SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

  SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems … Read more SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

Malware PCAP Traffic Analysis – Can you name the different types of malware?

Be careful, it might not all be malware, adware, PUPs and innocuous traffic is in play. Download PCAP : netstream VM executables used will be included in the next post. 2016-08-25 20:40:37.831293 IP 192.168.1.102.51776 > 37.187.148.135.80: Flags [P.], seq 0:267, ack 1, win 256, length 267: HTTP: GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1 E..3?…..~^…f%….@.P.._.p?..P…^…GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1 Content-Type: application/x-www-form-urlencoded … Read more Malware PCAP Traffic Analysis – Can you name the different types of malware?

Traffic Sample PCAP of FakeAV Malware and Kazy Trojan Downloader

Two key indicators: FakeAV POST – POST /hrrgkkwhjdwwwww/order.php?pid=390 (attempting to setup a payment for the FakeAV with the pid linking to the current session) Trojan Downloader function – GET /week.exe HTTP/1.1     2015-08-27 11:39:35.045855 ARP, Request who-has 192.168.56.1 tell 192.168.56.10, length 28 …….. .’*….8 ……..8. 2015-08-27 11:39:35.046218 ARP, Reply 192.168.56.1 is-at 0a:00:27:00:00:00, length 46 …….. .’…..8. … Read more Traffic Sample PCAP of FakeAV Malware and Kazy Trojan Downloader

Androm Trojan Downloader Loads Zusy Emotet Banking Trojan Malware PCAP file download traffic sample az.exe 11.exe

50 engines detected this file SHA-256 5831264367b6ee1636606b2d9f46111cb7ab4b3b007e49e2f921df5f7d484f06 File name output.112714662.txt File size 128 KB Last analysis 2018-01-24 18:48:00 UTC Community score -1 VBA32 Backdoor.Androm VIPRE Trojan.Win32.Generic!BT ViRobot Trojan.Win32.Agent.131072.EN Webroot W32.Trojan.Emotet 37 engines detected this file SHA-256 b134507e22448a801b8a6d1fa6bc32a7d4b389afb15ec721b83e24bdde2e61e1 File name az.exe File size 409.5 KB Last analysis 2018-01-22 06:22:47 UTC Endgame malicious (high confidence) eScan Gen:Variant.Zusy.272363 … Read more Androm Trojan Downloader Loads Zusy Emotet Banking Trojan Malware PCAP file download traffic sample az.exe 11.exe