Alert Table for 2017-11-21-traffic-analysis-exercise-5-of-6.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
0.0 n/a 172.16.123.105 49159 94.242.198.167 1488 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Checkin 3
0.0 n/a 50.63.76.1 80 172.16.123.105 49173 Possible Social Engineering Attempted ET EXPLOIT_KIT EITest SocEng Inject Jan 15 2017 M1 2
3.0 82 50.63.76.1 80 172.16.123.105 49169 Possible Social Engineering Attempted ET EXPLOIT_KIT EITest SocENG Inject M2 2
5.0 168 50.63.76.1 80 172.16.123.105 49169 Generic Protocol Command Decode SURICATA HTTP invalid response chunk len 3
11.0 824 212.1.208.53 80 172.16.123.105 49180 Potential Corporate Privacy Violation ET INFO PE EXE or DLL Windows file download HTTP 1
11.0 824 212.1.208.53 80 172.16.123.105 49180 Misc activity ET INFO EXE - Served Attached HTTP 3
86.0 6050 165.254.169.64 80 172.16.123.105 49179 Generic Protocol Command Decode SURICATA HTTP unable to match response to request 3
332.0 6201 172.16.123.105 49159 94.242.198.167 1488 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Checkin 3
332.0 6202 94.242.198.167 1488 172.16.123.105 49159 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Response 3
332.0 6205 172.16.123.105 49159 94.242.198.167 1488 A Network Trojan was detected ET MALWARE NetSupport RAT with System Information 1
332.0 6205 172.16.123.105 49159 94.242.198.167 1488 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Checkin 3
332.0 6207 94.242.198.167 1488 172.16.123.105 49159 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Response 3
392.0 6211 172.16.123.105 49159 94.242.198.167 1488 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Checkin 3
452.0 6213 172.16.123.105 49159 94.242.198.167 1488 Misc activity ET REMOTE_ACCESS NetSupport Remote Admin Checkin 3
Notice: This CloudShark license will expire on 2026-05-28. Please contact sales@qacafe.com to avoid disruption.