NetWork | ZeroBOX

Flow	SID	Signature	Category
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 104.192.141.1:443 -> 192.168.56.101:49182	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 77.91.68.68:19071 -> 192.168.56.101:49176	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49182 -> 104.192.141.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 5.42.92.67:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49180 -> 5.42.92.67:80	2044623	ET MALWARE Amadey Bot Activity (POST)	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49178 -> 5.42.92.67:80	2027700	ET MALWARE Amadey CnC Check-In	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 5.42.92.67:80	2045751	ET MALWARE Win32/Amadey Bot Activity (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49178 -> 5.42.92.67:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 5.42.92.67:80	2044623	ET MALWARE Amadey Bot Activity (POST)	A Network Trojan was detected
TCP 192.168.56.101:49192 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49178 -> 5.42.92.67:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49212 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 104.192.141.1:443 -> 192.168.56.101:49184	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 5.42.92.67:80 -> 192.168.56.101:49178	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 5.42.92.67:80 -> 192.168.56.101:49178	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 5.42.92.67:80 -> 192.168.56.101:49178	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49216 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49191 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49220 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49200 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49226 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49196 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49202 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49199 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49205 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49207 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49195 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49198 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 104.192.141.1:443 -> 192.168.56.101:49183	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49183 -> 104.192.141.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49217 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49211 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49223 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49213 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49227 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49218 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49180 -> 5.42.92.67:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 5.42.92.67:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49193 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 5.42.92.67:80 -> 192.168.56.101:49180	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 5.42.92.67:80 -> 192.168.56.101:49180	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.101:49194 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49197 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49201 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 5.42.92.67:80 -> 192.168.56.101:49180	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.101:49203 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49206 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49208 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49210 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49222 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49225 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49228 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49219 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49221 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49230 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49224 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected
TCP 192.168.56.101:49229 -> 104.21.72.18:80	2043206	ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts