Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-05-23 10:30:34.362 192.168.1.6 [VT] 49186 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:30:34.395 192.168.1.6 [VT] 49185 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:30:34.486 192.168.1.6 [VT] 49187 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:30:34.486 192.168.1.6 [VT] 49189 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:30:34.489 192.168.1.6 [VT] 49188 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:30:45.210 192.168.1.6 [VT] 49199 2.20.74.110 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-05-23 10:30:55.401 192.168.1.6 [VT] 49200 144.139.91.187 [VT] 80 TCP 1 2404303 5734 ET CNC Feodo Tracker Reported CnC Server group 4 A Network Trojan was detected 1
2020-05-23 10:30:57.626 192.168.1.6 [VT] 49200 144.139.91.187 [VT] 80 TCP 1 2029380 4 ET MALWARE Win32/Emotet CnC Activity (POST) M8 Malware Command and Control Activity Detected 1
2020-05-23 10:31:40.663 192.168.1.6 [VT] 49201 40.90.218.0 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-05-23 10:32:09.249 192.168.1.6 [VT] 49205 172.217.22.163 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:32:15.281 192.168.1.6 [VT] 49210 144.139.91.187 [VT] 80 TCP 1 2029380 4 ET MALWARE Win32/Emotet CnC Activity (POST) M8 Malware Command and Control Activity Detected 1
2020-05-23 10:32:47.748 144.208.213.44 [VT] 80 192.168.1.6 [VT] 49208 TCP 1 2018959 4 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation 1
2020-05-23 10:32:47.748 144.208.213.44 [VT] 80 192.168.1.6 [VT] 49208 TCP 1 2014520 7 ET INFO EXE - Served Attached HTTP Misc activity 3
2020-05-23 10:33:10.770 144.208.213.44 [VT] 80 192.168.1.6 [VT] 49208 TCP 1 2015744 4 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity 3
2020-05-23 10:33:31.993 192.168.1.6 [VT] 49213 172.217.22.163 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:33:39.764 192.168.1.6 [VT] 49214 172.217.22.163 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3