Analysis

Category Package Started Completed Duration Log
PCAP 2020-10-10 01:18:31 2020-10-10 01:18:31 0 seconds Show Log

    


Signatures

No signatures

Hosts

No hosts contacted.

DNS

No domains contacted.


Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-09-25 23:15:30.597 10.0.10.115 [VT] 53184 52.37.231.254 [VT] 587 TCP 1 2013028 5 ET POLICY curl User-Agent Outbound Attempted Information Leak 2
2020-09-25 23:15:30.597 52.37.231.254 [VT] 587 10.0.10.115 [VT] 53184 TCP 1 2000418 16 ET POLICY Executable and linking format (ELF) file download Potential Corporate Privacy Violation 1

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-09-25 23:15:22.562 10.0.10.115 [VT] 58380 172.217.14.227 [VT] 443 TLS 1.3
2020-09-25 23:15:22.874 10.0.10.115 [VT] 51884 172.217.3.193 [VT] 443 TLS 1.3
2020-09-25 23:15:25.698 10.0.10.115 [VT] 36670 23.222.153.207 [VT] 443 TLS 1.3
2020-09-25 23:15:27.075 10.0.10.115 [VT] 36642 151.101.129.69 [VT] 443 TLS 1.2
2020-09-25 23:15:27.271 10.0.10.115 [VT] 32792 172.217.14.202 [VT] 443 TLS 1.3
2020-09-25 23:15:27.405 10.0.10.115 [VT] 57442 192.0.73.2 [VT] 443 TLS 1.3
2020-09-25 23:15:27.415 10.0.10.115 [VT] 46044 104.16.25.34 [VT] 443 TLS 1.2
2020-09-25 23:15:27.716 10.0.10.115 [VT] 46248 198.252.206.25 [VT] 443 CN=qa.sockets.stackexchange.com 82:07:b2:e0:4e:51:70:8c:01:f7:8b:60:42:c7:d3:8e:26:5f:24:ae TLS 1.2
2020-09-25 23:15:27.906 10.0.10.115 [VT] 50602 172.217.14.206 [VT] 443 TLS 1.3
2020-09-25 23:15:28.236 10.0.10.115 [VT] 41252 99.86.132.8 [VT] 443 TLS 1.3
2020-09-25 23:15:29.940 10.0.10.115 [VT] 45302 151.101.1.140 [VT] 443 TLS 1.2
2020-09-25 23:15:29.946 10.0.10.115 [VT] 45304 151.101.1.140 [VT] 443 TLS 1.2
2020-09-25 23:15:31.771 10.0.10.115 [VT] 50162 46.4.105.116 [VT] 443 TLS 1.3
2020-09-25 23:15:32.297 10.0.10.115 [VT] 50164 46.4.105.116 [VT] 443 TLS 1.3
2020-09-25 23:15:32.317 10.0.10.115 [VT] 50166 46.4.105.116 [VT] 443 TLS 1.3

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-09-25 23:15:30.617 10.0.10.115 [VT] 53184 52.37.231.254 [VT] 587 200 52.37.231.254 [VT] /index.html text/html curl/7.72.0 None 25384
Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 6.393 seconds )

  • 5.367 Suricata
  • 0.902 CAPE
  • 0.118 AnalysisInfo
  • 0.005 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.06200000000000001 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.006 antiav_detectreg
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_im
  • 0.002 infostealer_mail
  • 0.002 revil_mutexes
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_backups
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 masquerade_process_name
  • 0.001 ursnif_behavior

Reporting ( 0.0 seconds )