| 1.0 |
16 |
192.168.9.155 |
49668 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 6.0 |
310 |
192.168.9.155 |
49676 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 7.0 |
353 |
192.168.9.155 |
49678 |
131.253.34.238 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 63.0 |
956 |
192.168.9.155 |
49734 |
131.253.34.230 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 63.0 |
983 |
192.168.9.155 |
49735 |
65.52.108.229 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 97.0 |
1486 |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
A suspicious filename was detected |
ET HUNTING |
Terse Named Filename EXE Download - Possibly Hostile |
2 |
| 97.0 |
1539 |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Potential Corporate Privacy Violation |
ET INFO |
PE EXE or DLL Windows file download HTTP |
1 |
| 97.0 |
1539 |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Potentially Bad Traffic |
ET INFO |
Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
2 |
| 97.0 |
1539 |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Misc activity |
ET INFO |
EXE - Served Attached HTTP |
3 |
| 98.0 |
1583 |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Generic Protocol Command Decode |
SURICATA HTTP |
invalid response chunk len |
3 |
| 106.0 |
1963 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Malware Command and Control Activity Detected |
ET MALWARE |
W32/Emotet.v4 Checkin |
1 |
| 106.0 |
1963 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Potentially Bad Traffic |
ET INFO |
HTTP traffic on port 443 (POST) |
2 |
| 106.0 |
1963 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Potentially Bad Traffic |
ET HUNTING |
GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 |
2 |
| 107.0 |
2323 |
194.88.246.242 |
443 |
192.168.9.155 |
49759 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 108.0 |
2450 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Malware Command and Control Activity Detected |
ET MALWARE |
W32/Emotet.v4 Checkin |
1 |
| 108.0 |
2450 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Potentially Bad Traffic |
ET INFO |
HTTP traffic on port 443 (POST) |
2 |
| 108.0 |
2450 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Potentially Bad Traffic |
ET HUNTING |
GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 |
2 |
| 180.0 |
3469 |
192.168.9.155 |
49786 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 215.0 |
5245 |
194.88.246.242 |
443 |
192.168.9.155 |
49759 |
Malware Command and Control Activity Detected |
ET MALWARE |
Emotet Post Drop C2 Comms |
1 |
| 263.0 |
6715 |
192.168.9.155 |
49900 |
23.50.125.142 |
443 |
Generic Protocol Command Decode |
|
SURICATA Applayer Wrong direction first Data |
3 |
| 304.0 |
6896 |
192.168.9.155 |
49963 |
64.4.54.254 |
443 |
Generic Protocol Command Decode |
|
SURICATA Applayer Wrong direction first Data |
3 |
CS Enterprise
//
community.cloudshark.io