API tools faq
paste
Advertisement
James_inthe_box

pcap3

James_inthe_box
Jul 23rd, 2018
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.83 KB | None | 0 0
raw download clone embed print report
  1. {"timestamp":"2015-11-12T08:59:56.660046-0700","flow_id":923240658375246,"pcap_cnt":2356,"event_type":"alert","src_ip":"192.168.122.187","src_port":61902,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2012811,"rev":2,"signature":"ET DNS Query to a .tk domain - Likely Hostile","category":"Potentially Bad Traffic","severity":2}}
  2.  
  3. {"timestamp":"2015-11-12T08:59:57.653902-0700","flow_id":1375620973757876,"pcap_cnt":2422,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022090,"rev":3,"signature":"ET CURRENT_EVENTS Possible Nuclear EK Nov 13 2015 Landing URI struct","category":"A Network Trojan was detected","severity":1}}
  4.  
  5. {"timestamp":"2015-11-12T08:59:57.653902-0700","flow_id":1375620973757876,"pcap_cnt":2422,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  6.  
  7. {"timestamp":"2015-11-12T08:59:58.064817-0700","flow_id":1375620973757876,"pcap_cnt":2603,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2814162,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1","category":"A Network Trojan was detected","severity":1}}
  8.  
  9. {"timestamp":"2015-11-12T08:59:58.064817-0700","flow_id":1375620973757876,"pcap_cnt":2603,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2814492,"rev":3,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M1","category":"A Network Trojan was detected","severity":1}}
  10.  
  11. {"timestamp":"2015-11-12T08:59:58.064817-0700","flow_id":1375620973757876,"pcap_cnt":2603,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2814493,"rev":3,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M2","category":"A Network Trojan was detected","severity":1}}
  12.  
  13. {"timestamp":"2015-11-12T08:59:58.288564-0700","flow_id":1375620973757876,"pcap_cnt":2935,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2815213,"rev":2,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Dec 03 2015","category":"A Network Trojan was detected","severity":1}}
  14.  
  15. {"timestamp":"2015-11-12T08:59:58.288564-0700","flow_id":1375620973757876,"pcap_cnt":2935,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816022,"rev":2,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 29 M1","category":"A Network Trojan was detected","severity":1}}
  16.  
  17. {"timestamp":"2015-11-12T08:59:58.828670-0700","flow_id":1375620973757876,"pcap_cnt":3147,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2014726,"rev":112,"signature":"ET POLICY Outdated Flash Version M1","category":"Potential Corporate Privacy Violation","severity":1}}
  18.  
  19. {"timestamp":"2015-11-12T08:59:58.828670-0700","flow_id":1375620973757876,"pcap_cnt":3147,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2815133,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Nov 30 2015 IE","category":"A Network Trojan was detected","severity":1}}
  20.  
  21. {"timestamp":"2015-11-12T08:59:58.828670-0700","flow_id":1375620973757876,"pcap_cnt":3147,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  22.  
  23. {"timestamp":"2015-11-12T08:59:59.077514-0700","flow_id":1375620973757876,"pcap_cnt":3211,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2814766,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3","category":"A Network Trojan was detected","severity":1}}
  24.  
  25. {"timestamp":"2015-11-12T08:59:59.077514-0700","flow_id":1375620973757876,"pcap_cnt":3211,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2815221,"rev":2,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Flash Exploit Dec 03 2015","category":"A Network Trojan was detected","severity":1}}
  26.  
  27. {"timestamp":"2015-11-12T08:59:59.077514-0700","flow_id":1375620973757876,"pcap_cnt":3211,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2815808,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M1 with URI Primer","category":"A Network Trojan was detected","severity":1}}
  28.  
  29. {"timestamp":"2015-11-12T08:59:59.999627-0700","flow_id":1375620973757876,"pcap_cnt":3333,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2815133,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Nov 30 2015 IE","category":"A Network Trojan was detected","severity":1}}
  30.  
  31. {"timestamp":"2015-11-12T08:59:59.999627-0700","flow_id":1375620973757876,"pcap_cnt":3333,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  32.  
  33. {"timestamp":"2015-11-12T09:03:48.730132-0700","flow_id":1160163953672999,"pcap_cnt":5996,"event_type":"alert","src_ip":"192.168.122.187","src_port":49397,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  34.  
  35. {"timestamp":"2015-11-12T09:02:20.145714-0700","flow_id":715798040527884,"pcap_cnt":5849,"event_type":"alert","src_ip":"192.168.122.187","src_port":49391,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  36.  
  37. {"timestamp":"2015-11-12T08:59:54.550361-0700","flow_id":1537249182565775,"pcap_cnt":1647,"event_type":"alert","src_ip":"41.77.118.118","src_port":80,"dest_ip":"192.168.122.187","dest_port":49369,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2210054,"rev":1,"signature":"SURICATA STREAM excessive retransmissions","category":"Generic Protocol Command Decode","severity":3}}
  38.  
  39. {"timestamp":"2015-11-12T09:05:21.988845-0700","flow_id":907602703750829,"pcap_cnt":6144,"event_type":"alert","src_ip":"192.168.122.187","src_port":61317,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  40.  
  41. {"timestamp":"2015-11-12T09:05:21.988845-0700","flow_id":907602703750829,"pcap_cnt":6144,"event_type":"alert","src_ip":"192.168.122.187","src_port":61317,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812992,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (stopmigrationss.com)","category":"Potential Corporate Privacy Violation","severity":1}}
  42.  
  43. {"timestamp":"2015-11-12T09:00:00.762669-0700","flow_id":1385258880651033,"pcap_cnt":3368,"event_type":"alert","src_ip":"192.168.122.187","src_port":49379,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  44.  
  45. {"timestamp":"2015-11-12T09:00:09.998293-0700","flow_id":1375620973757876,"pcap_cnt":5613,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2814388,"rev":3,"signature":"ETPRO CURRENT_EVENTS possible Nuclear EK DHE traffic server to client","category":"A Network Trojan was detected","severity":1}}
  46.  
  47. {"timestamp":"2015-11-12T09:00:13.030579-0700","flow_id":998853558608468,"pcap_cnt":5628,"event_type":"alert","src_ip":"192.168.122.187","src_port":49381,"dest_ip":"188.165.164.184","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020105,"rev":2,"signature":"ET POLICY Possible IP Check ip-addr.es","category":"A Network Trojan was detected","severity":1}}
  48.  
  49. {"timestamp":"2015-11-12T09:05:29.944835-0700","flow_id":1213327066360515,"pcap_cnt":6148,"event_type":"alert","src_ip":"192.168.122.187","src_port":60497,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  50.  
  51. {"timestamp":"2015-11-12T09:05:29.944835-0700","flow_id":1213327066360515,"pcap_cnt":6148,"event_type":"alert","src_ip":"192.168.122.187","src_port":60497,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814292,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (malerstoniska.com)","category":"Potential Corporate Privacy Violation","severity":1}}
  52.  
  53. {"timestamp":"2015-11-12T09:01:47.609773-0700","flow_id":641529465691660,"pcap_cnt":5801,"event_type":"alert","src_ip":"192.168.122.187","src_port":49388,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  54.  
  55. {"timestamp":"2015-11-12T09:00:13.369842-0700","flow_id":1420928584705544,"pcap_cnt":5638,"event_type":"alert","src_ip":"192.168.122.187","src_port":49380,"dest_ip":"45.63.71.12","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014411,"rev":11,"signature":"ET TROJAN Fareit\/Pony Downloader Checkin 2","category":"A Network Trojan was detected","severity":1}}
  56.  
  57. {"timestamp":"2015-11-12T09:00:02.801716-0700","flow_id":1385258880651033,"pcap_cnt":3565,"event_type":"alert","src_ip":"192.168.122.187","src_port":49379,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  58.  
  59. {"timestamp":"2015-11-12T09:02:52.867789-0700","flow_id":1939829362164114,"pcap_cnt":5862,"event_type":"alert","src_ip":"192.168.122.187","src_port":49392,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  60.  
  61. {"timestamp":"2015-11-12T09:00:41.175403-0700","flow_id":783851791092649,"pcap_cnt":5660,"event_type":"alert","src_ip":"192.168.122.187","src_port":49382,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  62.  
  63. {"timestamp":"2015-11-12T09:02:53.255241-0700","flow_id":686970224003002,"pcap_cnt":5874,"event_type":"alert","src_ip":"192.168.122.187","src_port":49393,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  64.  
  65. {"timestamp":"2015-11-12T09:00:41.989918-0700","flow_id":797595688051098,"pcap_cnt":5676,"event_type":"alert","src_ip":"192.168.122.187","src_port":49383,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  66.  
  67. {"timestamp":"2015-11-12T09:03:18.470682-0700","flow_id":2064662588854176,"pcap_cnt":5921,"event_type":"alert","src_ip":"192.168.122.187","src_port":49396,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  68.  
  69. {"timestamp":"2015-11-12T09:04:26.731783-0700","flow_id":181499824092785,"pcap_cnt":6091,"event_type":"alert","src_ip":"192.168.122.187","src_port":49403,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  70.  
  71. {"timestamp":"2015-11-12T09:01:13.485116-0700","flow_id":1024855292890176,"pcap_cnt":5779,"event_type":"alert","src_ip":"192.168.122.187","src_port":49386,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  72.  
  73. {"timestamp":"2015-11-12T09:03:49.349726-0700","flow_id":685759046934135,"pcap_cnt":6008,"event_type":"alert","src_ip":"192.168.122.187","src_port":49398,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  74.  
  75. {"timestamp":"2015-11-12T09:01:46.809229-0700","flow_id":1684343228245905,"pcap_cnt":5791,"event_type":"alert","src_ip":"192.168.122.187","src_port":49387,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  76.  
  77. {"timestamp":"2015-11-12T09:04:44.013251-0700","flow_id":1270252558968327,"pcap_cnt":6137,"event_type":"alert","src_ip":"192.168.122.187","src_port":49406,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  78.  
  79. {"timestamp":"2015-11-12T09:04:10.215077-0700","flow_id":1411406656717243,"pcap_cnt":6072,"event_type":"alert","src_ip":"192.168.122.187","src_port":49401,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  80.  
  81. {"timestamp":"2015-11-12T09:04:26.372364-0700","flow_id":191395427154849,"pcap_cnt":6079,"event_type":"alert","src_ip":"192.168.122.187","src_port":49402,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
  82.  
  83. {"timestamp":"2015-11-12T09:05:12.636239-0700","flow_id":1447385603028303,"pcap_cnt":6142,"event_type":"alert","src_ip":"192.168.122.187","src_port":54368,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  84.  
  85. {"timestamp":"2015-11-12T09:05:12.636239-0700","flow_id":1447385603028303,"pcap_cnt":6142,"event_type":"alert","src_ip":"192.168.122.187","src_port":54368,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812990,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (blindpayallfor.com)","category":"Potential Corporate Privacy Violation","severity":1}}
  86.  
  87. {"timestamp":"2015-11-12T09:05:26.428017-0700","flow_id":310636609701873,"pcap_cnt":6146,"event_type":"alert","src_ip":"192.168.122.187","src_port":61630,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  88.  
  89. {"timestamp":"2015-11-12T09:05:26.428017-0700","flow_id":310636609701873,"pcap_cnt":6146,"event_type":"alert","src_ip":"192.168.122.187","src_port":61630,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814994,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (starswarsspecs.com)","category":"Potential Corporate Privacy Violation","severity":1}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!