API tools faq
paste
Advertisement
travisbgreen

Untitled

travisbgreen
Apr 9th, 2019
157
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.75 KB | None | 0 0
raw download clone embed print report
  1. https://401trg.com/an-introduction-to-smb-for-network-security-analysts/
  2.  
  3. 10/09/2017-10:13:19.576942 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  4. 10/09/2017-10:13:19.577731 [**] [1:2025699:2] ET POLICY SMB Executable File Transfer [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  5. 10/09/2017-10:13:19.577892 [**] [1:2025699:2] ET POLICY SMB Executable File Transfer [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  6. 10/09/2017-10:13:19.577892 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  7. 10/09/2017-10:10:39.125469 [**] [1:2025703:2] ET POLICY SMB2 NT Create AndX Request For an Executable File In a Temp Directory [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  8. 10/09/2017-10:10:39.125469 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  9. 10/09/2017-10:10:39.129767 [**] [1:2025699:2] ET POLICY SMB Executable File Transfer [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  10. 10/09/2017-10:10:39.129951 [**] [1:2025699:2] ET POLICY SMB Executable File Transfer [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  11. 10/09/2017-10:13:19.578927 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  12. 10/09/2017-10:13:19.730587 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  13. 10/09/2017-10:13:20.015889 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  14. 10/09/2017-10:44:39.268789 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49282 -> 192.168.10.10:445
  15. 10/09/2017-10:44:39.269739 [**] [1:2025699:2] ET POLICY SMB Executable File Transfer [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49282 -> 192.168.10.10:445
  16. 10/09/2017-10:44:39.270132 [**] [1:2025699:2] ET POLICY SMB Executable File Transfer [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49282 -> 192.168.10.10:445
  17. 10/09/2017-10:44:39.270132 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49282 -> 192.168.10.10:445
  18. 10/09/2017-10:10:39.134639 [**] [1:2025703:2] ET POLICY SMB2 NT Create AndX Request For an Executable File In a Temp Directory [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  19. 10/09/2017-10:10:39.134639 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  20. 10/09/2017-10:10:39.135097 [**] [1:2025703:2] ET POLICY SMB2 NT Create AndX Request For an Executable File In a Temp Directory [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  21. 10/09/2017-10:10:39.135097 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  22. 10/09/2017-10:10:39.136184 [**] [1:2025703:2] ET POLICY SMB2 NT Create AndX Request For an Executable File In a Temp Directory [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  23. 10/09/2017-10:10:39.136184 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49238 -> 192.168.10.30:445
  24. 10/25/2017-13:18:37.882167 [**] [1:2025719:2] ET POLICY Powershell Activity Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  25. 10/25/2017-13:18:37.882167 [**] [1:2025720:3] ET POLICY Powershell Command With Hidden Window Argument Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  26. 10/25/2017-13:18:37.882167 [**] [1:2025722:2] ET POLICY Powershell Command With No Profile Argument Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  27. 10/25/2017-13:18:37.884143 [**] [1:2025719:2] ET POLICY Powershell Activity Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  28. 10/25/2017-13:18:37.884143 [**] [1:2025720:3] ET POLICY Powershell Command With Hidden Window Argument Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  29. 10/25/2017-13:18:37.884143 [**] [1:2025722:2] ET POLICY Powershell Command With No Profile Argument Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  30. 10/25/2017-13:18:37.886078 [**] [1:2025719:2] ET POLICY Powershell Activity Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  31. 10/25/2017-13:18:37.886078 [**] [1:2025720:3] ET POLICY Powershell Command With Hidden Window Argument Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  32. 10/25/2017-13:18:37.886078 [**] [1:2025722:2] ET POLICY Powershell Command With No Profile Argument Over SMB - Likely Lateral Movement [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.50:46785 -> 192.168.10.31:445
  33. 10/09/2017-10:44:39.271903 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49282 -> 192.168.10.10:445
  34. 10/09/2017-10:44:39.272266 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49282 -> 192.168.10.10:445
  35. 10/20/2017-12:43:22.993206 [**] [1:2025714:2] ET POLICY SMB Remote AT Scheduled Job Pipe Creation [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.30:445 -> 192.168.10.31:49266
  36. 10/09/2017-10:13:21.476599 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
  37. 10/09/2017-10:45:00.419392 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49285 -> 192.168.10.10:445
  38. 10/09/2017-10:45:00.432779 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49285 -> 192.168.10.10:445
  39. 10/09/2017-10:45:00.484285 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49285 -> 192.168.10.10:445
  40. 10/09/2017-10:45:00.495069 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49285 -> 192.168.10.10:445
  41. 10/09/2017-10:45:00.496785 [**] [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.10.31:49285 -> 192.168.10.10:445
  42. 10/09/2017-10:45:10.699181 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49285 -> 192.168.10.10:445
  43. 10/09/2017-10:45:27.729133 [**] [1:2010781:3] ET POLICY PsExec service created [**] [Classification: A suspicious filename was detected] [Priority: 2] {TCP} 192.168.10.31:49239 -> 192.168.10.30:445
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!