Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 185.157.162.126 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49166 -> 185.157.162.126:443 | 906200095 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) | undefined |
| TCP 185.157.162.126:443 -> 192.168.56.101:49166 | 2030724 | ET MALWARE Observed Malicious SSL Cert (BitRAT CnC) | Domain Observed Used for C2 Detected |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49166 185.157.162.126:443 |
CN=BitRAT | CN=BitRAT | fb:e2:a7:63:31:a4:36:70:f5:2c:87:7b:ab:0b:4b:f8:e5:9c:9b:7a |
Snort Alerts
No Snort Alerts