Alert Table for 2017-12-15-traffic-analysis-exercise-2-of-2.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
0.0 n/a 108.61.179.223 80 10.1.1.213 49199 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49172 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49190 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49161 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49191 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49173 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49195 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49169 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49192 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49177 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49194 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49185 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49174 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49196 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49171 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49189 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49170 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49175 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49193 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49197 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49176 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
0.0 n/a 108.61.179.223 80 10.1.1.213 49198 Malware Command and Control Activity Detected ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response 1
276.0 46 10.1.1.213 55269 10.1.1.1 53 Potentially Bad Traffic ET INFO DNS Query for Suspicious .gdn Domain 2
276.0 57 10.1.1.213 49158 185.92.222.9 443 Potentially Bad Traffic ET INFO Suspicious Domain (*.gdn) in TLS SNI 2
276.0 60 185.92.222.9 443 10.1.1.213 49158 Potentially Bad Traffic ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.gdn) 2
355.0 2778 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
526.0 2828 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
697.0 2902 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
867.0 2959 184.172.60.198 5938 10.1.1.213 49168 Misc activity ET POLICY TeamViewer Keep-alive inbound 3
Open in new window Done