| 0.0 |
n/a |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Potential Corporate Privacy Violation |
ET POLICY |
PE EXE or DLL Windows file download HTTP |
1 |
| 0.0 |
n/a |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Potentially Bad Traffic |
ET INFO |
Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
2 |
| 0.0 |
n/a |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
Misc activity |
ET INFO |
EXE - Served Attached HTTP |
3 |
| 1.0 |
16 |
192.168.9.155 |
49668 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 6.0 |
310 |
192.168.9.155 |
49676 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 7.0 |
353 |
192.168.9.155 |
49678 |
131.253.34.238 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 63.0 |
956 |
192.168.9.155 |
49734 |
131.253.34.230 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 63.0 |
983 |
192.168.9.155 |
49735 |
65.52.108.229 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 97.0 |
1486 |
116.90.60.136 |
80 |
192.168.9.155 |
49754 |
A suspicious filename was detected |
ET HUNTING |
Terse Named Filename EXE Download - Possibly Hostile |
2 |
| 106.0 |
1963 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Malware Command and Control Activity Detected |
ET MALWARE |
W32/Emotet.v4 Checkin |
1 |
| 106.0 |
1963 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Potentially Bad Traffic |
ET POLICY |
HTTP traffic on port 443 (POST) |
2 |
| 106.0 |
1963 |
192.168.9.155 |
49759 |
194.88.246.242 |
443 |
Potentially Bad Traffic |
ET HUNTING |
GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 |
2 |
| 180.0 |
3469 |
192.168.9.155 |
49786 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 198.0 |
4855 |
192.168.9.155 |
49779 |
23.53.120.145 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
Packet with invalid ack |
3 |
| 198.0 |
4855 |
192.168.9.155 |
49779 |
23.53.120.145 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
SHUTDOWN RST invalid ack |
3 |
| 198.0 |
4860 |
192.168.9.155 |
49774 |
23.53.120.145 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
Packet with invalid ack |
3 |
| 198.0 |
4860 |
192.168.9.155 |
49774 |
23.53.120.145 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
SHUTDOWN RST invalid ack |
3 |
| 198.0 |
4867 |
192.168.9.155 |
49778 |
23.53.120.145 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
Packet with invalid ack |
3 |
| 198.0 |
4867 |
192.168.9.155 |
49778 |
23.53.120.145 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
SHUTDOWN RST invalid ack |
3 |
| 263.0 |
6715 |
192.168.9.155 |
49900 |
23.50.125.142 |
443 |
Generic Protocol Command Decode |
|
SURICATA Applayer Wrong direction first Data |
3 |
| 264.0 |
6736 |
13.107.13.88 |
443 |
192.168.9.155 |
49813 |
Generic Protocol Command Decode |
SURICATA STREAM |
Packet with invalid ack |
3 |
| 264.0 |
6736 |
13.107.13.88 |
443 |
192.168.9.155 |
49813 |
Generic Protocol Command Decode |
SURICATA STREAM |
SHUTDOWN RST invalid ack |
3 |
| 304.0 |
6896 |
192.168.9.155 |
49963 |
64.4.54.254 |
443 |
Generic Protocol Command Decode |
|
SURICATA Applayer Wrong direction first Data |
3 |
| 326.0 |
7002 |
192.168.9.155 |
49829 |
23.50.125.142 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
Packet with invalid ack |
3 |
| 326.0 |
7002 |
192.168.9.155 |
49829 |
23.50.125.142 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
SHUTDOWN RST invalid ack |
3 |
| 607.0 |
7416 |
192.168.9.155 |
49991 |
64.4.54.254 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
bad window update |
3 |
| 607.0 |
7418 |
192.168.9.155 |
49991 |
64.4.54.254 |
443 |
Generic Protocol Command Decode |
SURICATA STREAM |
bad window update |
3 |