Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 139.196.72.155 | Active | Moloch |
| 159.69.237.188 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 168.119.39.118 | Active | Moloch |
| 186.250.48.5 | Active | Moloch |
| 194.9.172.107 | Active | Moloch |
| 207.148.81.119 | Active | Moloch |
| 45.71.195.104 | Active | Moloch |
| 51.75.33.122 | Active | Moloch |
| 78.47.204.80 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
No traffic
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 45.71.195.104 | 192.168.56.103 | 3 | |
| 45.71.195.104 | 192.168.56.103 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49171 -> 194.9.172.107:8080 | 2404311 | ET CNC Feodo Tracker Reported CnC Server group 12 | A Network Trojan was detected |
| TCP 192.168.56.103:49174 -> 139.196.72.155:8080 | 2404304 | ET CNC Feodo Tracker Reported CnC Server group 5 | A Network Trojan was detected |
| TCP 139.196.72.155:8080 -> 192.168.56.103:49174 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.103:49172 -> 139.196.72.155:8080 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 192.168.56.103:49173 -> 139.196.72.155:8080 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts