Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-02-21 00:53:52.386 172.17.8.8 [VT] 88 172.17.8.174 [VT] 49675 TCP 1 2260002 1 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode 3
2020-02-21 00:53:52.388 172.17.8.8 [VT] 88 172.17.8.174 [VT] 49676 TCP 1 2260002 1 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode 3
2020-02-21 00:53:52.398 172.17.8.8 [VT] 88 172.17.8.174 [VT] 49678 TCP 1 2260002 1 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode 3
2020-02-21 00:53:55.853 172.17.8.174 [VT] 62362 172.17.8.8 [VT] 53 UDP 1 2009702 5 ET POLICY DNS Update From External net Potential Corporate Privacy Violation 1
2020-02-21 00:54:01.628 172.17.8.8 [VT] 88 172.17.8.174 [VT] 49702 TCP 1 2260002 1 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode 3
2020-02-21 00:54:03.445 172.17.8.174 [VT] 49705 52.114.132.22 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 00:54:12.086 172.17.8.8 [VT] 88 172.17.8.174 [VT] 49706 TCP 1 2260002 1 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode 3
2020-02-21 00:54:12.195 172.17.8.8 [VT] 88 172.17.8.174 [VT] 49711 TCP 1 2260002 1 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode 3
2020-02-21 00:55:07.624 49.51.172.56 [VT] 80 172.17.8.174 [VT] 49731 TCP 1 2018959 4 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation 1
2020-02-21 00:55:07.624 49.51.172.56 [VT] 80 172.17.8.174 [VT] 49731 TCP 1 2019822 7 ET CURRENT_EVENTS WinHttpRequest Downloading EXE A Network Trojan was detected 1
2020-02-21 00:55:07.624 49.51.172.56 [VT] 80 172.17.8.174 [VT] 49731 TCP 1 2022653 2 ET CURRENT_EVENTS Likely Evil EXE download from WinHttpRequest non-exe extension A Network Trojan was detected 1
2020-02-21 00:59:23.563 172.17.8.174 [VT] 49743 52.114.132.22 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:08:50.056 172.17.8.174 [VT] 62976 172.17.8.8 [VT] 53 UDP 1 2009702 5 ET POLICY DNS Update From External net Potential Corporate Privacy Violation 1
2020-02-21 01:09:15.007 172.17.8.174 [VT] 49753 52.109.2.55 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:09:16.106 172.17.8.174 [VT] 49754 23.54.20.119 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:09:17.869 172.17.8.174 [VT] 49755 13.107.3.128 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:09:18.124 172.17.8.174 [VT] 49758 13.107.3.128 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:09:18.126 172.17.8.174 [VT] 49759 13.107.3.128 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:09:18.127 172.17.8.174 [VT] 49756 13.107.3.128 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:09:18.129 172.17.8.174 [VT] 49757 13.107.3.128 [VT] 443 TCP 1 2028371 2 ET JA3 Hash - Possible Malware - Fake Firefox Font Update Unknown Traffic 3
2020-02-21 01:11:48.890 172.17.8.174 [VT] 49760 91.211.88.122 [VT] 443 TCP 1 2028765 2 ET JA3 Hash - [Abuse.ch] Possible Dridex Unknown Traffic 3
2020-02-21 01:11:48.934 91.211.88.122 [VT] 443 172.17.8.174 [VT] 49760 TCP 1 2023476 5 ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) A Network Trojan was detected 1
2020-02-21 01:11:51.961 172.17.8.174 [VT] 49763 91.211.88.122 [VT] 443 TCP 1 2028765 2 ET JA3 Hash - [Abuse.ch] Possible Dridex Unknown Traffic 3
2020-02-21 01:11:51.965 91.211.88.122 [VT] 443 172.17.8.174 [VT] 49763 TCP 1 2023476 5 ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) A Network Trojan was detected 1
2020-02-21 01:11:56.672 172.17.8.174 [VT] 49767 91.211.88.122 [VT] 443 TCP 1 2028765 2 ET JA3 Hash - [Abuse.ch] Possible Dridex Unknown Traffic 3
2020-02-21 01:11:56.676 91.211.88.122 [VT] 443 172.17.8.174 [VT] 49767 TCP 1 2023476 5 ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) A Network Trojan was detected 1
2020-02-21 01:12:03.447 172.17.8.174 [VT] 49770 91.211.88.122 [VT] 443 TCP 1 2028765 2 ET JA3 Hash - [Abuse.ch] Possible Dridex Unknown Traffic 3
2020-02-21 01:12:03.451 91.211.88.122 [VT] 443 172.17.8.174 [VT] 49770 TCP 1 2023476 5 ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) A Network Trojan was detected 1