[**] [139:1:1] (spp_sdf) SDF Combination Alert [**] [Classification: Senstive Data] [Priority: 2] 01/17-22:25:50.159746 101.0.76.7 -> 192.168.81.128 PROTO:254 TTL:128 TOS:0x0 ID:28509 IpLen:20 DgmLen:20 DF [**] [1:36635:3] EXPLOIT-KIT Angler exploit kit search uri request attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 01/17-22:25:51.489414 192.168.81.128:50104 -> 31.148.99.125:80 TCP TTL:128 TOS:0x0 ID:28532 IpLen:20 DgmLen:414 DF ***AP*** Seq: 0xF0BED8EA Ack: 0x8F9830FC Win: 0xFAF0 TcpLen: 20 [**] [139:1:1] (spp_sdf) SDF Combination Alert [**] [Classification: Senstive Data] [Priority: 2] 01/17-22:26:02.855386 31.148.99.125 -> 192.168.81.128 PROTO:254 TTL:128 TOS:0x0 ID:28545 IpLen:20 DgmLen:20 DF [**] [1:37014:1] EXPLOIT-KIT Angler exploit kit landing page detected [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 01/17-22:26:04.701331 31.148.99.125:80 -> 192.168.81.128:50104 TCP TTL:128 TOS:0x0 ID:28599 IpLen:20 DgmLen:16324 DF ***A**** Seq: 0x8F996F08 Ack: 0xF0BEDA60 Win: 0xF5A3 TcpLen: 20 [**] [1:36635:3] EXPLOIT-KIT Angler exploit kit search uri request attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 01/17-22:26:06.355855 192.168.81.128:50104 -> 31.148.99.125:80 TCP TTL:128 TOS:0x0 ID:28601 IpLen:20 DgmLen:577 DF ***AP*** Seq: 0xF0BEDA60 Ack: 0x8F99B52F Win: 0xFAF0 TcpLen: 20 [**] [1:36635:3] EXPLOIT-KIT Angler exploit kit search uri request attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 01/17-22:26:06.367325 192.168.81.128:50105 -> 31.148.99.125:80 TCP TTL:128 TOS:0x0 ID:28602 IpLen:20 DgmLen:505 DF ***AP*** Seq: 0xC9F681DD Ack: 0xE8DDFDC9 Win: 0xFAF0 TcpLen: 20 [**] [1:36635:3] EXPLOIT-KIT Angler exploit kit search uri request attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 01/17-22:26:17.312770 192.168.81.128:50105 -> 31.148.99.125:80 TCP TTL:128 TOS:0x0 ID:28605 IpLen:20 DgmLen:534 DF ***AP*** Seq: 0xC9F683AE Ack: 0xE8DDFE6F Win: 0xFA4A TcpLen: 20 [**] [139:1:1] (spp_sdf) SDF Combination Alert [**] [Classification: Senstive Data] [Priority: 2] 01/17-22:26:29.631382 31.148.99.125 -> 192.168.81.128 PROTO:254 TTL:128 TOS:0x0 ID:28645 IpLen:20 DgmLen:20 DF [**] [139:1:1] (spp_sdf) SDF Combination Alert [**] [Classification: Senstive Data] [Priority: 2] 01/17-22:27:15.253288 31.148.99.125 -> 192.168.81.128 PROTO:254 TTL:128 TOS:0x0 ID:28723 IpLen:20 DgmLen:20 DF [**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**] [Classification: A Network Trojan was detected] [Priority: 1] 01/17-22:28:18.853490 192.168.81.128:50107 -> 50.63.184.249:80 TCP TTL:128 TOS:0x0 ID:12496 IpLen:20 DgmLen:565 ***A**** Seq: 0xED02EC1B Ack: 0x8048AC68 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/] [**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**] [Classification: A Network Trojan was detected] [Priority: 1] 01/17-22:28:23.865306 192.168.81.128:50108 -> 50.63.184.249:80 TCP TTL:128 TOS:0x0 ID:12504 IpLen:20 DgmLen:535 ***A**** Seq: 0xB207C175 Ack: 0x5FF0B55A Win: 0xFAF0 TcpLen: 20 [Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/] [**] [139:1:1] (spp_sdf) SDF Combination Alert [**] [Classification: Senstive Data] [Priority: 2] 01/17-22:28:32.667407 50.63.184.249 -> 192.168.81.128 PROTO:254 TTL:128 TOS:0x0 ID:28890 IpLen:20 DgmLen:20 DF [**] [129:5:1] Bad segment, adjusted size <= 0 [**] [Classification: Potentially Bad Traffic] [Priority: 2] 01/17-22:28:39.120951 50.63.184.249:80 -> 192.168.81.128:50108 TCP TTL:128 TOS:0x0 ID:12551 IpLen:20 DgmLen:882 ***AP*** Seq: 0x5FF16B97 Ack: 0xB207C364 Win: 0xFAF0 TcpLen: 20 [**] [129:7:1] Limit on number of overlapping TCP packets reached [**] [Classification: Potentially Bad Traffic] [Priority: 2] 01/17-22:28:39.224408 50.63.184.249:80 -> 192.168.81.128:50108 TCP TTL:128 TOS:0x0 ID:12553 IpLen:20 DgmLen:1500 ***A**** Seq: 0x5FF154C7 Ack: 0xB207C364 Win: 0xFAF0 TcpLen: 20 [**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**] [Classification: A Network Trojan was detected] [Priority: 1] 01/17-22:28:45.467863 192.168.81.128:50109 -> 50.63.184.249:80 TCP TTL:128 TOS:0x0 ID:12619 IpLen:20 DgmLen:566 ***A**** Seq: 0xD64CEE1E Ack: 0xF8E31422 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/]