9271 |
2024-01-24 08:04
|
rty37.exe 5403c7f25701c2f3880998784e78b2f9 Malicious Library UPX PE File PE64 OS Processor Check PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://i.alie3ksgaa.com/sta/imagd.jpg
|
3
i.alie3ksgaa.com(154.92.15.189) - mailcious 154.92.15.189 - mailcious
182.162.106.144
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9272 |
2024-01-24 08:13
|
FirstZ.exe ffada57f998ed6a72b6ba2f072d2690a PE File PE64 Cryptocurrency Miner DNS CoinMiner |
|
5
zeph-eu2.nanopool.org(51.15.89.13) pastebin.com(104.20.67.143) - mailcious 51.68.137.186 104.20.68.143 - mailcious 51.210.150.92
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9273 |
2024-01-24 09:32
|
REQUEST_FOR_QUOTATION.hta f8a7239fa4fce17853f74fcd61e24bd8 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9274 |
2024-01-25 08:54
|
conhost.exe 8666f07fa7e7240b0f1866c1252cc63f PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
|
4
api.ipify.org(173.231.16.75) mail.telefoonreparatiebovenkarspel.nl(185.94.230.135) - mailcious 64.185.227.156 185.94.230.135 - mailcious
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Detect protocol only one direction
|
|
12.8 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9275 |
2024-01-25 09:20
|
stan.exe 04301ab0e3daa0be320a90c29059f088 Client SW User Data Stealer RedLine stealer RedLine Infostealer RedlineStealer Amadey browser info stealer Themida Packer UltraVNC Generic Malware NSIS Hide_EXE Google Chrome User Data Downloader Malicious Packer Malicious Library UPX .NET frame Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Stealer Windows Update Exploit Browser RisePro Email ComputerName DNS Cryptographic key Software crashed Downloader |
20
http://109.107.182.3/cost/networ.exe - rule_id: 39053 http://185.215.113.68/theme/Plugins/cred64.dll - rule_id: 38948 http://185.215.113.68/mine/amer.exe - rule_id: 39024 http://109.107.182.3/cost/nika.exe - rule_id: 39037 http://185.172.128.90/cpa/ping.php?substr=seven&s=ab - rule_id: 38981 http://109.107.182.3/cost/go.exe - rule_id: 39025 http://185.215.113.68/theme/Plugins/clip64.dll - rule_id: 38951 http://109.107.182.3/cost/vimu.exe - rule_id: 39038 http://185.172.128.19/latestrocki.exe - rule_id: 39054 http://apps.identrust.com/roots/dstrootcax3.p7c http://185.215.113.68/theme/index.php - rule_id: 38935 https://www.google.com/favicon.ico https://accounts.google.com/generate_204?QWfFag https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3437MpdLqeJXXmnjo86ElWj-h7hAFZEOqRy5ULnXiPzkWs5AxnDO0Ovl-mxK_rlOLCFHwf https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3vDgA9dYQaukba9RXlX2wDMY1M-AxrCojfMZ91Il_gwrJz-Ee78hH-C5Y4mLG_WvowvhkPKQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S1963367809%3A1706140574270777
|
22
db-ip.com(104.26.4.15) www.google.com(172.217.161.228) ssl.gstatic.com(142.250.76.131) ipinfo.io(34.117.186.192) i.alie3ksgaa.com(154.92.15.189) - mailcious accounts.google.com(64.233.188.84) 142.250.204.36 195.20.16.103 - mailcious 104.26.4.15 185.215.113.68 - malware 5.42.64.33 - mailcious 185.172.128.19 - mailcious 141.95.211.148 - mailcious 34.117.186.192 185.172.128.90 - mailcious 61.111.58.35 - malware 193.233.132.62 - mailcious 154.92.15.189 - mailcious 142.251.220.35 80.79.4.61 - mailcious 109.107.182.3 - mailcious 64.233.188.84
|
22
ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET INFO Packed Executable Download ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET HUNTING Download Request Containing Suspicious Filename - Crypted
|
|
30.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9276 |
2024-01-25 10:27
|
microinternalprojectcreationfo... adb0708b4a6acc72c9ab9ff10f3bd877 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
3
http://paste.ee/d/9VccP
https://paste.ee/d/9VccP
http://198.12.81.138/4312/ISOturned.vbs
|
5
paste.ee(172.67.187.200) - mailcious
wallpapercave.com(104.22.53.71) - malware 172.67.187.200 - mailcious
198.12.81.138 - malware
104.22.52.71 - malware
|
3
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request
|
|
4.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9277 |
2024-01-25 10:28
|
microsoftdecentipdationinstall... b437cdb4742fbfa853685f76e28fc045 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed |
1
http://107.172.4.162/2509/conhost.exe
|
5
api.ipify.org(104.237.62.211)
mail.telefoonreparatiebovenkarspel.nl(185.94.230.135) - mailcious 185.94.230.135 - mailcious
107.172.4.162 - malware
104.237.62.211
|
10
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9278 |
2024-01-25 10:31
|
ISOturned.vbs 586060d06409eb7a7a99005cd9093be4 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://paste.ee/d/9VccP
https://paste.ee/d/9VccP
https://wallpapercave.com/uwp/uwp4241942.png
http://198.12.81.138/4312/SLN.txt
|
5
paste.ee(172.67.187.200) - mailcious
wallpapercave.com(104.22.52.71) - malware 185.94.230.135 - mailcious
104.21.84.67 - malware
104.22.52.71 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
9.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9279 |
2024-01-25 14:30
|
Order_Information.url 7f4085aab74f2da761e65d5fb41fd40f AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
1
http://62.173.141.114/scarica/PayPal_List.exe
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9280 |
2024-01-25 16:32
|
Rehman_GROUP_RFQ.vbs 181f9015b54b57a4175e9c4584751d57 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://paste.ee/d/VmrQ4
https://paste.ee/d/VmrQ4
https://wallpapercave.com/uwp/uwp4228677.png
https://paste.ee/d/MQLUA/0
|
4
paste.ee(104.21.84.67) - mailcious
wallpapercave.com(104.22.53.71) - malware 104.21.84.67 - malware
104.22.52.71 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9281 |
2024-01-25 16:34
|
grace.exe bc2b81ee5871a2af529ba6d695e656c6 Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE32 PE File Device_File_Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
|
4
api.ipify.org(104.237.62.211) mymobileorder.com(162.0.232.65) - mailcious 162.0.232.65 - phishing 173.231.16.75
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Detect protocol only one direction
|
|
10.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9282 |
2024-01-25 16:36
|
vLnNHh.exe 3cf7e35d135707c3c8db1e571b28f191 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
2
camo.githubusercontent.com(185.199.109.133) 185.199.111.133 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9283 |
2024-01-26 09:04
|
Setup.exe 2522036524378a539e696724ed56a5a4 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Check memory buffers extracted Creates shortcut unpack itself Collect installed applications IP Check installed browsers check Tofsee Browser Email ComputerName Trojan Banking DNS |
|
3
api.ipify.org(173.231.16.75) 185.225.200.120 173.231.16.75
|
6
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt SURICATA Applayer Protocol detection skipped ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
11.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9284 |
2024-01-26 09:11
|
rost.exe 2f9214f932a930a4cdff2b48a3a8eded RedLine stealer Amadey RedLine Infostealer RedlineStealer UltraVNC Generic Malware NSIS Hide_EXE Malicious Packer Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) .NET framework(MSIL) ScreenShot PWS Anti_VM AntiDebug AntiVM PE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Cryptocurrency Miner Malware Cryptocurrency wallets Cryptocurrency Microsoft AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Stealer Windows Update Browser RisePro Email ComputerName DNS Cryptographic key Software crashed Downloader CoinMiner |
28
http://109.107.182.3/cost/niks.exe http://109.107.182.3/lego/MRK.exe http://109.107.182.3/lego/alex.exe - rule_id: 39110 http://109.107.182.3/lego/moto.exe - rule_id: 39111 http://109.107.182.3/lego/rdx1122.exe - rule_id: 39118 http://185.215.113.68/theme/Plugins/cred64.dll - rule_id: 38948 http://109.107.182.3/cost/networa.exe http://185.215.113.68/mine/stan.exe - rule_id: 39114 http://109.107.182.3/lego/installs.exe http://109.107.182.3/lego/crypted.exe - rule_id: 39115 http://109.107.182.3/cost/ko.exe http://185.215.113.68/mine/amers.exe http://185.172.128.90/cpa/ping.php?substr=seven&s=ab - rule_id: 38981 http://109.107.182.3/cost/vinu.exe http://185.215.113.68/theme/Plugins/clip64.dll - rule_id: 38951 http://185.172.128.109/syncUpd.exe - rule_id: 39052 http://185.172.128.19/latestrocki.exe - rule_id: 39054 http://109.107.182.3/lego/2024.exe - rule_id: 39120 http://185.215.113.68/theme/index.php - rule_id: 38935 https://www.google.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp1cKQEpRqzJgd1mJyXaQDg8g6EPaDZyF3Iq1LCz13B1O_GRb-DpHv1Q3bMHBt1iGhMePExXmg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-435268675%3A1706227291300357 https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/generate_204?Gfi3rg https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3H8r8UWuhQ6m2JhTn_UJWtMXXOP18B2sMD6q0yM1EirdCpLoeYafxU7OnBJOlDJRzgLznF https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
22
db-ip.com(172.67.75.166) pool.hashvault.pro(142.202.242.43) - mailcious www.google.com(142.250.76.132) ssl.gstatic.com(142.250.76.131) ipinfo.io(34.117.186.192) accounts.google.com(142.250.157.84) 94.156.67.230 195.20.16.103 - mailcious 5.42.64.33 - mailcious 104.26.4.15 185.215.113.68 - malware 185.172.128.19 - mailcious 141.95.211.148 - mailcious 142.251.170.84 142.250.66.36 216.58.203.67 193.233.132.62 - mailcious 185.172.128.90 - mailcious 34.117.186.192 185.172.128.109 - malware 109.107.182.3 - mailcious 125.253.92.50
|
25
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET HUNTING Download Request Containing Suspicious Filename - Crypted
|
12
http://109.107.182.3/lego/alex.exe http://109.107.182.3/lego/moto.exe http://109.107.182.3/lego/rdx1122.exe http://185.215.113.68/theme/Plugins/cred64.dll http://185.215.113.68/mine/stan.exe http://109.107.182.3/lego/crypted.exe http://185.172.128.90/cpa/ping.php http://185.215.113.68/theme/Plugins/clip64.dll http://185.172.128.109/syncUpd.exe http://185.172.128.19/latestrocki.exe http://109.107.182.3/lego/2024.exe http://185.215.113.68/theme/index.php
|
32.2 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9285 |
2024-01-26 09:12
|
agodzx.exe b29fbc48ad3305f4dcab0be3145682a6 AgentTesla Malicious Library .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed |
2
http://ip-api.com/line/?fields=hosting http://apps.identrust.com/roots/dstrootcax3.p7c
|
7
api.ipify.org(64.185.227.156) mail.processengrg.com(194.36.191.196) ip-api.com(208.95.112.1) 23.43.165.66 64.185.227.156 194.36.191.196 - mailcious 208.95.112.1
|
6
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com SURICATA Applayer Detect protocol only one direction
|
|
15.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|