Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| myip.opendns.com | ||
| ttzcloud.com | 88.119.169.96 | |
| 222.222.67.208.in-addr.arpa |
PTR
dns.umbrella.com
PTR
dns.opendns.com
PTR
resolver1.opendns.com
|
|
| myip.opendns.com | ||
| resolver1.opendns.com | 208.67.222.222 |
- UDP Requests
-
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:63710 208.67.222.222:53resolver1.opendns.com
-
192.168.56.102:63711 208.67.222.222:53resolver1.opendns.com
-
192.168.56.102:63712 208.67.222.222:53resolver1.opendns.com
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:63715 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
POST
100
http://ttzcloud.com/upload.php
REQUEST
RESPONSE
BODY
POST /upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: ttzcloud.com
Content-Length: 62
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
POST
100
http://ttzcloud.com/upload.php
REQUEST
RESPONSE
BODY
POST /upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: ttzcloud.com
Content-Length: 62
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:63711 -> 208.67.222.222:53 | 2023472 | ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) | Device Retrieving External IP Address Detected |
| UDP 192.168.56.102:63712 -> 208.67.222.222:53 | 2023472 | ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) | Device Retrieving External IP Address Detected |
| TCP 192.168.56.102:49187 -> 88.119.169.96:80 | 2046820 | ET MALWARE [ANY.RUN] Konni.APT Exfiltration | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts