APT – Advanced Persistent Threat – RAMNIT – Historical Traffic Sample

2011-07-29 23:09:35.899406 IP 68.87.73.246.53 > 172.29.0.116.1026: 23951 1/0/0 A 207.223.0.140 (50) E@.N..@.9…DWI….t.5…:..]…………star-trakers.com………………… 2011-07-29 23:09:35.899748 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S,…t……..3.”…..p….T………. 2011-07-29 23:09:38.820452 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S+…t……..3.”…..p….T………. 2011-07-29 23:09:44.728939 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags … Read more

APT TrojanCookies Malware Traffic Sample Trojan PCAP Download

Steal Web Session Cookie An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website. Cookies are … Read more

OnionDuke APT Malware Traffic Sample PCAP Download

OnionDuke OnionDuke is malware that was used by APT29 from 2013 to 2015. APT29 is threat group that has been attributed to Russia’s Foreign Intelligence Service (SVR).[1][2] They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. APT29 reportedly compromised the Democratic National Committee starting in the summer of 2015.[3][4][5][6] … Read more

Vintage Gh0st APT FTP Malware Traffic Sample Download PCAP

2012-08-05 22:50:40.647899 IP 192.168.106.141.1068 > 121.63.150.15.21: Flags [R.], seq 266, ack 1, win 0, length 0E..(.W@…….j.y?…,…..F.J.8P…….2012-08-05 22:50:40.648984 IP 192.168.106.141.1032 > 192.168.106.2.53: 10854+ A? netuser.dns1.us. (33)E..=.X…..w..j…j….5.)..*f………..netuser.dns1.us…..2012-08-05 22:50:40.698458 IP 192.168.106.2.53 > 192.168.106.141.1032: 10854 1/0/0 A 27.22.117.26 (49)E..M……K)..j…j..5…9N.*f………..netuser.dns1.us……………….u.2012-08-05 22:50:40.698958 IP 192.168.106.141.1069 > 27.22.117.26.23: Flags [S], seq 1192051896, win 64240, options [mss 1460,nop,nop,sackOK], length 0E..0.Y@…= ..j…u..-..G.D…..p…<………..2012-08-05 22:50:43.616747 IP 192.168.106.141.1069 … Read more

APT – Advanced Persistent Threat / MALWARE – Reedum – Historical Traffic Sample

1970-01-01 -4:-59:-35.7292 IP 10.0.2.15.1047 > 109.234.159.254.21: Flags [P.], seq 1:17, ack 62, win 64179, length 16 E..8.X@….p …m…….X{.a…?P…l…USER user37704 1970-01-01 -4:-59:-35.7292 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [.], ack 17, win 65535, length 0 E..(….@.`.m… ……….?X{.qP…|… 1970-01-01 -4:-59:-35.7866 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [P.], seq 62:141, ack 17, win 65535, length 79 E..w….@.`rm… ……….?X{.qP…kZ..331 ……………… ………… … Read more