TOR Malware Botnet red.php PCAP file download traffic sample

Download Attachments 1  torbotnetDate added: January 26, 2018 5:50 am Added by: admin File size: 755 KB Downloads: 12 10 engines detected this file SHA-256 9b606e8e8e7ada9da2afdd3cea20d777f84da9f8b148a58385890e44743f733d File name red.php File size 488 KB Last analysis 2018-01-25 22:27:42 UTC 2018-01-25 22:23:49.279103 IP 192.168.1.102.52977 > 62.149.140.171.80: Flags [P.], seq 0:154, ack 1, win 256, length 154: HTTP: GET /agenti/red.php HTTP/1.1E…%M@…G….f>……P.U7. 5.P…W…GET /agenti/red.php HTTP/1.1User-Agent: Wget/1.19.4 (mingw32)Accept: … Read more

Androm Trojan Downloader Loads Zusy Emotet Banking Trojan Malware PCAP file download traffic sample az.exe 11.exe

50 engines detected this file SHA-256 5831264367b6ee1636606b2d9f46111cb7ab4b3b007e49e2f921df5f7d484f06 File name output.112714662.txt File size 128 KB Last analysis 2018-01-24 18:48:00 UTC Community score -1 VBA32 Backdoor.Androm VIPRE Trojan.Win32.Generic!BT ViRobot Trojan.Win32.Agent.131072.EN Webroot W32.Trojan.Emotet 37 engines detected this file SHA-256 b134507e22448a801b8a6d1fa6bc32a7d4b389afb15ec721b83e24bdde2e61e1 File name az.exe File size 409.5 KB Last analysis 2018-01-22 06:22:47 UTC Endgame malicious (high confidence) eScan Gen:Variant.Zusy.272363 … Read more

APT TrojanCookies Malware Traffic Sample Trojan PCAP Download

Steal Web Session Cookie An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website. Cookies are … Read more

OnionDuke APT Malware Traffic Sample PCAP Download

OnionDuke OnionDuke is malware that was used by APT29 from 2013 to 2015. APT29 is threat group that has been attributed to Russia’s Foreign Intelligence Service (SVR).[1][2] They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. APT29 reportedly compromised the Democratic National Committee starting in the summer of 2015.[3][4][5][6] … Read more

Vintage Gh0st APT FTP Malware Traffic Sample Download PCAP

2012-08-05 22:50:40.647899 IP 192.168.106.141.1068 > 121.63.150.15.21: Flags [R.], seq 266, ack 1, win 0, length 0E..(.W@…….j.y?…,…..F.J.8P…….2012-08-05 22:50:40.648984 IP 192.168.106.141.1032 > 192.168.106.2.53: 10854+ A? netuser.dns1.us. (33)E..=.X…..w..j…j….5.)..*f………..netuser.dns1.us…..2012-08-05 22:50:40.698458 IP 192.168.106.2.53 > 192.168.106.141.1032: 10854 1/0/0 A 27.22.117.26 (49)E..M……K)..j…j..5…9N.*f………..netuser.dns1.us……………….u.2012-08-05 22:50:40.698958 IP 192.168.106.141.1069 > 27.22.117.26.23: Flags [S], seq 1192051896, win 64240, options [mss 1460,nop,nop,sackOK], length 0E..0.Y@…= ..j…u..-..G.D…..p…<………..2012-08-05 22:50:43.616747 IP 192.168.106.141.1069 … Read more