Unknown E-mail C2 Malware u.teknik.io PCAP file download traffic sample CHKDSK0.exe

017-11-29 20:09:32.668784 IP 192.168.1.102.51077 > 185.165.168.124.80: Flags [P.], seq 1471042674:1471043157, ack 3475486176, win 256, length 483: HTTP: GET /OrQwS.exe HTTP/1.1 E…a.@…r….f…|…PW.Tr.’..P…t…GET /OrQwS.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, …

Read More

Androm Smoke Smokeloader Trojan Downloader TEAMVIEWER Malware PCAP file download traffic analysis sample POST /getinfo.php

    2017-11-29 18:11:36.605607 IP 192.168.1.102.50722 > 185.81.113.106.80: Flags [P.], seq 4256379733:4256380219, ack 3603920812, win 256, length 486: HTTP: GET /ital2.exe HTTP/1.1 E…..@….h…f.Qqj.”.P..3U..w.P….e..GET /ital2.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, …

Read More

POST /xx/Panel/fre.php kenion.com.mx RAT Browser Password Stealer Malware PCAP file download Traffic Sample

  017-11-29 20:01:13.251874 IP 192.168.1.102.51041 > 108.179.194.43.80: Flags [P.], seq 3799269095:3799269589, ack 1911259101, win 256, length 494: HTTP: GET /doro/xxcryptrd.exe HTTP/1.1 E…8?@……..fl..+.a.P.t>.q…P….H..GET /doro/xxcryptrd.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, …

Read More

RIG Exploit Kit EK Delivers RAMNIT RAT Malware Backdoor Banking Trojan PCAP File Download Traffic Analysis

  2017-11-10 03:46:19.216224 IP 192.168.1.5.49186 > 18.195.19.123.80: Flags [P.], seq 1426946809:1426947166, ack 2995259417, win 16537, length 357: HTTP: GET /voluum/cebddddb-0f28-4087-99c3-690fa79f4804??track=48tmsGdksmgj383P=ad96939d842fae76905bea8a2c92a6dd HTTP/1.1 E…..@….,…….{.”.PU.z…..P.@..G..GET /voluum/cebddddb-0f28-4087-99c3-690fa79f4804??track=48tmsGdksmgj383P=ad96939d842fae76905bea8a2c92a6dd HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US …

Read More