API tools faq
paste
Advertisement
James_inthe_box

Pcap2

James_inthe_box
Jul 23rd, 2018
348
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.91 KB | None | 0 0
raw download clone embed print report
  1. {"timestamp":"2015-12-04T13:34:23.069876-0700","flow_id":1674100821922036,"pcap_cnt":27,"event_type":"alert","src_ip":"192.168.122.212","src_port":50007,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2012811,"rev":2,"signature":"ET DNS Query to a .tk domain - Likely Hostile","category":"Potentially Bad Traffic","severity":2}}
  2.  
  3. {"timestamp":"2015-12-04T13:34:23.581758-0700","flow_id":1594897330028709,"pcap_cnt":40,"event_type":"alert","src_ip":"192.168.122.212","src_port":49393,"dest_ip":"31.184.192.206","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014726,"rev":112,"signature":"ET POLICY Outdated Flash Version M1","category":"Potential Corporate Privacy Violation","severity":1}}
  4.  
  5. {"timestamp":"2015-12-04T13:34:23.581758-0700","flow_id":1594897330028709,"pcap_cnt":40,"event_type":"alert","src_ip":"192.168.122.212","src_port":49393,"dest_ip":"31.184.192.206","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022070,"rev":2,"signature":"ET CURRENT_EVENTS Possible Evil Redirector Leading to EK Nov 09 2015 M1","category":"A Network Trojan was detected","severity":1}}
  6.  
  7. {"timestamp":"2015-12-04T13:34:23.581758-0700","flow_id":1594897330028709,"pcap_cnt":40,"event_type":"alert","src_ip":"192.168.122.212","src_port":49393,"dest_ip":"31.184.192.206","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2023036,"rev":3,"signature":"ET CURRENT_EVENTS EITest Flash Redirect Aug 09 2016","category":"A Network Trojan was detected","severity":1}}
  8.  
  9. {"timestamp":"2015-12-04T13:34:23.581758-0700","flow_id":1594897330028709,"pcap_cnt":40,"event_type":"alert","src_ip":"192.168.122.212","src_port":49393,"dest_ip":"31.184.192.206","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  10.  
  11. {"timestamp":"2015-12-04T13:34:51.975792-0700","flow_id":546560239444432,"pcap_cnt":1115,"event_type":"alert","src_ip":"192.168.122.212","src_port":49401,"dest_ip":"72.167.232.35","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022284,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 5","category":"A Network Trojan was detected","severity":1}}
  12.  
  13. {"timestamp":"2015-12-04T13:34:54.091084-0700","flow_id":2186980048562327,"pcap_cnt":1130,"event_type":"alert","src_ip":"192.168.122.212","src_port":49402,"dest_ip":"82.150.140.22","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022284,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 5","category":"A Network Trojan was detected","severity":1}}
  14.  
  15. {"timestamp":"2015-12-04T13:34:27.383680-0700","flow_id":1095783475528806,"pcap_cnt":55,"event_type":"alert","src_ip":"192.168.122.212","src_port":49394,"dest_ip":"31.184.192.206","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022071,"rev":6,"signature":"ET CURRENT_EVENTS Possible Evil Redirector Leading to EK Nov 09 2015 M2","category":"A Network Trojan was detected","severity":1}}
  16.  
  17. {"timestamp":"2015-12-04T13:34:54.091084-0700","flow_id":2186980048562327,"pcap_cnt":1130,"event_type":"alert","src_ip":"192.168.122.212","src_port":49402,"dest_ip":"82.150.140.22","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022300,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 6","category":"A Network Trojan was detected","severity":1}}
  18.  
  19. {"timestamp":"2015-12-04T13:34:51.975792-0700","flow_id":546560239444432,"pcap_cnt":1115,"event_type":"alert","src_ip":"192.168.122.212","src_port":49401,"dest_ip":"72.167.232.35","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022300,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 6","category":"A Network Trojan was detected","severity":1}}
  20.  
  21. {"timestamp":"2015-12-04T13:34:27.383680-0700","flow_id":1095783475528806,"pcap_cnt":55,"event_type":"alert","src_ip":"192.168.122.212","src_port":49394,"dest_ip":"31.184.192.206","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
  22.  
  23. {"timestamp":"2015-12-04T13:36:24.588255-0700","flow_id":2004602858306015,"pcap_cnt":1160,"event_type":"alert","src_ip":"192.168.122.212","src_port":54224,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814159,"rev":1,"signature":"ETPRO TROJAN TeslaCrypt\/AlphaCrypt Variant .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  24.  
  25. {"timestamp":"2015-12-04T13:35:10.571079-0700","flow_id":2186980048562327,"pcap_cnt":1143,"event_type":"alert","src_ip":"82.150.140.22","src_port":80,"dest_ip":"192.168.122.212","dest_port":49402,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2021724,"rev":3,"signature":"ET TROJAN Alphacrypt\/TeslaCrypt Ransomware CnC Beacon Response","category":"A Network Trojan was detected","severity":1}}
  26.  
  27. {"timestamp":"2015-12-04T13:36:24.588255-0700","flow_id":2004602858306015,"pcap_cnt":1160,"event_type":"alert","src_ip":"192.168.122.212","src_port":54224,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2815297,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (softpay4562.com)","category":"Potential Corporate Privacy Violation","severity":1}}
  28.  
  29. {"timestamp":"2015-12-04T13:34:32.181205-0700","flow_id":1902090571197632,"pcap_cnt":297,"event_type":"alert","src_ip":"192.168.122.212","src_port":49398,"dest_ip":"188.120.247.14","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2811829,"rev":10,"signature":"ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit (IE) Jun 16 M1 T2","category":"A Network Trojan was detected","severity":1}}
  30.  
  31. {"timestamp":"2015-12-04T13:35:11.240855-0700","flow_id":2186980048562327,"pcap_cnt":1145,"event_type":"alert","src_ip":"192.168.122.212","src_port":49402,"dest_ip":"82.150.140.22","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2022284,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 5","category":"A Network Trojan was detected","severity":1}}
  32.  
  33. {"timestamp":"2015-12-04T13:35:11.240855-0700","flow_id":2186980048562327,"pcap_cnt":1145,"event_type":"alert","src_ip":"192.168.122.212","src_port":49402,"dest_ip":"82.150.140.22","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2022300,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 6","category":"A Network Trojan was detected","severity":1}}
  34.  
  35. {"timestamp":"2015-12-04T13:35:11.306332-0700","flow_id":2186980048562327,"event_type":"alert","src_ip":"82.150.140.22","src_port":80,"dest_ip":"192.168.122.212","dest_port":49402,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2021724,"rev":3,"signature":"ET TROJAN Alphacrypt\/TeslaCrypt Ransomware CnC Beacon Response","category":"A Network Trojan was detected","severity":1}}
  36.  
  37. {"timestamp":"2015-12-04T13:36:33.565235-0700","flow_id":1995716571149234,"pcap_cnt":1252,"event_type":"alert","src_ip":"46.151.52.195","src_port":80,"dest_ip":"192.168.122.212","dest_port":49408,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2815390,"rev":2,"signature":"ETPRO TROJAN AlphaCrypt Payment Page","category":"A Network Trojan was detected","severity":1}}
  38.  
  39. {"timestamp":"2015-12-04T13:34:51.584838-0700","flow_id":393607864081576,"pcap_cnt":1106,"event_type":"alert","src_ip":"192.168.122.212","src_port":49400,"dest_ip":"78.47.139.102","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019980,"rev":3,"signature":"ET POLICY Possible IP Check myexternalip.com","category":"Potential Corporate Privacy Violation","severity":1}}
  40.  
  41. {"timestamp":"2015-12-04T13:36:57.014504-0700","flow_id":1352802918545576,"pcap_cnt":1277,"event_type":"alert","src_ip":"192.168.122.212","src_port":54372,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814159,"rev":1,"signature":"ETPRO TROJAN TeslaCrypt\/AlphaCrypt Variant .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  42.  
  43. {"timestamp":"2015-12-04T13:36:57.014504-0700","flow_id":1352802918545576,"pcap_cnt":1277,"event_type":"alert","src_ip":"192.168.122.212","src_port":54372,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2815296,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (paybtc798.com)","category":"Potential Corporate Privacy Violation","severity":1}}
  44.  
  45. {"timestamp":"2015-12-04T13:37:28.696420-0700","flow_id":14920607899748,"pcap_cnt":1391,"event_type":"alert","src_ip":"192.168.122.212","src_port":53690,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814159,"rev":1,"signature":"ETPRO TROJAN TeslaCrypt\/AlphaCrypt Variant .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  46.  
  47. {"timestamp":"2015-12-04T13:37:28.696420-0700","flow_id":14920607899748,"pcap_cnt":1391,"event_type":"alert","src_ip":"192.168.122.212","src_port":53690,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2815299,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (btcpay435.com)","category":"Potential Corporate Privacy Violation","severity":1}}
  48.  
  49. {"timestamp":"2015-12-04T13:37:46.773546-0700","flow_id":1244294868028842,"pcap_cnt":1516,"event_type":"alert","src_ip":"192.168.122.212","src_port":60133,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814159,"rev":1,"signature":"ETPRO TROJAN TeslaCrypt\/AlphaCrypt Variant .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
  50.  
  51. {"timestamp":"2015-12-04T13:37:46.773546-0700","flow_id":1244294868028842,"pcap_cnt":1516,"event_type":"alert","src_ip":"192.168.122.212","src_port":60133,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020116,"rev":5,"signature":"ET POLICY DNS Query to .onion proxy Domain (onion.to)","category":"Potentially Bad Traffic","severity":2}}
  52.  
  53. {"timestamp":"2015-12-04T13:36:57.727622-0700","flow_id":893013784603375,"pcap_cnt":1311,"event_type":"alert","src_ip":"78.140.162.145","src_port":80,"dest_ip":"192.168.122.212","dest_port":49410,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2815390,"rev":2,"signature":"ETPRO TROJAN AlphaCrypt Payment Page","category":"A Network Trojan was detected","severity":1}}
  54.  
  55. {"timestamp":"2015-12-04T13:37:35.311872-0700","flow_id":1204059613282345,"pcap_cnt":1486,"event_type":"alert","src_ip":"88.85.64.142","src_port":80,"dest_ip":"192.168.122.212","dest_port":49420,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2815390,"rev":2,"signature":"ETPRO TROJAN AlphaCrypt Payment Page","category":"A Network Trojan was detected","severity":1}}
  56.  
  57. {"timestamp":"2015-12-04T13:35:10.397147-0700","flow_id":49288927159344,"pcap_cnt":1139,"event_type":"alert","src_ip":"192.168.122.212","src_port":49403,"dest_ip":"72.167.232.35","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022284,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 5","category":"A Network Trojan was detected","severity":1}}
  58.  
  59. {"timestamp":"2015-12-04T13:35:10.397147-0700","flow_id":49288927159344,"pcap_cnt":1139,"event_type":"alert","src_ip":"192.168.122.212","src_port":49403,"dest_ip":"72.167.232.35","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022300,"rev":2,"signature":"ET TROJAN AlphaCrypt CnC Beacon 6","category":"A Network Trojan was detected","severity":1}}
  60.  
  61. {"timestamp":"2015-12-04T13:36:27.843939-0700","flow_id":856523740307192,"pcap_cnt":1197,"event_type":"alert","src_ip":"46.151.52.195","src_port":80,"dest_ip":"192.168.122.212","dest_port":49404,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2815390,"rev":2,"signature":"ETPRO TROJAN AlphaCrypt Payment Page","category":"A Network Trojan was detected","severity":1}}
  62.  
  63. {"timestamp":"2015-12-04T13:37:12.997523-0700","flow_id":893013784603375,"pcap_cnt":1366,"event_type":"alert","src_ip":"78.140.162.145","src_port":80,"dest_ip":"192.168.122.212","dest_port":49410,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2815390,"rev":2,"signature":"ETPRO TROJAN AlphaCrypt Payment Page","category":"A Network Trojan was detected","severity":1}}
  64.  
  65. {"timestamp":"2015-12-04T13:37:29.512132-0700","flow_id":949269268290999,"pcap_cnt":1419,"event_type":"alert","src_ip":"88.85.64.142","src_port":80,"dest_ip":"192.168.122.212","dest_port":49416,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2815390,"rev":2,"signature":"ETPRO TROJAN AlphaCrypt Payment Page","category":"A Network Trojan was detected","severity":1}}
  66.  
  67. {"timestamp":"2015-12-04T13:38:14.929079-0700","flow_id":1007457472894914,"event_type":"alert","src_ip":"192.186.222.8","src_port":80,"dest_ip":"192.168.122.212","dest_port":49381,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019610,"rev":2,"signature":"ET TROJAN Possible EITest Flash Redirect","category":"A Network Trojan was detected","severity":1}}
  68.  
  69. {"timestamp":"2015-12-04T13:38:14.929079-0700","flow_id":1007457472894914,"event_type":"alert","src_ip":"192.186.222.8","src_port":80,"dest_ip":"192.168.122.212","dest_port":49381,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022479,"rev":3,"signature":"ET CURRENT_EVENTS EITest Evil Redirect Leading to EK Feb 01 2016","category":"A Network Trojan was detected","severity":1}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!