Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| 150.134.208.175.b.barracudacentral.org | 127.0.0.2 | |
| 150.134.208.175.zen.spamhaus.org | ||
| checkip.amazonaws.com | 52.204.109.97 | |
| 150.134.208.175.cbl.abuseat.org |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://checkip.amazonaws.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: checkip.amazonaws.com
HTTP/1.1 200 OK
Date: Wed, 17 Mar 2021 14:45:47 GMT
Server: lighttpd/1.4.53
Content-Length: 16
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49207 -> 23.21.27.29:80 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
| TCP 192.168.56.101:49206 -> 131.255.106.152:449 | 2404303 | ET CNC Feodo Tracker Reported CnC Server group 4 | A Network Trojan was detected |
| TCP 192.168.56.101:49206 -> 131.255.106.152:449 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 131.255.106.152:449 -> 192.168.56.101:49206 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49206 131.255.106.152:449 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8 |
Snort Alerts
No Snort Alerts