Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-10-18 06:37:44.172 192.168.1.5 [VT] 49181 13.107.42.23 [VT] 443 TCP 1 2028397 2 ET JA3 Hash - Possible Malware - Various Malspam/RigEK Unknown Traffic 3
2020-10-18 06:38:00.298 192.168.1.5 [VT] 54724 8.8.8.8 [VT] 53 UDP 1 2027757 5 ET DNS Query for .to TLD Potentially Bad Traffic 2
2020-10-18 06:38:01.292 192.168.1.5 [VT] 54724 8.8.8.8 [VT] 53 UDP 1 2027757 5 ET DNS Query for .to TLD Potentially Bad Traffic 2
2020-10-18 06:38:02.293 192.168.1.5 [VT] 54724 8.8.8.8 [VT] 53 UDP 1 2027757 5 ET DNS Query for .to TLD Potentially Bad Traffic 2
2020-10-18 06:38:13.127 192.168.1.5 [VT] 63931 8.8.8.8 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:14.120 192.168.1.5 [VT] 63931 8.8.8.8 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:15.120 192.168.1.5 [VT] 63931 8.8.8.8 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:17.120 192.168.1.5 [VT] 63931 1.1.1.1 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:17.121 192.168.1.5 [VT] 63931 8.8.8.8 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:21.120 192.168.1.5 [VT] 63931 1.1.1.1 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:21.120 192.168.1.5 [VT] 63931 8.8.8.8 [VT] 53 UDP 1 2022918 3 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity 3
2020-10-18 06:38:22.001 192.168.1.5 [VT] 50775 8.8.8.8 [VT] 53 UDP 1 2028675 2 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic 2
2020-10-18 06:38:22.995 192.168.1.5 [VT] 50775 8.8.8.8 [VT] 53 UDP 1 2028675 2 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic 2
2020-10-18 06:38:23.995 192.168.1.5 [VT] 50775 8.8.8.8 [VT] 53 UDP 1 2028675 2 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic 2
2020-10-18 06:38:25.995 192.168.1.5 [VT] 50775 1.1.1.1 [VT] 53 UDP 1 2028675 2 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic 2
2020-10-18 06:38:25.996 192.168.1.5 [VT] 50775 8.8.8.8 [VT] 53 UDP 1 2028675 2 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic 2