16
German - Deutsch / ET MALWARE LNKR CnC Activity
« on: April 22, 2020, 04:33:27 pm »
Muss ich mir Sorgen machen
suricata[25000]: {"timestamp": "2020-04-22T16:19:19.529290+0200", "flow_id": 672823041837867, "in_iface": "igb0", "event_type": "alert", "src_ip": "1xx.xx.xx", "src_port": 42204, "dest_ip": "172.64.198.30", "dest_port": 80, "proto": "TCP", "metadata": {"flowbits": ["FB550953_0", "FB180732_0"]}, "tx_id": 0, "alert": {"action": "allowed", "gid": 1, "signature_id": 2027421, "rev": 3, "signature": "ET MALWARE LNKR CnC Activity M3", "category": "A Network Trojan was Detected", "severity": 1, "metadata": {"updated_at": ["2019_06_03"], "performance_impact": ["Low"], "created_at": ["2019_06_03"], "signature_severity": ["Minor"], "deployment": ["Perimeter"], "attack_target": ["Client_Endpoint"], "affected_product": ["Web_Browser_Plugins", "Web_Browsers"], "former_category": ["ADWARE_PUP"]}}, "http": {"hostname": "jackyhillty.net", "url": "/metric/?mid=&wid=52641&sid=&tid=8886&rid=BEFORE_OPTOUT_REQ&t=1587565159488", "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firef
Bei der IP Adresse handelt es sich um eine Cloudflare, Inc., US
IP Address: 172.64.198.30
ASN #: AS13335 CLOUDFLARENET - Cloudflare, Inc., US
Location: Data unavailable.
Ich bin für jeden hinweiß dankbar!
MfG k0ns0l3
Code: [Select]
2020-04-22T16:19:19 suricata[25000]: [1:2027419:3] ET MALWARE LNKR CnC Activity M1 [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 1xx.xx.xx.xx:42202 -> 172.64.198.30:80
Code: [Select]
suricata[25000]: [1:2027420:3] ET MALWARE LNKR CnC Activity M2 [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 1xx.xx.xx.xx:42206 -> 172.64.198.30:80
Code: [Select]
suricata[25000]: [1:2027421:3] ET MALWARE LNKR CnC Activity M3 [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 1xx.x.xx.xx:42204 -> 172.64.198.30:80
suricata[25000]: {"timestamp": "2020-04-22T16:19:19.529290+0200", "flow_id": 672823041837867, "in_iface": "igb0", "event_type": "alert", "src_ip": "1xx.xx.xx", "src_port": 42204, "dest_ip": "172.64.198.30", "dest_port": 80, "proto": "TCP", "metadata": {"flowbits": ["FB550953_0", "FB180732_0"]}, "tx_id": 0, "alert": {"action": "allowed", "gid": 1, "signature_id": 2027421, "rev": 3, "signature": "ET MALWARE LNKR CnC Activity M3", "category": "A Network Trojan was Detected", "severity": 1, "metadata": {"updated_at": ["2019_06_03"], "performance_impact": ["Low"], "created_at": ["2019_06_03"], "signature_severity": ["Minor"], "deployment": ["Perimeter"], "attack_target": ["Client_Endpoint"], "affected_product": ["Web_Browser_Plugins", "Web_Browsers"], "former_category": ["ADWARE_PUP"]}}, "http": {"hostname": "jackyhillty.net", "url": "/metric/?mid=&wid=52641&sid=&tid=8886&rid=BEFORE_OPTOUT_REQ&t=1587565159488", "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firef
Bei der IP Adresse handelt es sich um eine Cloudflare, Inc., US
IP Address: 172.64.198.30
ASN #: AS13335 CLOUDFLARENET - Cloudflare, Inc., US
Location: Data unavailable.
Ich bin für jeden hinweiß dankbar!
MfG k0ns0l3