Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| miracle.designsoup.co.kr | 121.78.88.79 |
GET
404
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1
REQUEST
RESPONSE
BODY
GET /user/views/resort/controller/css/update/list.php?query=1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: miracle.designsoup.co.kr
HTTP/1.1 404 Not Found
Date: Tue, 13 Jun 2023 00:42:29 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips PHP/5.2.17
Content-Length: 379
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49165 -> 121.78.88.79:80 | 2033012 | ET MALWARE Suspected Kimsuky Activity (GET) | A Network Trojan was detected |
| TCP 192.168.56.102:49165 -> 121.78.88.79:80 | 2033597 | ET MALWARE Kimsuky Related Script Activity (GET) | A Network Trojan was detected |
| TCP 192.168.56.102:49165 -> 121.78.88.79:80 | 2045182 | ET MALWARE Suspected DPRK APT Related Activity (GET) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts