Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
-
-
192.168.56.103:49171 182.162.143.56:443
-
192.168.56.103:49172 182.162.143.56:443
-
192.168.56.103:49173 187.63.160.88:80
-
192.168.56.103:49174 187.63.160.88:80
-
192.168.56.103:49169 66.228.32.31:7080
-
192.168.56.103:49170 66.228.32.31:7080
-
192.168.56.103:49167 91.121.146.47:8080
-
192.168.56.103:49168 91.121.146.47:8080
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 91.121.146.47:8080 -> 192.168.56.103:49168 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 66.228.32.31:7080 -> 192.168.56.103:49170 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.103:49177 -> 104.168.155.143:8080 | 2404300 | ET CNC Feodo Tracker Reported CnC Server group 1 | A Network Trojan was detected |
| TCP 192.168.56.103:49172 -> 182.162.143.56:443 | 2404306 | ET CNC Feodo Tracker Reported CnC Server group 7 | A Network Trojan was detected |
| TCP 182.162.143.56:443 -> 192.168.56.103:49172 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.103:49176 -> 164.90.222.65:443 | 2404304 | ET CNC Feodo Tracker Reported CnC Server group 5 | A Network Trojan was detected |
| TCP 192.168.56.103:49173 -> 187.63.160.88:80 | 2404307 | ET CNC Feodo Tracker Reported CnC Server group 8 | A Network Trojan was detected |
| TCP 187.63.160.88:80 -> 192.168.56.103:49174 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts