Dissecting PlugX to Extract Its Crown Jewels APT RAT Malware Backdoor Yara Rules IoCs LEVIATHAN

Leviathan is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security’s (MSS) Hainan State Security Department and an affiliated front company.[1] Active since at least 2009, Leviathan has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Europe, the Middle East, … Read more

APT – Advanced Persistent Threat – RAMNIT – Historical Traffic Sample

2011-07-29 23:09:35.899406 IP 68.87.73.246.53 > 172.29.0.116.1026: 23951 1/0/0 A 207.223.0.140 (50) E@.N..@.9…DWI….t.5…:..]…………star-trakers.com………………… 2011-07-29 23:09:35.899748 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S,…t……..3.”…..p….T………. 2011-07-29 23:09:38.820452 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S+…t……..3.”…..p….T………. 2011-07-29 23:09:44.728939 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags … Read more

APT TrojanCookies Malware Traffic Sample Trojan PCAP Download

Steal Web Session Cookie An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website. Cookies are … Read more

OnionDuke APT Malware Traffic Sample PCAP Download

OnionDuke OnionDuke is malware that was used by APT29 from 2013 to 2015. APT29 is threat group that has been attributed to Russia’s Foreign Intelligence Service (SVR).[1][2] They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. APT29 reportedly compromised the Democratic National Committee starting in the summer of 2015.[3][4][5][6] … Read more

Vintage Gh0st APT FTP Malware Traffic Sample Download PCAP

2012-08-05 22:50:40.647899 IP 192.168.106.141.1068 > 121.63.150.15.21: Flags [R.], seq 266, ack 1, win 0, length 0E..(.W@…….j.y?…,…..F.J.8P…….2012-08-05 22:50:40.648984 IP 192.168.106.141.1032 > 192.168.106.2.53: 10854+ A? netuser.dns1.us. (33)E..=.X…..w..j…j….5.)..*f………..netuser.dns1.us…..2012-08-05 22:50:40.698458 IP 192.168.106.2.53 > 192.168.106.141.1032: 10854 1/0/0 A 27.22.117.26 (49)E..M……K)..j…j..5…9N.*f………..netuser.dns1.us……………….u.2012-08-05 22:50:40.698958 IP 192.168.106.141.1069 > 27.22.117.26.23: Flags [S], seq 1192051896, win 64240, options [mss 1460,nop,nop,sackOK], length 0E..0.Y@…= ..j…u..-..G.D…..p…<………..2012-08-05 22:50:43.616747 IP 192.168.106.141.1069 … Read more