Mafiaboy DDoS IRC botnet takes down eBay/ETRADE/Amazon and Yahoo at the same time – RATE THIS ATTACK

DDoS was a lot easier back in those days, I remember one of the attacks launched at an IRC user that lived in Romania that always made me laugh, instead of just DoS’n the user they DDoS’d the uplink that provided bandwidth to the entire country – YES – they took a country offline with … Read more

APT – Advanced Persistent Threat – RAMNIT – Historical Traffic Sample

2011-07-29 23:09:35.899406 IP 68.87.73.246.53 > 172.29.0.116.1026: 23951 1/0/0 A 207.223.0.140 (50) E@.N..@.9…DWI….t.5…:..]…………star-trakers.com………………… 2011-07-29 23:09:35.899748 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S,…t……..3.”…..p….T………. 2011-07-29 23:09:38.820452 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S+…t……..3.”…..p….T………. 2011-07-29 23:09:44.728939 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags … Read more

Remote Access Trojan RAT svchost.exe 163.172.160.227.4443 PCAP file download traffic sample

Download Attachments 1  vcleanDate added: January 26, 2018 5:47 am Added by: admin File size: 10 KB Downloads: 11 46 engines detected this file SHA-256 8a100d3324a2c579fcc56203d9f14e0d6e3448b3ed65769136c8dc21376ef0e5 File name vujpdi0f2gg.exe File size 135.5 KB Last analysis 2018-01-25 16:06:53 UTC Community score -192 Remote AccessContains a remote desktop related stringTries to identify its external IP addressUses network protocols on unusual portsPersistenceInjects into explorerModifies auto-execute functionality … Read more

Dridex Cridex Malware Banking Trojan PCAP file download traffic sample 144.76.246.246.443 fbl.com.sg/JHG76w23

Download Attachments 1  jhgDate added: January 26, 2018 5:40 am Added by: admin File size: 49 KB Downloads: 7 32 engines detected this file SHA-256 bad8a41d33fe0e4cce27f41005e498c0ac26eef9f59099ad2d538bc429e4d289 File name JHG76w23 File size 140 KB Last analysis 2018-01-26 03:17:24 UTC Community score -105 Ikarus Trojan.Kryptik Kaspersky Backdoor.Win32.Dridex.sr Malwarebytes Trojan.Dridex MAX malware (ai score=97) McAfee RDN/Generic.hbg McAfee-GW-Edition BehavesLike.Win32.PUPXAX.ch Palo Alto Networks generic.ml Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) SentinelOne … Read more

TOR Malware Botnet red.php PCAP file download traffic sample

Download Attachments 1  torbotnetDate added: January 26, 2018 5:50 am Added by: admin File size: 755 KB Downloads: 12 10 engines detected this file SHA-256 9b606e8e8e7ada9da2afdd3cea20d777f84da9f8b148a58385890e44743f733d File name red.php File size 488 KB Last analysis 2018-01-25 22:27:42 UTC 2018-01-25 22:23:49.279103 IP 192.168.1.102.52977 > 62.149.140.171.80: Flags [P.], seq 0:154, ack 1, win 256, length 154: HTTP: GET /agenti/red.php HTTP/1.1E…%M@…G….f>……P.U7. 5.P…W…GET /agenti/red.php HTTP/1.1User-Agent: Wget/1.19.4 (mingw32)Accept: … Read more