APT – Advanced Persistent Threat – RAMNIT – Historical Traffic Sample


Acronis Cyber Protect

2011-07-29 23:09:35.899406 IP 68.87.73.246.53 > 172.29.0.116.1026: 23951 1/0/0 A 207.223.0.140 (50)

E@.N..@.9…DWI….t.5…:..]…………star-trakers.com…………………

2011-07-29 23:09:35.899748 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0

E..0*.@…S,…t……..3.”…..p….T……….

2011-07-29 23:09:38.820452 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0

E..0*.@…S+…t……..3.”…..p….T……….

2011-07-29 23:09:44.728939 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0

E..0*.@…S*…t……..3.”…..p….T……….

2011-07-29 23:09:56.021599 IP 68.87.73.246.53 > 172.29.0.116.1026: 23649 NXDomain 0/1/0 (108)

E@….@.9..GDWI….t.5…t.N\a……….^Mufxsqnjtryrny.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L………      :…Q.

2011-07-29 23:09:56.021777 IP 172.29.0.116.1490 > 68.87.73.246.53: 32871+ A? ufxsqnjtryrny.com.hsd1.va.comcast.net. (55)

E..S*……     …tDWI….5.?@q.g……….^Mufxsqnjtryrny.com.hsd1.va.comcast.net…..

2011-07-29 23:09:56.032534 IP 68.87.73.246.53 > 172.29.0.116.1497: 30414 NXDomain 0/1/0 (114)

E@….@.9..ADWI….t.5…zN.v…………rykgnuncbedueeuevxg.com…… ………=.a.gtld-servers.net..nstld.verisign-grs. O..L……… :…Q.

2011-07-29 23:09:56.032702 IP 172.29.0.116.1497 > 68.87.73.246.53: 58106+ A? rykgnuncbedueeuevxg.com.hsd1.va.comcast.net. (61)

E..Y*……….tDWI….5.E……………rykgnuncbedueeuevxg.com.hsd1.va.comcast.net…..

2011-07-29 23:09:56.038572 IP 68.87.73.246.53 > 172.29.0.116.1498: 48158 NXDomain 0/1/0 (110)

E@….@.9..EDWI….t.5…v.G………….yssrqxyljwrioko.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L………     :…Q.

2011-07-29 23:09:56.038737 IP 172.29.0.116.1498 > 68.87.73.246.53: 54018+ A? yssrqxyljwrioko.com.hsd1.va.comcast.net. (57)



Leave a Comment