Alert Table for 2017-01-28-traffic-analysis-exercise.pcap

Relative Time	Packet	Source	Source Port	Destination	Dest Port	Category	Rule Set	Signature	Severity
0.0	n/a	66.152.103.73	80	172.16.4.193	49168	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
94.0	2678	104.28.18.74	80	172.16.4.193	49195	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Evil Redirector Leading to EK Jul 12 2016	1
94.0	2678	104.28.18.74	80	172.16.4.193	49195	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Evil Redirector Leading to EK March 15 2017	1
95.0	2914	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
95.0	2914	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
95.0	2914	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
95.0	2918	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
95.0	2918	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
95.0	2918	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
96.0	2945	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
96.0	2945	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
96.0	2945	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
96.0	2962	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
96.0	2962	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
96.0	2962	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
116.0	3110	194.87.234.129	80	172.16.4.193	49202	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK Landing Sep 12 2016 T2	1
116.0	3111	194.87.234.129	80	172.16.4.193	49203	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK Landing Sep 12 2016 T2	1
117.0	3116	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
117.0	3116	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
117.0	3116	172.16.4.193	49202	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
117.0	3134	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
117.0	3134	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
117.0	3134	172.16.4.193	49203	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
120.0	3193	172.16.4.193	49209	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
120.0	3193	172.16.4.193	49209	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
120.0	3193	172.16.4.193	49209	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
121.0	3293	172.16.4.193	49208	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
121.0	3293	172.16.4.193	49208	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
121.0	3293	172.16.4.193	49208	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
139.0	5163	172.16.4.193	57124	172.16.4.1	53	A Network Trojan was detected	ET MALWARE	Ransomware/Cerber Onion Domain Lookup	1
139.0	5163	172.16.4.193	57124	172.16.4.1	53	Potentially Bad Traffic	ET DNS	Query to a *.top domain - Likely Hostile	2
159.0	5192	139.59.160.143	80	172.16.4.193	49200	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Evil Redirector Leading to EK March 15 2017	1
163.0	5287	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
163.0	5287	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
163.0	5287	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
163.0	5291	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
163.0	5291	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
163.0	5291	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
164.0	5303	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
164.0	5303	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
164.0	5303	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
164.0	5322	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
164.0	5322	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
164.0	5322	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
183.0	5460	172.16.4.193	49220	198.105.121.50	80	Generic Protocol Command Decode	SURICATA HTTP	gzip decompression failed	3
183.0	5462	198.105.121.50	80	172.16.4.193	49220	Generic Protocol Command Decode	SURICATA HTTP	gzip decompression failed	3
184.0	5504	172.16.4.193	49221	198.105.121.50	80	Potentially Bad Traffic	ET INFO	HTTP Request to a *.top domain	2
185.0	5523	194.87.234.129	80	172.16.4.193	49215	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK Landing Sep 12 2016 T2	1
185.0	5524	194.87.234.129	80	172.16.4.193	49216	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK Landing Sep 12 2016 T2	1
185.0	5553	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
185.0	5553	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
185.0	5553	172.16.4.193	49216	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
185.0	5573	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
185.0	5573	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
185.0	5573	172.16.4.193	49215	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
188.0	5624	172.16.4.193	49223	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI struct Oct 24 2016 (RIG-v)	1
188.0	5624	172.16.4.193	49223	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017	1
188.0	5624	172.16.4.193	49223	194.87.234.129	80	Exploit Kit Activity Detected	ET EXPLOIT_KIT	RIG EK URI Struct Mar 13 2017 M2	1
208.0	5935	104.28.18.74	80	172.16.4.193	49214	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Evil Redirector Leading to EK Jul 12 2016	1
208.0	5935	104.28.18.74	80	172.16.4.193	49214	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Evil Redirector Leading to EK March 15 2017	1
227.0	5992	172.16.4.193	49224	198.105.121.50	80	Potentially Bad Traffic	ET INFO	HTTP Request to a *.top domain	2

Open in new window Done