Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| jayurbf.gleeze.com | 185.216.71.245 | |
| microsoft.com | 20.112.52.29 | |
| google.com | 142.250.207.110 | |
| rqiscogroup.me | 107.174.71.176 |
- UDP Requests
-
-
192.168.56.102:51405 164.124.101.2:53
-
192.168.56.102:53778 164.124.101.2:53
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:56632 192.168.56.1:5351
-
192.168.56.102:137 192.168.56.103:137
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:51408 239.255.255.250:1900
-
192.168.56.102:56631 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
http://rqiscogroup.me/j/j.jpg
REQUEST
RESPONSE
BODY
GET /j/j.jpg HTTP/1.1
Host: rqiscogroup.me
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 05:01:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 19 Dec 2022 05:44:01 GMT
ETag: "11d6cf-5f027ce76999a"
Accept-Ranges: bytes
Content-Length: 1169103
Keep-Alive: timeout=5, max=100
Content-Type: image/jpeg
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.102 | 172.217.175.238 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
| 172.217.175.238 | 192.168.56.102 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 185.216.71.245:4207 -> 192.168.56.102:49168 | 2038897 | ET MALWARE Warzone RAT Response (Inbound) | A Network Trojan was detected |
| TCP 185.216.71.245:4207 -> 192.168.56.102:49168 | 2038897 | ET MALWARE Warzone RAT Response (Inbound) | A Network Trojan was detected |
| TCP 185.216.71.245:4207 -> 192.168.56.102:49173 | 2038897 | ET MALWARE Warzone RAT Response (Inbound) | A Network Trojan was detected |
| TCP 185.216.71.245:4207 -> 192.168.56.102:49173 | 2038897 | ET MALWARE Warzone RAT Response (Inbound) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts