Loading... Additional Content is being loaded
Windows
Analysis Report
MV_TRANS-ASIA_I.xls
Overview
General Information
| Sample Name: | MV_TRANS-ASIA_I.xls |
| Analysis ID: | 1274208 |
| MD5: | 0c13eceb36bdde5263a3e2ecc3339407 |
| SHA1: | 19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f |
| SHA256: | fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5 |
| Tags: | xls |
| Infos: |   |
 |
|
Detection
Lokibot
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Sigma detected: EQNEDT32.EXE connecting to internet
Detected unpacking (overwrites its own PE header)
Yara detected Lokibot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Antivirus / Scanner detection for submitted sample
Sigma detected: File Dropped By EQNEDT32EXE
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file / registry access)
Yara detected aPLib compressed binary
Tries to steal Mail credentials (via file registry)
Shellcode detected
Excel sheet contains many unusual embedded objects
Office equation editor drops PE file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal ftp login credentials
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Office equation editor establishes network connection
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Contains functionality to download and execute PE files
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Searches the installation path of Mozilla Firefox
Enables debug privileges
Office Equation Editor has been started
Contains functionality to download and launch executables
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)
Classification
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Loki Password Stealer (PWS), LokiBot | "Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2 |
|
|
AV Detection |
  |
|---|
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Malware Configuration Extractor: |
||
| Source: |
ReversingLabs: |
|||
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
Avira: |
||
| Source: |
ReversingLabs: |
||
| Source: |
ReversingLabs: |
||
| Source: |
ReversingLabs: |
||
| Source: |
Joe Sandbox ML: |
||
| Source: |
Joe Sandbox ML: |
||
Exploits |
|
|---|
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Network connect: |
Jump to behavior | ||
| Source: |
Process created: |
||
| Source: |
Process created: |
||
Compliance |
|
|---|
| Source: |
Unpacked PE file: |
||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Code function: |
5_2_00403D74 | |
Software Vulnerabilities |
|
|---|
| Source: |
Code function: |
2_2_03640533 | |
| Source: |
Code function: |
2_2_03640505 | |
| Source: |
Code function: |
2_2_03640488 | |
| Source: |
Code function: |
2_2_036404A2 | |
| Source: |
Code function: |
2_2_0364040A | |
| Source: |
Code function: |
2_2_036403D5 | |
| Source: |
Code function: |
2_2_0364051E | |
| Source: |
Code function: |
2_2_03640558 | |
| Source: |
Code function: |
12_2_03590488 | |
| Source: |
Code function: |
12_2_03590505 | |
| Source: |
Code function: |
12_2_03590533 | |
| Source: |
Code function: |
12_2_03590558 | |
| Source: |
Code function: |
12_2_0359051E | |
| Source: |
Code function: |
12_2_035903D5 | |
| Source: |
Code function: |
12_2_0359040A | |
| Source: |
Code function: |
12_2_035904A2 | |
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
Networking |
|
|---|
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
URLs: |
||
| Source: |
URLs: |
||
| Source: |
URLs: |
||
| Source: |
URLs: |
||
| Source: |
HTTP traffic detected: | ||