Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| mockbin.org | 172.64.162.25 | |
| run.mocky.io | 185.42.117.108 |
GET
200
http://run.mocky.io/v3/acea62da-ca05-46d1-bb80-0b036af7467c
REQUEST
RESPONSE
BODY
GET /v3/acea62da-ca05-46d1-bb80-0b036af7467c HTTP/1.1
Host: run.mocky.io
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Date: Wed, 03 May 2023 00:56:17 GMT
Content-Length: 141
Sozu-Id: 01GZFHRAGHF6RG2A11RVV1XH8N
POST
100
http://mockbin.org/bin/e8bfd045-2b14-4afc-9372-b723f7d76918
REQUEST
RESPONSE
BODY
POST /bin/e8bfd045-2b14-4afc-9372-b723f7d76918 HTTP/1.1
Host: mockbin.org
Content-Length: 5390
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49169 -> 172.64.162.25:80 | 2018886 | ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND | A Network Trojan was detected |
| TCP 192.168.56.101:49169 -> 172.64.162.25:80 | 2017968 | ET HUNTING Suspicious Possible Process Dump in POST body | A Network Trojan was detected |
| TCP 192.168.56.101:49169 -> 172.64.162.25:80 | 2027117 | ET HUNTING Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts