Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 149.54.20.142 | Active | Moloch |
| 154.237.38.233 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 178.90.122.155 | Active | Moloch |
| 185.215.113.66 | Active | Moloch |
| 197.206.48.80 | Active | Moloch |
| 2.184.173.72 | Active | Moloch |
| 2.191.10.43 | Active | Moloch |
| 213.230.67.151 | Active | Moloch |
| 37.254.87.78 | Active | Moloch |
| 46.100.150.125 | Active | Moloch |
| 80.84.112.220 | Active | Moloch |
| 82.137.219.19 | Active | Moloch |
| 85.204.93.214 | Active | Moloch |
| 90.156.160.79 | Active | Moloch |
| 95.56.3.48 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.update.microsoft.com | 20.72.235.82 |
No traffic
- UDP Requests
-
-
192.168.56.103:53675 100.64.34.200:40500
-
192.168.56.103:53675 149.54.20.142:40500
-
192.168.56.103:53675 154.237.38.233:40500
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:53675 178.90.122.155:40500
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:53675 197.206.48.80:40500
-
192.168.56.103:53675 2.184.173.72:40500
-
192.168.56.103:53675 2.191.10.43:40500
-
192.168.56.103:53675 213.230.67.151:40500
-
192.168.56.103:52763 239.255.255.250:1900
-
192.168.56.103:53674 239.255.255.250:1900
-
192.168.56.103:53675 37.254.87.78:40500
-
192.168.56.103:53675 80.84.112.220:40500
-
192.168.56.103:53675 85.204.93.214:40500
-
192.168.56.103:53675 95.56.3.48:40500
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:53675 -> 2.184.173.72:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:53675 -> 2.191.10.43:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:53675 -> 178.90.122.155:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:53675 -> 197.206.48.80:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:53675 -> 95.56.3.48:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:53675 -> 100.64.34.200:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:53675 -> 149.54.20.142:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts