Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-05-23 10:39:52.194 192.168.1.6 [VT] 49183 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:39:52.688 192.168.1.6 [VT] 49186 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:39:52.746 192.168.1.6 [VT] 49187 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:39:52.764 192.168.1.6 [VT] 49189 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:39:52.764 192.168.1.6 [VT] 49188 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:40:02.282 192.168.1.6 [VT] 49198 2.20.74.110 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-05-23 10:40:16.395 192.168.1.6 [VT] 49199 144.139.91.187 [VT] 80 TCP 1 2404303 5734 ET CNC Feodo Tracker Reported CnC Server group 4 A Network Trojan was detected 1
2020-05-23 10:40:18.496 192.168.1.6 [VT] 49199 144.139.91.187 [VT] 80 TCP 1 2029380 4 ET MALWARE Win32/Emotet CnC Activity (POST) M8 Malware Command and Control Activity Detected 1
2020-05-23 10:40:55.651 192.168.1.6 [VT] 49200 40.90.218.0 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-05-23 10:41:24.397 192.168.1.6 [VT] 49204 172.217.18.99 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-05-23 10:42:05.395 173.194.190.136 [VT] 80 192.168.1.6 [VT] 49207 TCP 1 2018959 4 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation 1
2020-05-23 10:42:05.395 173.194.190.136 [VT] 80 192.168.1.6 [VT] 49207 TCP 1 2014520 7 ET INFO EXE - Served Attached HTTP Misc activity 3
2020-05-23 10:43:09.298 173.194.190.136 [VT] 80 192.168.1.6 [VT] 49207 TCP 1 2015744 4 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity 3