Network Analysis
IP Address | Status | Action |
---|---|---|
104.21.46.148 | Active | Moloch |
104.21.73.149 | Active | Moloch |
108.170.12.50 | Active | Moloch |
13.248.169.48 | Active | Moloch |
13.56.33.8 | Active | Moloch |
133.125.38.187 | Active | Moloch |
145.239.5.159 | Active | Moloch |
15.197.142.173 | Active | Moloch |
153.120.34.73 | Active | Moloch |
153.122.24.177 | Active | Moloch |
153.126.211.112 | Active | Moloch |
157.7.107.88 | Active | Moloch |
172.67.135.11 | Active | Moloch |
18.197.121.220 | Active | Moloch |
185.151.30.147 | Active | Moloch |
185.230.63.107 | Active | Moloch |
192.124.249.12 | Active | Moloch |
192.124.249.14 | Active | Moloch |
192.124.249.9 | Active | Moloch |
164.124.101.2 | Active | Moloch |
194.169.175.43 | Active | Moloch |
192.169.149.78 | Active | Moloch |
194.143.194.23 | Active | Moloch |
195.128.140.29 | Active | Moloch |
195.5.116.23 | Active | Moloch |
198.185.159.144 | Active | Moloch |
198.185.159.145 | Active | Moloch |
199.34.228.78 | Active | Moloch |
204.15.134.44 | Active | Moloch |
205.149.134.32 | Active | Moloch |
207.180.198.201 | Active | Moloch |
211.1.226.67 | Active | Moloch |
216.177.137.32 | Active | Moloch |
23.236.62.147 | Active | Moloch |
3.33.130.190 | Active | Moloch |
35.172.94.1 | Active | Moloch |
35.214.171.193 | Active | Moloch |
35.231.13.148 | Active | Moloch |
49.12.155.123 | Active | Moloch |
49.212.235.59 | Active | Moloch |
5.134.13.210 | Active | Moloch |
51.159.3.117 | Active | Moloch |
61.200.81.21 | Active | Moloch |
75.2.70.75 | Active | Moloch |
77.78.104.3 | Active | Moloch |
83.223.113.46 | Active | Moloch |
86.105.245.69 | Active | Moloch |
87.98.236.253 | Active | Moloch |
89.161.136.188 | Active | Moloch |
91.220.211.163 | Active | Moloch |
92.42.191.40 | Active | Moloch |
93.188.2.51 | Active | Moloch |
99.83.190.102 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
amm.mine.nu | 194.169.175.43 |
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2042513 | ET INFO DYNAMIC_DNS Query to a *.mine .nu Domain | Potentially Bad Traffic |
TCP 194.169.175.43:1335 -> 192.168.56.103:49168 | 2030673 | ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) | Domain Observed Used for C2 Detected |
TCP 194.169.175.43:1335 -> 192.168.56.103:49168 | 2035595 | ET MALWARE Generic AsyncRAT Style SSL Cert | Domain Observed Used for C2 Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49168 194.169.175.43:1335 |
CN=AsyncRAT Server | CN=AsyncRAT Server | c0:74:2f:cf:ac:08:26:95:4d:1f:b6:6f:1e:ab:22:b3:91:b1:75:90 |
Snort Alerts
No Snort Alerts