myNetWatchman   KnowledgeBase

Pooling knowledge to
secure the internet.


mNW Reports  FAQ: mNW Reports




(Registered Users Only)


Look Up Incidents by IP Address
 

 

Newbiero infection attempt via open file share

Infected host: 10.1.1.1

Target host: 172.16.123.123

Note: IPs have been modified for privacy reasons 

    No. Time        Source           Destination          Protocol Info
   5610 1848.438014 10.1.1.1         172.16.123.123       NBNS     Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
   5611 1848.607173 172.16.123.123       10.1.1.1         NBNS     Name query response NBSTAT
   5629 1849.279296 10.1.1.1         172.16.123.123       NBSS     Session request
   5631 1849.438785 172.16.123.123       10.1.1.1         NBSS     Positive session response
   5632 1849.439746 10.1.1.1         172.16.123.123       SMB      Negotiate Protocol Request
   5633 1849.601297 172.16.123.123       10.1.1.1         SMB      Negotiate Protocol Response
   5634 1849.604834 10.1.1.1         172.16.123.123       SMB      Tree Connect AndX Request, Path: \\172.16.123.123\IPC$
   5635 1849.766564 172.16.123.123       10.1.1.1         SMB      Tree Connect AndX Response
   5636 1849.777757 10.1.1.1         172.16.123.123       SMB      Tree Connect AndX Request, Path: \\172.16.123.123\C
   5637 1849.940840 172.16.123.123       10.1.1.1         SMB      Tree Connect AndX Response
   5638 1849.943782 10.1.1.1         172.16.123.123       SMB      Open AndX Request, Path: \WINDOWS\SYSTEM\MSSE.INI
   5639 1850.102936 172.16.123.123       10.1.1.1         SMB      Open AndX Response, Error: File not found (pathname error)
   5640 1850.104086 10.1.1.1         172.16.123.123       SMB      Open AndX Request, Path: \WINDOWS\Start Menu\Programs\StartUp\mssg.exe
   5641 1850.264523 172.16.123.123       10.1.1.1         SMB      Open AndX Response, Error: Directory not found
   5643 1850.380633 10.1.1.1         172.16.123.123       TCP      2857 > netbios-ssn [ACK] Seq=434776789 Ack=2292426215 Win=17246 Len=0
   5758 1907.963792 10.1.1.1         172.16.123.123       SMB      Tree Disconnect Request
   5761 1908.122251 172.16.123.123       10.1.1.1         SMB      Tree Disconnect Response
   5762 1908.122784 10.1.1.1         172.16.123.123       SMB      Tree Disconnect Request
   5763 1908.282498 172.16.123.123       10.1.1.1         SMB      Tree Disconnect Response
   5764 1908.282946 10.1.1.1         172.16.123.123       TCP      2857 > netbios-ssn [FIN, ACK] Seq=434776867 Ack=2292426293 Win=17168 Len=0
   5766 1908.443327 172.16.123.123       10.1.1.1         TCP      netbios-ssn > 2857 [FIN, ACK] Seq=2292426293 Ack=434776868 Win=16684 Len=0
   5767 1908.443485 10.1.1.1         172.16.123.123       TCP      2857 > netbios-ssn [ACK] Seq=434776868 Ack=2292426294 Win=17168 Len=0