Victim IP
|
Max Score
|
Profiles
|
CCs
|
Events
|
192.168.1.171
|
1.3 |
VIEW 2 |
|
- 1:22514 (2) {tcp} Inbound Attack: GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt MAC_Dst: 00:30:48:30:03:AE; 445<-61689
- 1:2000047 {tcp} Egg Download: ET WORM Sasser Transfer _up.exe; 9996<-28862
- 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 9996->28862
|
192.168.1.100
|
0.8 |
VIEW 2 |
|
- 777:7777008 {tcp} Malware Scan: Detected intense malware port scanning of 120 IPs (103 /24s) (# pkts S/M/O/I=0/84/21/20): 5000:84
- 777:7777008 (3) {tcp} Malware Scan: Detected intense malware port scanning of 120 IPs (103 /24s) (# pkts S/M/O/I=0/84/21/20): 5000:84
|
192.168.1.175
|
2.7 |
VIEW 2 |
- 213.155.14.161 213.155.14.161 (Comp), -, Ossadchy - Osadchiy Yuriy, Ukraine, Malware Controller.
|
- 1:22514 {tcp} Inbound Attack: GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt MAC_Dst: 00:30:48:30:03:AE; 445<-4588
- 1:3300004 {tcp} Egg Download: BotHunter HTTP-based .exe Upload on backdoor port; 1031<-5679
- 1:2003070 {tcp} C&C Communication: ET WORM Korgo.U Reporting, [/index.php?id=jwekbvczvgnotwjm&scn=4&inf=0&ver=19&cnt=USA]; 1054->80
- 1:9920003 {tcp} Bot Space Access: BotHunter MTC confirmed botnet control server on standard port
|
128.18.30.247
|
0.8 |
VIEW 14 |
|
|
192.168.1.214
|
1.3 |
VIEW 2 |
|
- 1:22514 (2) {tcp} Inbound Attack: GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt MAC_Dst: 00:30:48:30:03:AE; 445<-59822
- 1:2000047 {tcp} Egg Download: ET WORM Sasser Transfer _up.exe; 9996<-60427
- 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 9996->60427
|
192.168.1.85
|
1.0 |
VIEW 5 |
- 69.30.238.162 69.30.238.162 (Dsl), Biglandingpro.Com, N-Lite Llc, Corona, California, United States.
- 184.154.48.82 184.154.48.82 (-), -, -, -.
|
- 1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->35711
- 1:552123 (9) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->59129
- 1:2002033 (2) {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->35711
- 1:552123 (13) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->59129
- 1:2016979 {tcp} Inbound Attack: ET WEB_SERVER suhosin.simulation PHP config option in uri, [/phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d ] MAC_Dst: 00:01:64:FF:CE:EA; 80<-56330
- 1:552123 (5) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->45879
- 1:552123 (2) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->39616
- 1:2016977 {tcp} Inbound Attack: ET WEB_SERVER allow_url_include PHP config option in uri MAC_Dst: 00:01:64:FF:CE:EA; 80<-56330
- 1:2016979 {tcp} Inbound Attack: ET WEB_SERVER suhosin.simulation PHP config option in uri, [/phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d ] MAC_Dst: 00:01:64:FF:CE:EA; 80<-56330
- 1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->38063
- 1:552123 (17) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->40878
|
192.168.1.232
|
2.7 |
VIEW 2 |
- 213.155.14.161 213.155.14.161 (Comp), -, Ossadchy - Osadchiy Yuriy, Ukraine, Malware Controller.
|
- 1:22514 {tcp} Inbound Attack: GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt MAC_Dst: 00:30:48:30:03:AE; 445<-3104
- 1:3300004 {tcp} Egg Download: BotHunter HTTP-based .exe Upload on backdoor port; 1031<-6478
- 1:2003070 {tcp} C&C Communication: ET WORM Korgo.U Reporting, [/index.php?id=xsgpamwvvbbggxbo&scn=0&inf=0&ver=19&cnt=USA]; 1032->80
- 1:9920003 {tcp} Bot Space Access: BotHunter MTC confirmed botnet control server on standard port
|
192.168.1.41
|
1.3 |
VIEW 21 |
|
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 52449->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 52449->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 32841->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 54384->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 48818->22
- 777:7777008 {tcp} Malware Scan: Detected intense malware port scanning of 21 IPs (14 /24s) (# pkts S/M/O/I=0/21/0/0): 22:21
- 1:2003068 (2) {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 54384->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 48773->22
- 777:7777008 {tcp} Malware Scan: Detected intense malware port scanning of 41 IPs (24 /24s) (# pkts S/M/O/I=0/41/0/0): 22:41
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 34055->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 58010->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 38583->22
- 777:7777008 {tcp} Malware Scan: Detected intense malware port scanning of 42 IPs (25 /24s) (# pkts S/M/O/I=0/41/1/0): 22:41
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 38898->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 39414->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 39629->22
- 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 39841->22
- 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 40049->22
|
192.168.1.170
|
0.8 |
VIEW 1 |
|
- 1:22514 (2) {tcp} Inbound Attack: GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt MAC_Dst: 00:30:48:30:03:AE; 445<-3654
- 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1022->3678
|