Analysis

Category Package Started Completed Duration Log
PCAP 2020-09-29 22:44:14 2020-09-29 22:44:15 1 seconds Show Log

    


Signatures

Created network traffic indicative of malicious activity
signature: ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 626

Hosts

No hosts contacted.

DNS

No domains contacted.


Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-08-28 04:41:24.150 37.97.185.116 [VT] 33445 10.0.1.178 [VT] 38567 TCP 1 2522625 4203 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 626 Misc Attack 2

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-08-28 04:41:27.894 10.0.1.178 [VT] 45127 52.35.83.137 [VT] 443 C=US, ST=California, L=Mountain View, O=Mozilla Corporation, OU=Cloud Services, CN=*.telemetry.mozilla.org 6d:3c:6a:a4:5f:46:eb:8b:b6:fb:8f:08:44:02:01:61:a0:25:c3:c8 TLS 1.2
2020-08-28 04:41:31.453 10.0.1.178 [VT] 45130 52.149.246.39 [VT] 443 TLS 1.3
2020-08-28 04:41:31.792 10.0.1.178 [VT] 45131 52.167.250.154 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-08-28 04:41:31.996 10.0.1.178 [VT] 45132 52.149.246.39 [VT] 443 TLS 1.3
2020-08-28 04:41:32.425 10.0.1.178 [VT] 45134 52.35.83.137 [VT] 443 TLS 1.2
2020-08-28 04:41:32.437 10.0.1.178 [VT] 45133 52.35.83.137 [VT] 443 TLS 1.2
2020-08-28 04:41:32.506 10.0.1.178 [VT] 45137 130.211.16.53 [VT] 443 TLS 1.3
2020-08-28 04:41:33.073 10.0.1.178 [VT] 45138 52.149.246.247 [VT] 443 TLS 1.3
2020-08-28 04:42:01.160 10.0.1.178 [VT] 45155 52.114.158.53 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.events.data.microsoft.com ce:0a:fb:d2:fe:fe:b0:11:d6:2f:15:c8:e5:b4:b0:3e:7d:d3:78:58 TLS 1.2
2020-08-28 04:42:01.399 10.0.1.178 [VT] 45156 157.55.212.205 [VT] 443 CN=smartscreen.microsoft.com cd:74:98:77:ce:94:96:ac:67:fe:3a:28:42:00:b3:f8:f5:9c:5a:3d TLS 1.2
2020-08-28 04:42:04.345 10.0.1.178 [VT] 45160 52.167.250.154 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-08-28 04:42:36.857 10.0.1.178 [VT] 45191 52.167.250.154 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-08-28 04:43:09.419 10.0.1.178 [VT] 45220 52.167.250.154 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-08-28 04:43:11.228 10.0.1.178 [VT] 45222 23.48.253.179 [VT] 443 TLS 1.2
2020-08-28 04:43:11.256 10.0.1.178 [VT] 45223 23.223.245.34 [VT] 443 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net af:32:d5:a4:a0:9a:25:21:bc:3b:49:18:6e:29:7d:df:29:43:47:5e TLS 1.2
2020-08-28 04:43:11.285 10.0.1.178 [VT] 45224 23.48.253.179 [VT] 443 TLS 1.2

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-08-28 04:41:24.356 10.0.1.178 [VT] 45123 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589685110 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:41:31.096 10.0.1.178 [VT] 45129 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589691851 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:41:38.141 10.0.1.178 [VT] 45141 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589698852 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:41:46.107 10.0.1.178 [VT] 45145 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589706853 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:41:55.198 10.0.1.178 [VT] 45151 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589715947 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:41:57.112 10.0.1.178 [VT] 45152 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589717862 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:02.108 10.0.1.178 [VT] 45157 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589722860 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:07.106 10.0.1.178 [VT] 45162 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589727861 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:12.111 10.0.1.178 [VT] 45167 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589732862 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:17.108 10.0.1.178 [VT] 45171 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589737864 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:22.108 10.0.1.178 [VT] 45174 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589742865 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:27.115 10.0.1.178 [VT] 45186 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589747869 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:32.113 10.0.1.178 [VT] 45189 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589752870 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:37.116 10.0.1.178 [VT] 45192 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589757871 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:42.121 10.0.1.178 [VT] 45195 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589762872 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:47.119 10.0.1.178 [VT] 45198 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589767874 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:52.120 10.0.1.178 [VT] 45202 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589772875 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:42:57.122 10.0.1.178 [VT] 45205 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589777877 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:43:02.126 10.0.1.178 [VT] 45208 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589782878 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:43:07.357 10.0.1.178 [VT] 45218 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589787879 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:43:12.126 10.0.1.178 [VT] 45228 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589792881 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:43:17.127 10.0.1.178 [VT] 45231 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589797884 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:43:22.132 10.0.1.178 [VT] 45233 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589802886 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
2020-08-28 04:43:27.136 10.0.1.178 [VT] 45236 10.0.2.1 [VT] 80 200 homenet.local [VT] /cgi-bin/luci/admin/ubus?1598589807888 application/json Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 http://homenet.local/cgi-bin/luci/admin/network/dhcp 2659
Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 17.786 seconds )

  • 12.409 CAPE
  • 5.289 Suricata
  • 0.082 AnalysisInfo
  • 0.005 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.06800000000000002 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.007 antiav_detectreg
  • 0.006 antiav_detectfile
  • 0.005 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.004 territorial_disputes_sigs
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.002 infostealer_mail
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_backups
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes
  • 0.001 lokibot_mutexes

Reporting ( 1.671 seconds )

  • 1.671 PCAP2CERT