Text Example

MyDoom DDoS $38 Billion Dollar P2P Malware Botnet PCAP Download Traffic Sample

Download Attachments

MyDoom Botnet

MyDoom has several methods of impacts, but main attacks are DDOS
MyDoom uses DGA for its P2P communications but also some Command and Control Server

Damage of an estimated $38.7 billion was caused by the fastest spreading malware Mydoom to Microsoft Windows-based computers. Spyware is a deadly malware that extracts a company’s confidential information without awareness of the company.

2019-07-15 13:00:22.289866 IP 10.7.15.101.51171 > 10.7.15.1.53: 48767+ MX? acm.org. (25)
E..5……..
..e
……5.!X…………..acm.org…..
2019-07-15 13:00:22.340366 IP 10.7.15.1.53 > 10.7.15.101.51171: 48767 1/0/0 MX mail.mailroute.net. 10 (59)
E..W…….G

..e.5…C……………acm.org………………
.mail mailroute.net.
2019-07-15 13:00:22.348650 IP 10.7.15.101.53658 > 10.7.15.1.53: 65013+ A? mail.mailroute.net. (36)
E..@……..
..e
……5.,$_………….mail mailroute.net…..
2019-07-15 13:00:22.382026 IP 10.7.15.1.53 > 10.7.15.101.53658: 65013 2/0/0 A 199.89.1.120, A 199.89.3.120 (68)
E.........= ... ..e.5...L...............mail mailroute.net..................Y.x.............Y.x 2019-07-15 13:00:22.382637 IP 10.7.15.101.49163 > 199.89.1.120.25: Flags [S], seq 3423424506, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4..@..... ..e.Y.x......O....... ................. 2019-07-15 13:00:22.501570 IP 199.89.1.120.25 > 10.7.15.101.49163: Flags [S.], seq 2591540629, ack 3423424507, win 64240, options [mss 1460], length 0 E..,......O..Y.x ..e.....w....O.…~…….
2019-07-15 13:00:22.501779 IP 10.7.15.101.49163 > 199.89.1.120.25: Flags [.], ack 1, win 64240, length 0
E..(..@…..
..e.Y.x……O..w..P….j..
2019-07-15 13:00:22.824195 IP 199.89.1.120.25 > 10.7.15.101.49163: Flags [P.], seq 1:66, ack 1, win 64240, length 65: SMTP: 220-in-014.lax.mailroute.net ESMTP Postfix – Postscreen enabled
E..i……Ot.Y.x
..e…..w….O.P…5…220-in-014.lax.mailroute.net ESMTP Postfix – Postscreen enabled

2019-07-15 13:00:22.928682 IP 10.7.15.101.49163 > 199.89.1.120.25: Flags [.], ack 66, win 64175, length 0
E..(..@…..
..e.Y.x……O..w..P….j..
2019-07-15 13:00:24.456432 IP 10.7.15.101.49164 > 157.130.29.226.1042: Flags [S], seq 824150712, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@…%;
..e……..1……… ..I…………..
2019-07-15 13:00:24.924489 IP 10.7.15.101.62796 > 10.7.15.1.53: 51271+ MX? lists.freedesktop.org. (39)
E..C…….}
..e
….L.5./…G………..lists.freedesktop.org…..
2019-07-15 13:00:24.988231 IP 10.7.15.101.53695 > 10.7.15.1.53: 22968+ MX? global.libreoffice.org. (40)
E..D…….{
..e
……5.0..Y…………global.libreoffice.org…..
2019-07-15 13:00:25.049108 IP 10.7.15.101.57533 > 10.7.15.1.53: 46764+ MX? global.libreoffice.org. (40)
E..D…….z
..e
……5.0……………global.libreoffice.org…..
2019-07-15 13:00:25.112279 IP 10.7.15.101.61829 > 10.7.15.1.53: 57956+ MX? documentfoundation.org. (40)
E..D…….y
..e
……5.09..d………..documentfoundation.org…..
2019-07-15 13:00:25.174765 IP 10.7.15.101.53237 > 10.7.15.1.53: 64071+ MX? libreoffice.org. (33)
E..=……..
..e
……5.)[u.G………..libreoffice.org…..
2019-07-15 13:00:25.237468 IP 10.7.15.101.50685 > 10.7.15.1.53: 56734+ MX? libreoffice.org. (33)
E..=…….~
..e
……5.)……………libreoffice.org…..
2019-07-15 13:00:25.939540 IP 10.7.15.101.62796 > 10.7.15.1.53: 51271+ MX? lists.freedesktop.org. (39)
E..C…….w
..e
….L.5./…G………..lists.freedesktop.org…..
2019-07-15 13:00:26.001128 IP 10.7.15.101.53695 > 10.7.15.1.53: 22968+ MX? global.libreoffice.org. (40)
E..D…….u
..e
……5.0..Y…………global.libreoffice.org…..
2019-07-15 13:00:26.062827 IP 10.7.15.101.57533 > 10.7.15.1.53: 46764+ MX? global.libreoffice.org. (40)
E..D…….t
..e
……5.0……………global.libreoffice.org…..
2019-07-15 13:00:26.126226 IP 10.7.15.101.61829 > 10.7.15.1.53: 57956+ MX? documentfoundation.org. (40)
E..D…….s
..e
……5.09..d………..documentfoundation.org…..
2019-07-15 13:00:26.187392 IP 10.7.15.101.53237 > 10.7.15.1.53: 64071+ MX? libreoffice.org. (33)
E..=…….y
:
2019-07-15 13:00:30.460095 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [P.], seq 1:54, ack 1, win 64240, length 53: SMTP: 220 gabe.freedesktop.org ESMTP Postfix (Debian/GNU)
E..]…………
..e….]`.k…
P….h..220 gabe.freedesktop.org ESMTP Postfix (Debian/GNU)

2019-07-15 13:00:30.460605 IP 10.7.15.101.49165 > 131.252.210.177.25: Flags [P.], seq 1:15, ack 54, win 64187, length 14: SMTP: EHLO acm.org
E..6..@…..
..e………..
]`..P….T..EHLO acm.org

2019-07-15 13:00:30.460715 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [.], ack 15, win 64240, length 0
E..(…………
..e….]......P....n.. 2019-07-15 13:00:30.541199 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [S.], seq 678655145, ack 2272612538, win 64240, options [mss 1460], length 0 E..,......y.Y.D. ..e....(st..uP.………..
2019-07-15 13:00:30.541436 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [.], ack 1, win 64240, length 0
E..(..@…A.
..eY.D……uP.(st.P….R..
2019-07-15 13:00:30.601674 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [P.], seq 54:197, ack 15, win 64240, length 143: SMTP: 250-gabe.freedesktop.org
E……….?….
..e….]`……P…%]..250-gabe.freedesktop.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

2019-07-15 13:00:30.602630 IP 10.7.15.101.49165 > 131.252.210.177.25: Flags [P.], seq 15:43, ack 197, win 64044, length 28: SMTP: MAIL FROM:fdrake@acm.org
E..D..@…..
..e…………]`./P..,QQ..MAIL FROM:fdrake@acm.org

2019-07-15 13:00:30.602753 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [.], ack 43, win 64240, length 0
E..(…………
..e….]./...4P....... 2019-07-15 13:00:30.735767 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [P.], seq 197:211, ack 43, win 64240, length 14: SMTP: 250 2.1.0 Ok E..6............ ..e....]./…4P…nf..250 2.1.0 Ok

2019-07-15 13:00:30.736105 IP 10.7.15.101.49165 > 131.252.210.177.25: Flags [P.], seq 43:88, ack 211, win 64030, length 45: SMTP: RCPT TO:libreoffice@lists.freedesktop.org
E..U..@…..
..e………..4]`.=P…….RCPT TO:libreoffice@lists.freedesktop.org

2019-07-15 13:00:30.736205 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [.], ack 88, win 64240, length 0
E..(…………
..e….]`.=…aP…….
2019-07-15 13:00:31.087379 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 1:62, ack 1, win 64240, length 61: SMTP: 220 vm194.documentfoundation.org ESMTP Postfix (Debian/GNU)
E..e……y.Y.D.
..e….(st..uP.P…….220 vm194.documentfoundation.org ESMTP Postfix (Debian/GNU)

2019-07-15 13:00:31.087804 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [P.], seq 1:30, ack 62, win 64179, length 29: SMTP: EHLO global.libreoffice.org
E..E..@…A.
..eY.D……uP.(st.P….l..EHLO global.libreoffice.org

2019-07-15 13:00:31.087907 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [.], ack 30, win 64240, length 0
E..(……y.Y.D.
..e….(st..uP.P…….
2019-07-15 13:00:31.270207 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 62:203, ack 30, win 64240, length 141: SMTP: 250-vm194.documentfoundation.org
E………y9Y.D.
..e….(st..uP.P…….250-vm194.documentfoundation.org
250-PIPELINING
250-SIZE 41943040
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

2019-07-15 13:00:31.271261 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [P.], seq 30:77, ack 203, win 64038, length 47: SMTP: MAIL FROM:postmaster@global.libreoffice.org
E..W..@…A.
..eY.D……uP.(sutP..&….MAIL FROM:postmaster@global.libreoffice.org

2019-07-15 13:00:31.271380 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [.], ack 77, win 64240, length 0
E..(……y.Y.D.
..e….(sut.uQ.P….<.. 2019-07-15 13:00:31.481963 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 203:217, ack 77, win 64240, length 14: SMTP: 250 2.1.0 Ok
E..6……y.Y.D.
..e….(sut.uQ.P…s…250 2.1.0 Ok

2019-07-15 13:00:31.482279 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [P.], seq 77:121, ack 217, win 64024, length 44: SMTP: RCPT TO:marketing@global.libreoffice.org
E..T..@…A.
..eY.D……uQ.(su.P….2..RCPT TO:marketing@global.libreoffice.org

2019-07-15 13:00:31.482382 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [.], ack 121, win 64240, length 0
E..(……y.Y.D.
..e….(su..uQ2P…….
2019-07-15 13:00:31.686040 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 217:291, ack 121, win 64240, length 74: SMTP: 450 4.7.25 Client host rejected: cannot find your hostname, [173.46.3.9]
E..r……yxY.D.
..e….(su..uQ2P….e..450 4.7.25 Client host rejected: cannot find your hostname, [173.46.3.9]
2019-07-15 13:01:10.499434 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15417, win 64240, length 0
E..(……48.F(g
..e…;….D…P…]…
2019-07-15 13:01:10.499471 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15417:15490, ack 277, win 63964, length 73: SMTP: CsT9qUFJrxQMiBqS5+ujrJr2AxIIs09LsG+iA3CPkMqtdS2sgcamxnnGrtA4ivDGLtbED1P
E..q.*@….C
..e.F(g.;..D…….P…….CsT9qUFJrxQMiBqS5+ujrJr2AxIIs09LsG+iA3CPkMqtdS2sgcamxnnGrtA4ivDGLtbED1P

2019-07-15 13:01:10.499509 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15490, win 64240, length 0
E..(……47.F(g
..e…;….D..5P…]z..
2019-07-15 13:01:10.499581 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15490:15568, ack 277, win 63964, length 78: SMTP: E7QcAFvXa9SwaF1MA+25XC6Xb+5j72HwbPEgNsvlcvJT82X0dPX2abBcLrdR9274Z/lz+rkty1Y9
E..v.+@….=
..e.F(g.;..D..5….P…FB..E7QcAFvXa9SwaF1MA+25XC6Xb+5j72HwbPEgNsvlcvJT82X0dPX2abBcLrdR9274Z/lz+rkty1Y9

2019-07-15 13:01:10.499614 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15568, win 64240, length 0
E..(……46.F(g
..e…;….D…P…],..
2019-07-15 13:01:10.499657 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15568:15646, ack 277, win 63964, length 78: SMTP: VGVtRtNw2zXLZtTVctbXB9h5Stc122bZ2kk629xG3S9X13Vd3hvfD+AL4RPixF3TNE3j5OXm52Lo
E..v.,@….<
..e.F(g.;..D…….P….*..VGVtRtNw2zXLZtTVctbXB9h5Stc122bZ2kk629xG3S9X13Vd3hvfD+AL4RPixF3TNE3j5OXm52Lo

2019-07-15 13:01:10.499691 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15646, win 64240, length 0
E..(……45.F(g
..e…;….D…P……
2019-07-15 13:01:10.499734 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15646:15724, ack 277, win 63964, length 78: SMTP: ayRiB6m+hApMrsThtQk5GBJlW44m81qQKIQEp2QE4j0jTGYk/2GSAblMTNfzYTeCklCW7FAxj2Rb
E..v.-@….;
..e.F(g.;..D…….P….O..ayRiB6m+hApMrsThtQk5GBJlW44m81qQKIQEp2QE4j0jTGYk/2GSAblMTNfzYTeCklCW7FAxj2Rb

2019-07-15 13:01:10.499767 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15724, win 64240, length 0
E..(……44.F(g
..e…;….D…P……
2019-07-15 13:01:10.499810 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15724:15803, ack 277, win 63964, length 79: SMTP: 2NcgGtBqBSLnY giJR0CBABxailQGXkwC0KBXZVbPzoFEy/y8ip3S5Nl4Dcv9kIc7Nsh3/GkPxg5D
E..w..@….9
..e.F(g.;..D…….P…l…2NcgGtBqBSLnY giJR0CBABxailQGXkwC0KBXZVbPzoFEy/y8ip3S5Nl4Dcv9kIc7Nsh3/GkPxg5D

2019-07-15 13:01:10.499843 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15803, win 64240, length 0
E..(……43.F(g
..e…;….D..nP…\A..
2019-07-15 13:01:10.499885 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15803:15852, ack 277, win 63964, length 49: SMTP: Wd5SdLNn/C0eKzCNUzbpLcJolBHSO1nx/hqx/g+lBVp+vKY
E..Y./@….V
..e.F(g.;..D..n….P…….Wd5SdLNn/C0eKzCNUzbpLcJolBHSO1nx/hqx/g+lBVp+vKY

2019-07-15 13:01:10.499919 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15852, win 64240, length 0
E..(……42.F(g
..e…;….D…P……
2019-07-15 13:01:10.499962 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15852:15874, ack 277, win 63964, length 22: SMTP: WwwouqTVQl4axZk+9NR8
E..>.0@….p
..e.F(g.;..D…….P….s..WwwouqTVQl4axZk+9NR8

2019-07-15 13:01:10.499995 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15874, win 64240, length 0
E..(……41.F(g
..e…;….D…P…[…
2019-07-15 13:01:10.500037 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15874:15886, ack 277, win 63964, length 12: SMTP: fFly N+umw
E..4.1@….y
..e.F(g.;..D…….P…….fFly N+umw

Leave a Reply