Google Chrome FAKE Download Update Malware SocGholish campaign loads NetSupport RAT PCAP File Download Traffic Sample

2019-08-26 15:03:01.209093 IP 10.8.26.101.51807 > 10.8.26.1.53: 44756+ A? mysocalledchaos.com. (37) E..A.O…… ..e …._.5.-……………mysocalledchaos.com….. 2019-08-26 15:03:01.353045 IP 10.8.26.101.49163 > 166.62.111.64.80: Flags [P.], seq 1:409, ack 1, win 256, length 408: HTTP: GET / HTTP/1.1 E….d@….. ..e.>o@…P.9…C.&P…….GET / HTTP/1.1 Host: mysocalledchaos.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding: gzip, deflate Accept-Language: en 2019-08-26 15:03:39.075406 IP 130.0.233.178.80 > 10.8.26.101.49214: Flags [P.], seq 17917:19120, ack 14190, win 451, length 1203: HTTP E…….1.[S…. ..e.P.>..Y,n.?xP…0…783dd8ca1563a9aa539aeb4137359091b485d367b384986c694f6d23061f3cb4dcbc61373d9f6e6b7a2d195873694c3dd98a63e44b3cb5dcd935a1d2d3f2d485d2e6a784996c3226759f9aa0c34b2c9c61373011859485c2724193dffb5b8d1c87251f3cb4d4b39ec8c260b19485d5a7b384997c993f9d26f23969e04a5b21673590919b7a2d1957a499653ccd8a60253a0a223acaa76735b0919e84c6e6a7c41d3bba9fdc8623097c94fcbc61373ed18594859282e173cf4afb899a4065537da0dcbc217303664694b5f2e6a784942d29d98a20e1686b93faea8700a5d0b19485d2e82690996c6d6cbce6927879839b9af7d14a60b19b44c6e6a6c40c682b3ebcf453d92b97ddb86137159091948493c2a785d9f938af1c263169baa3f87d653735b0919485d0278384995cb9fe1d263179ca421cbc61373d9f6e6b722067838499385bcf4d56351a7b938aec0400a2a7d7c255f2e6a245bd6c3de90f16927978922a4aa1173590999b7a2d115205bd6c3d8dec76a2696cf19b9b376750a706a3c38436878491ad19d98a50e199ca52a89a97c1f5d091948ddd19587361ed19d98a340349fb828cf9261063c0f4a312e5a0f154b96c3618ae60647f5b839b9af7d145b091948913c2a78429c94b4fcc3552181a223acc4137359e90b085d24603927e5aa8eecd46f3b94cb4dc9c6e7611909154f0b4f181128f8b7df98a60246b3cb41c1897f160f686b213c401e7a4996c3c58be60646f59f0ea7a76000d11659485f2e6a78658583dd99a14e07b6981887921773590999b7a2d1157a49d2d09d98a80301b49e048fd61373590919485d2e6e78499627cd 2019-08-26 15:03:39.075745 IP 10.8.26.101.49214 > 130.0.233.178.80: Flags [.], ack 19120, win 256, length 0 E..(..@…[. ..e…..>.Pn.?x..].P…………. 2019-08-26 15:03:39.168023 […]

OCTOPUS APT/2 Malware PCAP Download Traffic Analysis 88.198.204.196

2018-11-06 03:08:56.939686 IP 10.1.10.73.65480 > 10.1.10.100.55555: Flags [P.], seq 1:562, ack 1, win 2053, length 561 E..YJs@….} . I . d….*…….P…….GET /apt/DustSquad/OctopusDelphi.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://10.1.10.100:55555/apt/DustSquad/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2) Accept-Encoding: gzip, deflate Host: 10.1.10.100:55555 Connection: Keep-Alive 2018-11-06 03:08:56.939868 IP 10.1.10.100.55555 > 10.1.10.73.65480: Flags [.], ack 562, win 237, length 0 . I…….P……………………… 2018-11-06 03:09:11.604468 IP 148.251.185.168.80 > 10.1.10.73.65490: Flags [S.], seq 949224391, ack 3926170411, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length […]

RIG Exploit Kit EK Delivers LATENTBOT Malware APT 148.251.255.108 Trojan RAT PCAP file download traffic sample

2016-10-26 16:40:22.706650 IP 192.168.10.20.49625 > 54.200.153.243.80: Flags [P.], seq 1:257, ack 1, win 16475, length 256: HTTP: GET / HTTP/1.1 E..(A.@…”m.. .6……P…S….P.@[.G..GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: gadistrictkiwanis.org Connection: Keep-Alive 2016-10-26 16:40:22.869283 IP 54.200.153.243.80 > 192.168.10.20.49625: Flags [.], ack 257, win 123, length 0 E..( L@.1…6….. — ..R.4…P.X{./k..P.@[&i…….. 2016-10-26 16:40:30.096078 IP 192.168.10.20.49682 > 185.82.200.52.80: Flags [P.], seq 1:461, ack 1, win 16475, length 460: HTTP: GET /?wn-BcbCUKxnGDYA=l3SKfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWkpSG-BPeZ19C_JaSQbBt3w7xm7dHdJ0nxheF4DRXxewYQFFd HTTP/1.1 E…Kl@…gf.. ..R.4…P.X{./k..P.@[.’..GET /?wn-BcbCUKxnGDYA=l3SKfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWkpSG-BPeZ19C_JaSQbBt3w7xm7dHdJ0nxheF4DRXxewYQFFd HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://gadistrictkiwanis.org/ Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows […]

W32/Felix Iran APT/Malware Fake JPG senario104.jpg Binary PCAP file download Traffic Sample

Unknown IRAN fake image binary file file senario104.jpg senario104.jpg: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows   2016-10-23 01:32:16.438427 IP 192.168.1.102.58937 > 79.127.127.67.80: Flags [P.], seq 0:297, ack 1, win 64240, length 297: HTTP: GET /senario104.jpg HTTP/1.1 E..Q(R@…@….fO..C.9.P.R(.V…P…….GET /senario104.jpg HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: limlim00000.rozup.ir Connection: Keep-Alive — E..((|@…A….fO..C.<.P……;NP…’……… 2016-10-23 01:32:55.262559 IP 192.168.1.102.58940 > 79.127.127.67.80: Flags [P.], seq 0:203, ack 1, win 256, length 203: HTTP: GET /favicon.ico HTTP/1.1 E…(}@…@….fO..C.<.P……;NP…/a..GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; […]

Malware Remote Access Trojan RAT Infection traffic sample PCAP file download

Malware Remote Access Trojan RAT Infection traffic sample PCAP file download Please follow and like us: