分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-2 | 2020-07-05 22:38:43 | 2020-07-05 22:41:40 | 177 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | lantern.exe |
|---|---|
| 文件大小 | 23872288 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | db5089885374b97fab7b37aa553019a9 |
| SHA1 | 5c0beead2a472fcb092bd84f127d59ebfc8732be |
| SHA256 | 58b97866fc899efa16a3cdd27cf609424a608b6e127f9d350ee936da00990017 |
| SHA512 | 37e9f730f83a47d00e87b49debe6091326201811079cb2727c23cf45ac1b87c9333e1e7ec5883a1d1f80acb3fcb53843b60ff183be3089ab63b953bbcdd80077 |
| CRC32 | 186C1A85 |
| Ssdeep | 393216:54YDp64DRwZMEy/ovR9wpWj3VRfwlHoRfuTP66NT7OfX8TEPJV:5qvRJrPJV |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004014c0 |
| 声明校验值 | 0x016cecb4 |
| 最低操作系统版本要求 | 6.1 |
| 编译时间 | 2020-06-11 23:48:56 |
| 载入哈希 | 422cbadedb4d7aff942890ec0e83886f |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| e6cf8c8b17730d9a5827162e513f1a105cb82b48 | Thu Jun 11 23:49:07 2020 | WinVerifyTrust returned error 0x800B010A |
| 证书链 | Certificate Chain 1 |
| 发行给 | Go Daddy Secure Certificate Authority - G2 |
| 发行人 | Go Daddy Root Certificate Authority - G2 |
| 有效期 | Sat May 03 150000 2031 |
| SHA1 哈希 | 27ac9369faf25207bb2627cefaccbe4ef9c319b8 |
| 证书链 | Certificate Chain 2 |
| 发行给 | Brave New Software Project, Inc |
| 发行人 | Go Daddy Secure Certificate Authority - G2 |
| 有效期 | Sun Jun 26 024738 2022 |
| SHA1 哈希 | 83ec828d7708c026358d8f3bb8ba3e6034e07928 |
| 证书链 | Timestamp Chain 1 |
| 发行给 | Thawte Timestamping CA |
| 发行人 | Thawte Timestamping CA |
| 有效期 | Fri Jan 01 075959 2021 |
| SHA1 哈希 | be36a4562fb2ee05dbb3d32323adf445084ed656 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | Symantec Time Stamping Services CA - G2 |
| 发行人 | Thawte Timestamping CA |
| 有效期 | Thu Dec 31 075959 2020 |
| SHA1 哈希 | 6c07453ffdda08b83707c09b82fb3d15f35336b1 |
| 证书链 | Timestamp Chain 3 |
| 发行给 | Symantec Time Stamping Services Signer - G4 |
| 发行人 | Symantec Time Stamping Services CA - G2 |
| 有效期 | Wed Dec 30 075959 2020 |
| SHA1 哈希 | 65439929b67973eb192d6ff243e6767adf0834e4 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0078d184 | 0x0078d200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES | 6.08 |
| .data | 0x0078f000 | 0x00551b8c | 0x00551c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES | 7.08 |
| .rdata | 0x00ce1000 | 0x009e26e0 | 0x009e2800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES | 6.08 |
| .bss | 0x016c4000 | 0x0001de68 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES | 0.00 |
| .idata | 0x016e2000 | 0x00000d70 | 0x00000e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 5.26 |
| .CRT | 0x016e3000 | 0x00000034 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 0.28 |
| .tls | 0x016e4000 | 0x00000020 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 0.27 |
| .rsrc | 0x016e5000 | 0x000003b9 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 4.97 |
导入
库: KERNEL32.dll:
• 0x1ae2244 AddVectoredExceptionHandler
• 0x1ae2248 CloseHandle
• 0x1ae224c CreateEventA
• 0x1ae2250 CreateIoCompletionPort
• 0x1ae2254 CreateSemaphoreW
• 0x1ae2258 CreateThread
• 0x1ae225c CreateWaitableTimerA
• 0x1ae2260 DeleteCriticalSection
• 0x1ae2264 DuplicateHandle
• 0x1ae2268 EnterCriticalSection
• 0x1ae226c ExitProcess
• 0x1ae2270 FreeEnvironmentStringsW
• 0x1ae2274 GetConsoleMode
• 0x1ae2278 GetCurrentProcess
• 0x1ae227c GetCurrentProcessId
• 0x1ae2280 GetCurrentThreadId
• 0x1ae2284 GetEnvironmentStringsW
• 0x1ae2288 GetLastError
• 0x1ae228c GetModuleFileNameW
• 0x1ae2290 GetModuleHandleA
• 0x1ae2294 GetProcAddress
• 0x1ae2298 GetProcessAffinityMask
• 0x1ae229c GetQueuedCompletionStatus
• 0x1ae22a0 GetStartupInfoA
• 0x1ae22a4 GetStdHandle
• 0x1ae22a8 GetSystemDirectoryA
• 0x1ae22ac GetSystemInfo
• 0x1ae22b0 GetSystemTimeAsFileTime
• 0x1ae22b4 GetThreadContext
• 0x1ae22b8 GetTickCount
• 0x1ae22bc InitializeCriticalSection
• 0x1ae22c0 LeaveCriticalSection
• 0x1ae22c4 LoadLibraryA
• 0x1ae22c8 LoadLibraryW
• 0x1ae22cc PostQueuedCompletionStatus
• 0x1ae22d0 QueryPerformanceCounter
• 0x1ae22d4 QueryPerformanceFrequency
• 0x1ae22d8 ReleaseSemaphore
• 0x1ae22dc ResumeThread
• 0x1ae22e0 SetConsoleCtrlHandler
• 0x1ae22e4 SetErrorMode
• 0x1ae22e8 SetEvent
• 0x1ae22ec SetLastError
• 0x1ae22f0 SetProcessPriorityBoost
• 0x1ae22f4 SetThreadContext
• 0x1ae22f8 SetThreadPriority
• 0x1ae22fc SetUnhandledExceptionFilter
• 0x1ae2300 SetWaitableTimer
• 0x1ae2304 Sleep
• 0x1ae2308 SuspendThread
• 0x1ae230c SwitchToThread
• 0x1ae2310 TerminateProcess
• 0x1ae2314 TlsAlloc
• 0x1ae2318 TlsFree
• 0x1ae231c TlsGetValue
• 0x1ae2320 TlsSetValue
• 0x1ae2324 UnhandledExceptionFilter
• 0x1ae2328 VirtualAlloc
• 0x1ae232c VirtualFree
• 0x1ae2330 VirtualProtect
• 0x1ae2334 VirtualQuery
• 0x1ae2338 WaitForMultipleObjects
• 0x1ae233c WaitForSingleObject
• 0x1ae2340 WriteConsoleW
• 0x1ae2344 WriteFile
库: msvcrt.dll:
• 0x1ae234c __dllonexit
• 0x1ae2350 __getmainargs
• 0x1ae2354 __initenv
• 0x1ae2358 __lconv_init
• 0x1ae235c __set_app_type
• 0x1ae2360 __setusermatherr
• 0x1ae2364 _acmdln
• 0x1ae2368 _amsg_exit
• 0x1ae236c _beginthread
• 0x1ae2370 _cexit
• 0x1ae2374 _errno
• 0x1ae2378 _exit
• 0x1ae237c _fmode
• 0x1ae2380 _initterm
• 0x1ae2384 _iob
• 0x1ae2388 _lock
• 0x1ae238c _onexit
• 0x1ae2390 _snwprintf
• 0x1ae2394 calloc
• 0x1ae2398 exit
• 0x1ae239c fprintf
• 0x1ae23a0 fputc
• 0x1ae23a4 fputs
• 0x1ae23a8 free
• 0x1ae23ac fwprintf
• 0x1ae23b0 fwrite
• 0x1ae23b4 malloc
• 0x1ae23b8 memcmp
• 0x1ae23bc memcpy
• 0x1ae23c0 memset
• 0x1ae23c4 raise
• 0x1ae23c8 rand
• 0x1ae23cc realloc
• 0x1ae23d0 signal
• 0x1ae23d4 sprintf
• 0x1ae23d8 strcmp
• 0x1ae23dc strlen
• 0x1ae23e0 strncmp
• 0x1ae23e4 _unlock
• 0x1ae23e8 abort
• 0x1ae23ec vfprintf
• 0x1ae23f0 wcscpy
• 0x1ae23f4 _vsnprintf
• 0x1ae23f8 _write
库: USER32.dll:
• 0x1ae2400 MessageBoxW
库: WS2_32.dll:
• 0x1ae2408 WSAAddressToStringA
• 0x1ae240c WSAStringToAddressA
• 0x1ae2410 htonl
• 0x1ae2414 htons
• 0x1ae2418 ntohl
• 0x1ae241c ntohs
.text
``.data
.rdata
`@.bss
.idata
.rsrc
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20200703 |
| MicroWorld-eScan | 未发现病毒 | 20200703 |
| FireEye | 未发现病毒 | 20200703 |
| CAT-QuickHeal | 未发现病毒 | 20200703 |
| McAfee | 未发现病毒 | 20200703 |
| Cylance | 未发现病毒 | 20200703 |
| VIPRE | 未发现病毒 | 20200703 |
| SUPERAntiSpyware | 未发现病毒 | 20200703 |
| Sangfor | 未发现病毒 | 20200423 |
| CrowdStrike | 未发现病毒 | 20190702 |
| Alibaba | 未发现病毒 | 20190527 |
| K7GW | 未发现病毒 | 20200703 |
| K7AntiVirus | 未发现病毒 | 20200703 |
| Arcabit | 未发现病毒 | 20200703 |
| Invincea | 未发现病毒 | 20200502 |
| BitDefenderTheta | 未发现病毒 | 20200624 |
| Cyren | 未发现病毒 | 20200703 |
| Symantec | 未发现病毒 | 20200703 |
| TotalDefense | 未发现病毒 | 20200703 |
| APEX | 未发现病毒 | 20200701 |
| Paloalto | generic.ml | 20200703 |
| ClamAV | 未发现病毒 | 20200703 |
| Kaspersky | 未发现病毒 | 20200703 |
| BitDefender | 未发现病毒 | 20200703 |
| NANO-Antivirus | 未发现病毒 | 20200703 |
| AegisLab | 未发现病毒 | 20200703 |
| Tencent | 未发现病毒 | 20200703 |
| Ad-Aware | 未发现病毒 | 20200703 |
| TACHYON | 未发现病毒 | 20200703 |
| Emsisoft | 未发现病毒 | 20200703 |
| Comodo | 未发现病毒 | 20200703 |
| DrWeb | 未发现病毒 | 20200703 |
| Zillya | 未发现病毒 | 20200703 |
| TrendMicro | 未发现病毒 | 20200703 |
| Trapmine | 未发现病毒 | 20200619 |
| CMC | 未发现病毒 | 20200703 |
| Sophos | 未发现病毒 | 20200703 |
| SentinelOne | 未发现病毒 | 20200601 |
| Avast-Mobile | 未发现病毒 | 20200702 |
| Jiangmin | 未发现病毒 | 20200703 |
| Webroot | 未发现病毒 | 20200703 |
| Avira | 未发现病毒 | 20200703 |
| eGambit | 未发现病毒 | 20200703 |
| Antiy-AVL | 未发现病毒 | 20200703 |
| Kingsoft | 未发现病毒 | 20200703 |
| Endgame | 未发现病毒 | 20200608 |
| Microsoft | 未发现病毒 | 20200703 |
| ViRobot | 未发现病毒 | 20200703 |
| ZoneAlarm | 未发现病毒 | 20200703 |
| GData | 未发现病毒 | 20200703 |
| Cynet | 未发现病毒 | 20200628 |
| AhnLab-V3 | 未发现病毒 | 20200703 |
| Acronis | 未发现病毒 | 20200603 |
| VBA32 | BScope.Trojan.Metla | 20200702 |
| ALYac | 未发现病毒 | 20200703 |
| MAX | 未发现病毒 | 20200703 |
| Malwarebytes | 未发现病毒 | 20200703 |
| Zoner | 未发现病毒 | 20200703 |
| ESET-NOD32 | 未发现病毒 | 20200703 |
| TrendMicro-HouseCall | 未发现病毒 | 20200703 |
| Rising | 未发现病毒 | 20200703 |
| Yandex | 未发现病毒 | 20200703 |
| Ikarus | 未发现病毒 | 20200703 |
| MaxSecure | 未发现病毒 | 20200622 |
| Fortinet | 未发现病毒 | 20200703 |
| Cybereason | 未发现病毒 | 20190616 |
| Panda | 未发现病毒 | 20200703 |
| Qihoo-360 | 未发现病毒 | 20200703 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49240 | 13.224.0.13 | 443 |
| 192.168.122.202 | 49181 | 13.224.0.179 | 443 |
| 192.168.122.202 | 49216 | 13.224.2.97 | 443 |
| 192.168.122.202 | 49221 | 13.224.5.215 | 443 |
| 192.168.122.202 | 49207 | 13.224.5.239 | 443 |
| 192.168.122.202 | 49250 | 13.224.6.235 | 443 |
| 192.168.122.202 | 49183 | 13.249.4.69 | 443 |
| 192.168.122.202 | 49230 | 13.249.5.153 | 443 |
| 192.168.122.202 | 49182 | 13.249.6.25 | 443 |
| 192.168.122.202 | 49227 | 13.249.6.29 | 443 |
| 192.168.122.202 | 49217 | 13.249.6.32 | 443 |
| 192.168.122.202 | 49186 | 13.249.6.42 | 443 |
| 192.168.122.202 | 49248 | 13.249.6.69 | 443 |
| 192.168.122.202 | 49237 | 13.35.1.223 | 443 |
| 192.168.122.202 | 49245 | 13.35.2.171 | 443 |
| 192.168.122.202 | 49239 | 13.35.2.198 | 443 |
| 192.168.122.202 | 49179 | 13.35.3.125 | 443 |
| 192.168.122.202 | 49218 | 13.35.4.185 | 443 |
| 192.168.122.202 | 49213 | 13.35.4.222 | 443 |
| 192.168.122.202 | 49178 | 13.35.5.194 | 443 |
| 192.168.122.202 | 49190 | 13.35.6.167 | 443 |
| 192.168.122.202 | 49246 | 143.204.2.28 | 443 |
| 192.168.122.202 | 49214 | 143.204.5.190 | 443 |
| 192.168.122.202 | 49238 | 143.204.5.24 | 443 |
| 192.168.122.202 | 49247 | 143.204.6.25 | 443 |
| 192.168.122.202 | 49191 | 151.101.108.133 raw.githubusercontent.com | 443 |
| 192.168.122.202 | 49173 | 173.223.11.13 | 443 |
| 192.168.122.202 | 49171 | 184.87.194.13 | 443 |
| 192.168.122.202 | 49159 | 192.124.249.41 certificates.godaddy.com | 80 |
| 192.168.122.202 | 49170 | 2.21.34.13 | 443 |
| 192.168.122.202 | 49224 | 2.21.34.136 | 443 |
| 192.168.122.202 | 49168 | 2.21.34.157 | 443 |
| 192.168.122.202 | 49225 | 2.21.34.235 | 443 |
| 192.168.122.202 | 49231 | 20.194.3.251 | 443 |
| 192.168.122.202 | 49255 | 20.194.3.251 | 443 |
| 192.168.122.202 | 49235 | 205.251.212.172 | 443 |
| 192.168.122.202 | 49199 | 23.43.59.157 | 443 |
| 192.168.122.202 | 49169 | 23.50.53.165 | 443 |
| 192.168.122.202 | 49198 | 23.50.53.165 | 443 |
| 192.168.122.202 | 49233 | 23.50.53.165 | 443 |
| 192.168.122.202 | 49200 | 23.55.161.153 | 443 |
| 192.168.122.202 | 49176 | 23.55.163.81 | 443 |
| 192.168.122.202 | 49175 | 23.60.68.106 | 443 |
| 192.168.122.202 | 49226 | 23.60.68.47 | 443 |
| 192.168.122.202 | 49223 | 52.217.15.22 s3.amazonaws.com | 443 |
| 192.168.122.202 | 49222 | 52.222.129.229 | 443 |
| 192.168.122.202 | 49236 | 52.222.129.6 | 443 |
| 192.168.122.202 | 49242 | 52.222.130.134 | 443 |
| 192.168.122.202 | 49244 | 52.222.131.187 | 443 |
| 192.168.122.202 | 49219 | 52.222.131.210 | 443 |
| 192.168.122.202 | 49241 | 52.222.131.223 | 443 |
| 192.168.122.202 | 49252 | 54.182.2.116 | 443 |
| 192.168.122.202 | 49249 | 54.182.3.194 | 443 |
| 192.168.122.202 | 49229 | 54.182.3.206 | 443 |
| 192.168.122.202 | 49172 | 95.100.252.125 | 443 |
| 192.168.122.202 | 49174 | 96.17.68.70 | 443 |
| 192.168.122.202 | 49167 | 96.17.68.77 | 443 |
| 192.168.122.202 | 49185 | 99.84.3.16 | 443 |
| 192.168.122.202 | 49177 | 99.86.1.126 | 443 |
| 192.168.122.202 | 49220 | 99.86.3.14 | 443 |
| 192.168.122.202 | 49234 | 99.86.3.7 | 443 |
| 192.168.122.202 | 49232 | 99.86.5.135 | 443 |
| 192.168.122.202 | 49251 | 99.86.6.79 | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 53154 | 192.168.122.1 | 53 |
| 192.168.122.202 | 54949 | 192.168.122.1 | 53 |
| 192.168.122.202 | 55264 | 192.168.122.1 | 53 |
| 192.168.122.202 | 55957 | 192.168.122.1 | 53 |
| 192.168.122.202 | 60873 | 192.168.122.1 | 53 |
| 192.168.122.202 | 61249 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49240 | 13.224.0.13 | 443 |
| 192.168.122.202 | 49181 | 13.224.0.179 | 443 |
| 192.168.122.202 | 49216 | 13.224.2.97 | 443 |
| 192.168.122.202 | 49221 | 13.224.5.215 | 443 |
| 192.168.122.202 | 49207 | 13.224.5.239 | 443 |
| 192.168.122.202 | 49250 | 13.224.6.235 | 443 |
| 192.168.122.202 | 49183 | 13.249.4.69 | 443 |
| 192.168.122.202 | 49230 | 13.249.5.153 | 443 |
| 192.168.122.202 | 49182 | 13.249.6.25 | 443 |
| 192.168.122.202 | 49227 | 13.249.6.29 | 443 |
| 192.168.122.202 | 49217 | 13.249.6.32 | 443 |
| 192.168.122.202 | 49186 | 13.249.6.42 | 443 |
| 192.168.122.202 | 49248 | 13.249.6.69 | 443 |
| 192.168.122.202 | 49237 | 13.35.1.223 | 443 |
| 192.168.122.202 | 49245 | 13.35.2.171 | 443 |
| 192.168.122.202 | 49239 | 13.35.2.198 | 443 |
| 192.168.122.202 | 49179 | 13.35.3.125 | 443 |
| 192.168.122.202 | 49218 | 13.35.4.185 | 443 |
| 192.168.122.202 | 49213 | 13.35.4.222 | 443 |
| 192.168.122.202 | 49178 | 13.35.5.194 | 443 |
| 192.168.122.202 | 49190 | 13.35.6.167 | 443 |
| 192.168.122.202 | 49246 | 143.204.2.28 | 443 |
| 192.168.122.202 | 49214 | 143.204.5.190 | 443 |
| 192.168.122.202 | 49238 | 143.204.5.24 | 443 |
| 192.168.122.202 | 49247 | 143.204.6.25 | 443 |
| 192.168.122.202 | 49191 | 151.101.108.133 raw.githubusercontent.com | 443 |
| 192.168.122.202 | 49173 | 173.223.11.13 | 443 |
| 192.168.122.202 | 49171 | 184.87.194.13 | 443 |
| 192.168.122.202 | 49159 | 192.124.249.41 certificates.godaddy.com | 80 |
| 192.168.122.202 | 49170 | 2.21.34.13 | 443 |
| 192.168.122.202 | 49224 | 2.21.34.136 | 443 |
| 192.168.122.202 | 49168 | 2.21.34.157 | 443 |
| 192.168.122.202 | 49225 | 2.21.34.235 | 443 |
| 192.168.122.202 | 49231 | 20.194.3.251 | 443 |
| 192.168.122.202 | 49255 | 20.194.3.251 | 443 |
| 192.168.122.202 | 49235 | 205.251.212.172 | 443 |
| 192.168.122.202 | 49199 | 23.43.59.157 | 443 |
| 192.168.122.202 | 49169 | 23.50.53.165 | 443 |
| 192.168.122.202 | 49198 | 23.50.53.165 | 443 |
| 192.168.122.202 | 49233 | 23.50.53.165 | 443 |
| 192.168.122.202 | 49200 | 23.55.161.153 | 443 |
| 192.168.122.202 | 49176 | 23.55.163.81 | 443 |
| 192.168.122.202 | 49175 | 23.60.68.106 | 443 |
| 192.168.122.202 | 49226 | 23.60.68.47 | 443 |
| 192.168.122.202 | 49223 | 52.217.15.22 s3.amazonaws.com | 443 |
| 192.168.122.202 | 49222 | 52.222.129.229 | 443 |
| 192.168.122.202 | 49236 | 52.222.129.6 | 443 |
| 192.168.122.202 | 49242 | 52.222.130.134 | 443 |
| 192.168.122.202 | 49244 | 52.222.131.187 | 443 |
| 192.168.122.202 | 49219 | 52.222.131.210 | 443 |
| 192.168.122.202 | 49241 | 52.222.131.223 | 443 |
| 192.168.122.202 | 49252 | 54.182.2.116 | 443 |
| 192.168.122.202 | 49249 | 54.182.3.194 | 443 |
| 192.168.122.202 | 49229 | 54.182.3.206 | 443 |
| 192.168.122.202 | 49172 | 95.100.252.125 | 443 |
| 192.168.122.202 | 49174 | 96.17.68.70 | 443 |
| 192.168.122.202 | 49167 | 96.17.68.77 | 443 |
| 192.168.122.202 | 49185 | 99.84.3.16 | 443 |
| 192.168.122.202 | 49177 | 99.86.1.126 | 443 |
| 192.168.122.202 | 49220 | 99.86.3.14 | 443 |
| 192.168.122.202 | 49234 | 99.86.3.7 | 443 |
| 192.168.122.202 | 49232 | 99.86.5.135 | 443 |
| 192.168.122.202 | 49251 | 99.86.6.79 | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 53154 | 192.168.122.1 | 53 |
| 192.168.122.202 | 54949 | 192.168.122.1 | 53 |
| 192.168.122.202 | 55264 | 192.168.122.1 | 53 |
| 192.168.122.202 | 55957 | 192.168.122.1 | 53 |
| 192.168.122.202 | 60873 | 192.168.122.1 | 53 |
| 192.168.122.202 | 61249 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://certificates.godaddy.com/repository/gdig2.crt | GET /repository/gdig2.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: certificates.godaddy.com |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2020-07-05 22:40:25.516330+0800 | 192.168.122.202 | 49231 | 20.194.3.251 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
| 2020-07-05 22:40:25.517631+0800 | 20.194.3.251 | 443 | 192.168.122.202 | 49231 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2020-07-05 22:40:12.554186+0800 | 192.168.122.202 | 49167 | 96.17.68.77 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:13.152482+0800 | 192.168.122.202 | 49175 | 23.60.68.106 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:13.536252+0800 | 192.168.122.202 | 49173 | 173.223.11.13 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:13.197038+0800 | 192.168.122.202 | 49169 | 23.50.53.165 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:13.266445+0800 | 192.168.122.202 | 49185 | 99.84.3.16 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert Global CA G2 | C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net | 4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a |
| 2020-07-05 22:40:13.176082+0800 | 192.168.122.202 | 49178 | 13.35.5.194 | 443 | TLS 1.2 | C=US, ST=DE, L=Wilmington, O=Corporation Service Company, CN=Trusted Secure Certificate Authority 5 | C=GB, unknown=NW10 7HQ, ST=London, L=London, unknown=Park Royal, unknown=Lakeside Drive, O=Diageo Plc, OU=Diageo Plc, CN=www.diageohorizon.com | a7:2c:95:9d:16:cf:4c:58:f1:44:7f:84:ae:cd:91:6e:a4:95:31:15 |
| 2020-07-05 22:40:13.611478+0800 | 192.168.122.202 | 49172 | 95.100.252.125 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:13.239391+0800 | 192.168.122.202 | 49181 | 13.224.0.179 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.misumi.jp | b7:13:11:e7:9f:5d:9d:b2:ff:fd:52:b9:2f:db:ef:d8:e5:7b:dd:b4 |
| 2020-07-05 22:40:14.391771+0800 | 192.168.122.202 | 49179 | 13.35.3.125 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=CA, L=Solana Beach, O=Scientist, CN=*.scientist.com | 9e:49:ab:49:31:e2:14:20:da:ac:f5:da:e2:48:59:c5:ed:e2:99:88 |
| 2020-07-05 22:40:14.701368+0800 | 192.168.122.202 | 49191 | 151.101.108.133 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=www.github.com | 70:94:de:dd:e6:c4:69:48:3a:92:70:a1:48:56:78:2d:18:64:e0:b7 |
| 2020-07-05 22:40:15.155419+0800 | 192.168.122.202 | 49190 | 13.35.6.167 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA | C=KR, unknown=16677, ST=Gyeonggi-Do, L=Suwon-si, unknown=Yeongtong-gu, unknown=129, Samsung-ro, O=Samsung Electronics Co., Ltd., CN=*.test.samsunghealth.com | 9e:4d:17:f3:b8:0f:ca:83:d0:99:84:9c:ee:8e:94:31:cb:46:d2:53 |
| 2020-07-05 22:40:15.788052+0800 | 192.168.122.202 | 49171 | 184.87.194.13 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:13.610202+0800 | 192.168.122.202 | 49174 | 96.17.68.70 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:15.931623+0800 | 192.168.122.202 | 49199 | 23.43.59.157 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:15.942865+0800 | 192.168.122.202 | 49200 | 23.55.161.153 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:16.242291+0800 | 192.168.122.202 | 49198 | 23.50.53.165 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:16.735253+0800 | 192.168.122.202 | 49182 | 13.249.6.25 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=kaercher.com | a7:24:e3:ca:ce:55:61:9a:52:a2:f6:8b:16:ad:ce:ff:97:f5:e2:e0 |
| 2020-07-05 22:40:14.586969+0800 | 192.168.122.202 | 49186 | 13.249.6.42 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.hungama.com | 76:79:49:8d:b4:d0:bd:b6:16:c4:52:18:a6:b9:8c:10:d5:50:d4:4f |
| 2020-07-05 22:40:14.855424+0800 | 192.168.122.202 | 49183 | 13.249.4.69 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, OU=IT, CN=static.adobelogin.com | d7:f5:d0:00:26:cd:dd:71:53:75:cb:d3:6a:9b:84:6d:4f:e6:e6:73 |
| 2020-07-05 22:40:18.006788+0800 | 192.168.122.202 | 49168 | 2.21.34.157 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:18.795712+0800 | 192.168.122.202 | 49207 | 13.224.5.239 | 443 | TLS 1.2 | C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | OU=Domain Control Validated, CN=m.foxiri.com | be:e2:f2:2b:55:7f:97:21:40:24:3d:ee:7e:04:ad:0a:a7:57:01:82 |
| 2020-07-05 22:40:17.718046+0800 | 192.168.122.202 | 49170 | 2.21.34.13 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:22.670616+0800 | 192.168.122.202 | 49226 | 23.60.68.47 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:22.640819+0800 | 192.168.122.202 | 49218 | 13.35.4.185 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.lineblog.me | b2:5f:0d:02:8f:2d:26:eb:2a:17:7b:42:44:10:d5:c1:30:9d:b2:6d |
| 2020-07-05 22:40:22.460609+0800 | 192.168.122.202 | 49219 | 52.222.131.210 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=www.stg.forecast.elyza.ai | a4:d2:5e:7f:34:f3:bf:95:c0:73:5a:8a:dd:32:e6:7d:11:50:3e:ab |
| 2020-07-05 22:40:22.563479+0800 | 192.168.122.202 | 49221 | 13.224.5.215 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=appstore.good.com | a8:9f:a2:4a:32:d4:dd:aa:6f:81:99:98:6f:e8:2b:77:d2:5c:47:18 |
| 2020-07-05 22:40:23.207787+0800 | 192.168.122.202 | 49230 | 13.249.5.153 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.appservers.net | 7a:34:85:81:f4:53:a8:9a:b2:8e:4c:6d:80:59:05:5d:02:df:2f:d6 |
| 2020-07-05 22:40:23.623940+0800 | 192.168.122.202 | 49225 | 2.21.34.235 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:22.610129+0800 | 192.168.122.202 | 49213 | 13.35.4.222 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.coupang.net | d2:e8:f2:7f:dd:39:d5:c3:ed:ca:3a:38:69:c0:a1:94:86:4f:4f:7e |
| 2020-07-05 22:40:23.800646+0800 | 192.168.122.202 | 49227 | 13.249.6.29 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.samsungsmartcam.com | e5:96:55:b3:1f:fb:9f:6a:09:fe:d7:fd:1b:65:52:0b:33:bb:c4:3b |
| 2020-07-05 22:40:22.926559+0800 | 192.168.122.202 | 49220 | 99.86.3.14 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=support.atlassian.com | 4a:28:97:96:cd:8b:5e:62:a9:02:0c:34:a3:67:c4:14:83:4f:02:e8 |
| 2020-07-05 22:40:24.987019+0800 | 192.168.122.202 | 49224 | 2.21.34.136 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:25.803487+0800 | 192.168.122.202 | 49222 | 52.222.129.229 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte RSA CA 2018 | C=KR, ST=Gyeonggi-do, L=Suwon-si, O=SAMSUNG ELECTRONICS CO. LTD, OU=Service S/W Lab(VD), CN=*.samsungqbe.com | c1:6c:3f:04:e7:47:a3:2e:cf:c4:ee:86:0e:a0:c6:32:7b:ee:d9:5f |
| 2020-07-05 22:40:27.389160+0800 | 192.168.122.202 | 49223 | 52.217.15.22 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2 | C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=s3.amazonaws.com | 50:cf:be:64:52:a5:85:2a:58:6a:06:e1:39:4a:c6:3f:7f:56:b8:b3 |
| 2020-07-05 22:40:26.404581+0800 | 192.168.122.202 | 49235 | 205.251.212.172 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=media.edgenuity.com | e5:20:7a:16:e7:ee:6b:0a:21:fd:8a:83:e7:64:8e:65:50:f0:74:26 |
| 2020-07-05 22:40:29.681243+0800 | 192.168.122.202 | 49234 | 99.86.3.7 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=www.lifelockunlocked.com | 4e:04:b7:62:c0:19:f4:a7:6f:31:58:37:a2:03:4d:8e:ad:6f:f5:b1 |
| 2020-07-05 22:40:32.769505+0800 | 192.168.122.202 | 49240 | 13.224.0.13 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=twitchsvc-shadow.net | ba:dc:d0:4b:7b:83:04:80:f3:41:80:a2:4b:53:fb:5a:ac:8d:56:fe |
| 2020-07-05 22:40:33.642170+0800 | 192.168.122.202 | 49237 | 13.35.1.223 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=enigmasoftware.com | bc:70:8c:bc:26:5f:5b:0e:d3:9f:f6:52:4b:7f:e9:5f:c5:7f:5e:42 |
| 2020-07-05 22:40:32.592418+0800 | 192.168.122.202 | 49239 | 13.35.2.198 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=AU, ST=Western Australia, L=Cockburn Central, O=Department of Fire and Emergency Services, OU=ICT, CN=*.emergency.wa.gov.au | 3f:59:be:53:f0:ef:2e:81:f3:2d:9a:f3:70:94:64:5b:e0:d4:8f:78 |
| 2020-07-05 22:40:29.980909+0800 | 192.168.122.202 | 49236 | 52.222.129.6 | 443 | TLS 1.2 | C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | OU=Domain Control Validated, CN=*.tonglueyun.com | 7c:73:da:b0:48:bc:50:9a:83:72:94:94:ad:22:97:30:33:1f:52:4c |
| 2020-07-05 22:40:29.222841+0800 | 192.168.122.202 | 49216 | 13.224.2.97 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert Global CA G2 | C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net | 4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a |
| 2020-07-05 22:40:35.885869+0800 | 192.168.122.202 | 49242 | 52.222.130.134 | 443 | TLS 1.2 | C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 | OU=Domain Control Validated, OU=Gandi Standard Wildcard SSL, CN=*.qobuz.com | 26:f2:ac:a2:ec:b6:b7:9e:08:8c:35:91:c4:d6:87:18:ad:82:f8:e1 |
| 2020-07-05 22:40:33.722880+0800 | 192.168.122.202 | 49241 | 52.222.131.223 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=oihxray-beta.aka.amazon.com | a0:89:97:e8:28:b0:ff:0a:2e:51:33:51:b5:c9:cf:82:42:e8:68:ef |
| 2020-07-05 22:40:31.052173+0800 | 192.168.122.202 | 49233 | 23.50.53.165 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1 | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39 |
| 2020-07-05 22:40:43.523455+0800 | 192.168.122.202 | 49246 | 143.204.2.28 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.plivo.com | 9a:4d:2c:f3:20:ca:64:95:7e:ff:51:44:bd:41:24:67:08:38:bd:4e |
| 2020-07-05 22:40:48.467089+0800 | 192.168.122.202 | 49249 | 54.182.3.194 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=cdn.sw.altova.com | 0a:fc:50:b5:bf:37:33:62:36:fd:54:db:cd:99:c9:18:70:e4:09:76 |
| 2020-07-05 22:40:49.155654+0800 | 192.168.122.202 | 49250 | 13.224.6.235 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=rca-upload-cloudstation-us-east-2.qa.hydra.sophos.com | a8:ad:67:0e:94:1c:de:25:e3:29:02:6e:13:27:dc:4e:a0:d1:36:c3 |
| 2020-07-05 22:40:56.385930+0800 | 192.168.122.202 | 49251 | 99.86.6.79 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=rest.immobilienscout24.de | c4:7e:a2:ba:39:3d:25:43:fa:b2:a7:f6:77:ce:cd:c7:2a:61:4b:73 |
| 2020-07-05 22:41:01.286922+0800 | 192.168.122.202 | 49252 | 54.182.2.116 | 443 | TLS 1.2 | C=BR, ST=São Paulo, L=São José dos Campos, O=TrustSign Certificadora Dig. & Soluções Segurança da Inf. Ltda., CN=TrustSign BR Certification Authority (DV) 2 | OU=Domain Control Validated, OU=EssentialSSL Wildcard, CN=*.pontoslivelo.com.br | 80:4e:76:c0:0c:1c:90:99:cb:3f:64:e9:ec:f1:a6:f9:b0:25:89:34 |
| 2020-07-05 22:40:47.547655+0800 | 192.168.122.202 | 49248 | 13.249.6.69 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.line-scdn.net | 6a:48:25:87:09:75:20:76:af:a7:7a:1a:27:1b:6c:72:70:19:e1:de |
| 2020-07-05 22:40:42.976565+0800 | 192.168.122.202 | 49244 | 52.222.131.187 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=gluon-cv.mxnet.io | 8e:97:69:74:c2:01:6c:94:c2:0f:c7:00:bb:4b:37:61:b5:10:dc:dd |
| 2020-07-05 22:40:44.451483+0800 | 192.168.122.202 | 49245 | 13.35.2.171 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.lps.lottedfs.com | e9:99:71:61:0b:cb:50:87:9e:ca:fb:ef:70:61:ac:d4:71:87:cb:29 |
| 2020-07-05 22:40:26.268434+0800 | 192.168.122.202 | 49232 | 99.86.5.135 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.myharmony.com | bd:ff:14:87:2d:22:5a:61:35:df:59:29:2f:9e:2c:08:39:92:33:93 |
| 2020-07-05 22:40:45.238049+0800 | 192.168.122.202 | 49247 | 143.204.6.25 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.webdamdb.com | e3:87:b7:15:c3:13:8b:4a:e6:45:cc:19:c8:06:24:8b:34:df:7e:ac |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 85.292 seconds )
- 39.36 Static
- 15.612 Suricata
- 15.427 TargetInfo
- 7.932 BehaviorAnalysis
- 3.541 VirusTotal
- 2.692 NetworkAnalysis
- 0.527 peid
- 0.128 config_decoder
- 0.052 AnalysisInfo
- 0.018 Strings
- 0.003 Memory
Signatures ( 20.908 seconds )
- 16.351 network_http
- 1.864 md_url_bl
- 0.416 api_spamming
- 0.328 stealth_timeout
- 0.318 stealth_decoy_document
- 0.22 antiav_detectreg
- 0.126 antivm_generic_services
- 0.091 infostealer_ftp
- 0.056 antivm_generic_scsi
- 0.052 infostealer_im
- 0.047 stealth_file
- 0.047 reads_self
- 0.046 virus
- 0.046 md_domain_bl
- 0.044 bootkit
- 0.043 antianalysis_detectreg
- 0.035 mimics_filetime
- 0.033 antivm_generic_disk
- 0.033 anormaly_invoke_kills
- 0.033 antiav_detectfile
- 0.027 infostealer_mail
- 0.024 infostealer_browser_password
- 0.023 infostealer_bitcoin
- 0.022 antivm_vbox_libs
- 0.022 infostealer_browser
- 0.021 ipc_namedpipe
- 0.017 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.017 hancitor_behavior
- 0.016 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.016 ransomware_message
- 0.015 anomaly_persistence_autorun
- 0.015 kovter_behavior
- 0.014 maldun_anomaly_massive_file_ops
- 0.014 securityxploded_modules
- 0.014 geodo_banking_trojan
- 0.013 antiemu_wine_func
- 0.013 antivm_vbox_files
- 0.012 kibex_behavior
- 0.012 antivm_xen_keys
- 0.012 darkcomet_regkeys
- 0.011 sets_autoconfig_url
- 0.011 network_execute_http
- 0.011 exec_crash
- 0.01 injection_createremotethread
- 0.01 stealth_network
- 0.01 betabot_behavior
- 0.01 shifu_behavior
- 0.01 disables_wfp
- 0.009 disables_spdy
- 0.009 antivm_parallels_keys
- 0.008 antisandbox_sunbelt_libs
- 0.008 injection_runpe
- 0.008 antivm_generic_diskreg
- 0.008 ransomware_extensions
- 0.008 ransomware_files
- 0.007 antiav_avast_libs
- 0.007 office_dl_write_exe
- 0.007 recon_fingerprint
- 0.006 office_write_exe
- 0.006 antivm_vmware_libs
- 0.006 network_torgateway
- 0.005 network_document_http
- 0.005 antisandbox_sboxie_libs
- 0.005 antiav_bitdefender_libs
- 0.005 antidbg_devices
- 0.005 antisandbox_productid
- 0.005 disables_browser_warn
- 0.005 rat_pcclient
- 0.004 network_tor
- 0.004 anomaly_persistence_bootexecute
- 0.004 antivm_vbox_keys
- 0.004 antivm_vmware_keys
- 0.004 antivm_vpc_keys
- 0.004 maldun_anomaly_invoke_vb_vba
- 0.004 packer_armadillo_regkey
- 0.003 tinba_behavior
- 0.003 rat_nanocore
- 0.003 rat_luminosity
- 0.003 anomaly_reset_winsock
- 0.003 kelihos_behavior
- 0.003 creates_largekey
- 0.003 maldun_anomaly_write_exe_and_dll_under_winroot_run
- 0.003 creates_nullvalue
- 0.003 bypass_firewall
- 0.003 antivm_xen_keys
- 0.003 antivm_hyperv_keys
- 0.003 antivm_vbox_acpi
- 0.003 browser_security
- 0.002 hawkeye_behavior
- 0.002 dridex_behavior
- 0.002 kazybot_behavior
- 0.002 nymaim_behavior
- 0.002 cerber_behavior
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_system
- 0.002 antivm_vmware_files
- 0.002 browser_addon
- 0.002 modify_proxy
- 0.002 codelux_behavior
- 0.002 md_bad_drop
- 0.002 network_cnc_http
- 0.002 recon_programs
- 0.001 injection_explorer
- 0.001 antisandbox_suspend
- 0.001 ursnif_behavior
- 0.001 dyre_behavior
- 0.001 encrypted_ioc
- 0.001 network_bind
- 0.001 dead_connect
- 0.001 antidbg_windows
- 0.001 h1n1_behavior
- 0.001 sniffer_winpcap
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_cpu
- 0.001 antivm_vpc_files
- 0.001 banker_cridex
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 malicous_targeted_flame
- 0.001 maldun_network_blacklist
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 ransomware_radamant
- 0.001 rat_spynet
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.185 seconds )
- 0.878 ReportHTMLSummary
- 0.307 Malheur
| Task ID | 557767 |
|---|---|
| Mongo ID | 5f01e74b2f8f2e3864663912 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号