Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
https://46.99.175.217/top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/
REQUEST
RESPONSE
BODY
GET /top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.77.0
Host: 46.99.175.217
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 29 Sep 2021 07:24:58 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://179.189.229.254/top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/
REQUEST
RESPONSE
BODY
GET /top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.77.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 29 Sep 2021 07:25:24 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://46.99.175.217/top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/
REQUEST
RESPONSE
BODY
GET /top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.77.0
Host: 46.99.175.217
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 29 Sep 2021 07:26:12 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://46.99.175.217/top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/
REQUEST
RESPONSE
BODY
GET /top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.77.0
Host: 46.99.175.217
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 29 Sep 2021 07:26:14 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://179.189.229.254/top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/
REQUEST
RESPONSE
BODY
GET /top125/TEST22-PC_W617601.88F1D4E3B76E7578C633B085D7CDCBB8/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.77.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 29 Sep 2021 07:26:16 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49169 -> 179.189.229.254:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 192.168.56.102:49167 -> 46.99.175.217:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 46.99.175.217:443 -> 192.168.56.102:49167 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
| TCP 192.168.56.102:49172 -> 46.99.175.217:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 46.99.175.217:443 -> 192.168.56.102:49172 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
| TCP 179.189.229.254:443 -> 192.168.56.102:49169 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49169 179.189.229.254:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02 |
|
TLSv1 192.168.56.102:49167 46.99.175.217:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02 |
|
TLSv1 192.168.56.102:49172 46.99.175.217:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02 |
Snort Alerts
No Snort Alerts