BETONLINE.AG poker betonline.ag PCAP file download Traffic Analysis Sample

Betonline.ag poker site pcap traffic sample   2017-09-25 15:49:10.187283 IP 192.168.1.102.57820 > 75.75.75.75.53: 27634+ A? poker.betonline.ag. (36) E..@.-………fKKKK…5.,[‘k…………poker betonline.ag….. 2017-09-25 15:49:12.457700 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 1454268158:1454268182, ack 2127766518, win 32458, length 24 E..@T.@…)….f2..h…2V.^.~.#.P.~..F…0…………………. 2017-09-25 15:49:12.589103 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 25, win 32452, length 0 E..(T.@…)….f2..h…2V._.~.$.P.~……….. 2017-09-25 15:49:47.366759 IP 192.168.1.102.49487 > 75.75.75.75.53: 8606+ A? www.google-analytics.com. (42) E..F………..fKKKK.O.5.2.;!…………www.google-analytics.com….. 2017-09-25 15:49:49.584408 IP 192.168.1.102.52369 > 75.75.75.75.53: 10203+ A? poker.tigergaming.com. (39) E..C./………fKKKK…5./D.’…………poker.tigergaming.com….. 2017-09-25 15:49:49.615175 IP 192.168.1.102.52369 > 75.75.76.76.53: 10203+ A? poker.tigergaming.com. (39) E..C<……….fKKLL…5./C.’…………poker.tigergaming.com….. 2017-09-25 15:50:07.611927 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 24:48, ack 25, win 32452, length 24 […]

Malware Trojan Downloader Dropper cubeupload.com PCAP file download traffic analysis

    43 engines detected this file SHA-256 b069e7d29889bcdcc61e7936ad4800d2563c8618135f40c50e4dbcdc9314f505 File name gfD4vo.jpg File size 522.61 KB Last analysis 2017-09-25 22:14:16 UTC   FILE 2 – Dropper   23 engines detected this file SHA-256 214325a508b6354286f0ba47afdf998ea8c5b87012d6fac08ec0e7a996ac1999 File name 2602033098198832.exe File size 266.49 KB Last analysis 2017-09-25 22:34:21 UTC Community score -11   2017-09-25 16:39:29.774994 IP 192.168.1.102.61160 > 75.75.75.75.53: 16676+ A? i.cubeupload.com. (34) E..>…….2…fKKKK…5.*z.A$………..i cubeupload.com….. 2017-09-25 16:39:29.812702 IP 192.168.1.102.56856 > 46.4.115.108.80: Flags [S], seq 1274466961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4..@….|…f..sl…PK……… …………….. 2017-09-25 16:39:29.934339 IP 192.168.1.102.56856 > 46.4.115.108.80: Flags [.], ack 217614345, win 256, length 0 E..(..@……..f..sl…PK…… P….b…….. 2017-09-25 16:39:30.010343 […]

Bor.uz Locky Ransomware Malware NO C2 Traffic Analysis PCAP file download

24 engines detected this file SHA-256 8feb981439774342fbe7c7a25c21d9cbae58f4cc13feb0ebf3657a85f2142158 File name YTkjdJH7w1.exe File size 591 KB Last analysis 2017-09-25 15:50:03 UTC AegisLab Ransom.Cerber.Smaly0!c Avast FileRepMalware AVG FileRepMalware Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 CrowdStrike Falcon malicious_confidence_100% (W) Cylance Unsafe 2017-09-25 16:50:29.002420 IP 192.168.1.102.57680 > 75.75.75.75.53: 45408+ A? bor.uz. (24) E..4…….”…fKKKK.P.5. #..`………..bor.uz….. 2017-09-25 16:50:29.529203 IP 192.168.1.102.56893 > 62.209.133.18.80: Flags [S], seq 2670765003, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4\.@….I…f>….=.P.0…….. …………….. 2017-09-25 16:50:29.719862 IP 192.168.1.102.56893 > 62.209.133.18.80: Flags [.], ack 1966844122, win 256, length 0 E..(\.@….T…f>….=.P.0..u;..P….A…….. 2017-09-25 16:50:29.731330 IP 192.168.1.102.56893 > 62.209.133.18.80: Flags [P.], seq 0:479, ack 1, win 256, length 479: HTTP: GET /YTkjdJH7w1 HTTP/1.1 […]

NEW LOCKY RANSOMWARE VARIANT g46mbrrzpfszonuk.onion NO C2 PCAP file download traffic analysis

49 engines detected this file SHA-256 ce48b278f8b823c25b222a33027248299bff3cdc2a6bdb0fdceecb0922dd790a File name jhdsgvc74 File size 653 KB Last analysis 2017-09-25 08:23:44 UTC Community score -78 ESET-NOD32 Win32/Filecoder.Locky.L F-Secure Trojan.RanSerKD.12397146 Fortinet W32/Locky.FWSD!tr.ransom GData Trojan.RanSerKD.12397146 Ikarus Trojan.Win32.Filecoder K7AntiVirus Trojan ( 0051497b1 ) K7GW Trojan ( 0051497b1 ) Kaspersky Trojan-Ransom.Win32.Locky.ztt 2017-09-25 17:50:32.217002 IP 192.168.1.102.58790 > 75.75.75.75.53: 46557+ A? ar-inversiones.com. (36) E..@…….:…fKKKK…5.,……………ar-inversiones.com….. 2017-09-25 17:50:32.397644 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [S], seq 2979498304, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4M5@…KU…f%.z4.’.P…@…… …………….. 2017-09-25 17:50:32.546454 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [.], ack 2169675136, win 256, length 0 E..(M6@…K`…f%.z4.’.P…A.R..P….w…….. 2017-09-25 17:50:32.556435 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [P.], seq 0:490, […]

NEW Locky Ransomware PCAP file download traffic analysis gokeenakte.top NO C2 Used

51 / 65 51 engines detected this file SHA-256 8514a2eca4090f400a43c4af915eb3ef6e9c15dabe69716189e7c68c72cfa285 File name 1 File size 617 KB Last analysis 2017-09-25 04:21:44 UTC Community score -50 2017-09-25 17:31:45.176820 IP 192.168.1.102.57004 > 47.89.249.183.80: Flags [P.], seq 0:482, ack 1, win 256, length 482: HTTP: GET /url/1 HTTP/1.1 E.. p @……..f/Y…..P!Ke.`…P…….GET /url/1 HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2) Accept-Encoding: gzip, deflate Host: gokeenakte.top Connection: Keep-Alive 2017-09-25 17:33:25.458134 IP 192.168.1.102.57009 > 91.203.5.162.80: Flags [S], seq 1347326132, […]