Fallout Exploit Kit Raccoon Stealer CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Raccoon Stealer Malware PCAP Download Traffic Sample

Fallout Exploit Kit is back and targeting the following CVE’s as of 4-8-2020: Vulnerabilities CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Fallout has been observed in the wild delivering the following malware payloads: Ransomware Stop – Ransomware GandCrab 5 – Ransomware Kraken Cryptor – Ransomware GandCrab – Ransomware Maze – Ransomware Fake Globe – Ransomware Minotaur – Ransomware Matrix – Ransomware Sodinokibi – Ransomware Raccoon Stealer – This sample (also known as Legion, Mohazo, and Racealer) is high-risk trojan-type application that stealthily infiltrates the system and collects personal information. Having this trojan installed on your computer might lead to various issues. 2020-02-24 19:34:02.651895 IP […]

Spelevo Exploit Kit EK Serves up Gozi Malware PCAP file download traffic sample

2020-02-19 19:23:32.510874 IP 192.168.4.239.49481 > 3.226.77.126.80: Flags [P.], seq 1:259, ack 1, win 258, length 258: HTTP: GET /go/141657/437555 HTTP/1.1E..*”.@………..M~.I.P….U.$.P….e..GET /go/141657/437555 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ps.popcash.netConnection: Keep-Alive 2020-02-19 19:23:32.511531 IP 192.168.4.239.49482 > 3.226.77.126.80: Flags [.], ack 1, win 258, length 0E..(“.@………..M~.J.P]L.$CG..P………….2020-02-19 19:23:32.754783 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [.], ack 259, win 237, length 0E..(..@.?.…M~…..P.IU.$…..P….%.. 2020-02-19 19:23:33.299047 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [P.], seq 1:485, ack 259, win 237, length 484: HTTP: HTTP/1.1 200 OK E…..@.?.(..M~…..P.IU.$…..P…….HTTP/1.1 200 OKDate: Wed, 19 Feb 2020 23:23:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveServer: nginxVary: Accept-EncodingContent-Encoding: gzip […]

Underminer Exploit Kit EK Delivers Unknown shorico.club Malware Drop PCAP file Download Traffic Analysis

MALICIOUS SUSPICIOUS INFO Changes settings of System certificates rundll32.exe (PID: 2164) Connects to CnC server rundll32.exe (PID: 2164) Loads dropped or rewritten executable regsvr32.exe (PID: 2852) regsvr32.exe (PID: 3052) regsvr32.exe (PID: 1660 2020-02-16 10:55:07.432210 IP 192.168.4.88.49367 > 35.168.149.183.80: Flags [P.], seq 1:259, ack 1, win 258, length 258: HTTP: GET /go/255951/527805 HTTP/1.1E..*..@…k….X#……P..hzS.;tP……GET /go/255951/527805 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ps.popcash.netConnection: Keep-Alive 2020-02-16 10:55:07.432941 IP 192.168.4.88.49368 > 35.168.149.183.80: Flags [.], ack 1, win 258, length 0E..(..@…l….X#……P.SY8..u.P………….2020-02-16 10:55:07.632809 IP 35.168.149.183.80 > 192.168.4.88.49367: Flags [.], ack 259, win 237, length 0E..(..@.?.7.#……X.P..S.;t..i|P…H…2020-02-16 10:55:07.933694 IP 35.168.149.183.80 […]

Purple Fox Exploit Kit EK Fileless Malware PCAP Download Traffic Sample

2019-12-05 15:20:54.943651 IP 192.168.1.145.56441 > 18.214.175.230.80: Flags [P.], seq 1:328, ack 1, win 258, length 327: HTTP: GET /go/230299/477450 HTTP/1.1E..o..@…b4………y.PbgP.JC:.P….e..GET /go/230299/477450 HTTP/1.1Accept: text/html, application/xhtml+xml, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ps.popcash.netConnection: Keep-AliveCookie: __cfduid=d41395b56de571502f14a5704988a2fdb1575573653 2019-12-05 15:20:54.944386 IP 192.168.1.145.56442 > 18.214.175.230.80: Flags [.], ack 1, win 258, length 0E..(..@…cz………z.P.T….”.P…C………2019-12-05 15:20:55.250974 IP 18.214.175.230.80 > 192.168.1.145.56441: Flags [.], ack 328, win 237, length 0E..(^.@.?.U……….P.yJC:.bgR5P…….2019-12-05 15:20:55.763441 IP 18.214.175.230.80 > 192.168.1.145.56441: Flags [P.], seq 1:479, ack 328, win 237, length 478: HTTP: HTTP/1.1 200 OKE…^.@.?.S4………P.yJC:.bgR5P…….HTTP/1.1 200 OKDate: Thu, 05 Dec 2019 19:20:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveServer: nginxVary: Accept-EncodingContent-Encoding: gzip […]

SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems worldwide as of August 2015. One of our dedicated servers was attacked by this DoSnet earlier this morning. We detected over 155,000 unique IP addresses involved in the attack and bandwidth spikes from 100MB/sec to 500MB/sec. The actual statistics are not confirmable as there was massive […]





Dashlane 5 - New and Improved!