.4.193.75:443 |
C=NE, ST=none, L=Comman, O=Beurret, CN=badan.ch/emailAddress=mccoybrianna@jackson-hodges.com | C=NE, ST=none, L=Comman, O=Beurret, CN=badan.ch/emailAddress=mccoybrianna@jackson-hodges.com | 7d:cf:67:bf:06:62:f0:33:33:e5:7f:67:7d:85:dd:59:6c:92:1c:b5 |
Snort Alerts
No Snort Alerts