Traffic Analysis PCAP file download sample Neutrino Exploit Kit Flash swf Vulnerability 2016

2016-07-11 14:29:34.519668 IP 192.168.2.50.50826 > 108.167.183.72.80: Flags [P.], seq 1:252, ack 1, win 16537, length 251: HTTP: GET / HTTP/1.1
E..#..@……..2l..H…P….H.@.P.@..E..GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.mitsucad.com
Connection: Keep-Alive

2016-07-11 14:29:35.798281 IP 192.168.2.50.50826 > 108.167.183.72.80: Flags [.], ack 44357, win 16248, length 0
E..(.3@……..2l..H…P….H…P.?x……….
2016-07-11 14:29:35.798434 IP 192.168.2.50.50826 > 108.167.183.72.80: Flags [P.], seq 252:576, ack 44357, win 16248, length 324: HTTP: GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
E..l.4@……..2l..H…P….H…P.?x….GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.mitsucad.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.mitsucad.com
Connection: Keep-Alive

2016-07-11 14:29:36.821242 IP 192.168.2.50.50839 > 85.93.0.43.80: Flags [.], ack 1, win 16537, length 0
E..(..@……..2U].+…Pp.}Q….P.@.(………
2016-07-11 14:29:36.821325 IP 192.168.2.50.50839 > 85.93.0.43.80: Flags [P.], seq 1:386, ack 1, win 16537, length 385: HTTP: GET /kcriiikinfnfm4d2sfdr4sokrc0bikka5m0m-0rsnmkrin0c9fn-o8bbtaabbmsmf5ksmpnect-i3tbap4e-fasedlitmtmdl-lrmel3ncl9a/ HTTP/1.1
E…..@….2…2U].+…Pp.}Q….P.@…..GET /kcriiikinfnfm4d2sfdr4sokrc0bikka5m0m-0rsnmkrin0c9fn-o8bbtaabbmsmf5ksmpnect-i3tbap4e-fasedlitmtmdl-lrmel3ncl9a/ HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://www.mitsucad.com/
x-flash-version: 19,0,0,245
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: hsiolex.tk
Connection: Keep-Alive

2016-07-11 14:29:37.059223 IP 192.168.2.50.50839 > 85.93.0.43.80: Flags [F.], seq 386, ack 3514, win 16334, length 0
E..(.B@….+…2U].+…Pp.~….PP.?………..
2016-07-11 14:29:37.170946 IP 192.168.2.50.50840 > 85.93.0.43.80: Flags [P.], seq 1:405, ack 1, win 16537, length 404: HTTP: GET /kcriiikinfnfm4d2sfdr4sokrc0bikka5m0m-0rsnmkrin0c9fn-o8bbtaabbmsmf5ksmpnect-i3tbap4e-fasedlitmtmdl-lrmel3ncl9a/wuaspjlgaz.htm HTTP/1.1
E….~@….[…2U].+…P;..&..u.P.@.Pn..GET /kcriiikinfnfm4d2sfdr4sokrc0bikka5m0m-0rsnmkrin0c9fn-o8bbtaabbmsmf5ksmpnect-i3tbap4e-fasedlitmtmdl-lrmel3ncl9a/wuaspjlgaz.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.mitsucad.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hsiolex.tk
Connection: Keep-Alive

2016-07-11 14:29:37.740619 IP 192.168.2.50.50842 > 185.141.25.235.80: Flags [P.], seq 1:308, ack 1, win 16537, length 307: HTTP: GET /false/ZnJjZ2h2bWhpcw HTTP/1.1
E..[..@…Z….2…….P.v.ev..vP.@…..GET /false/ZnJjZ2h2bWhpcw HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.mitsucad.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mirfn.vp2izfj.top
Connection: Keep-Alive


2016-07-11 14:29:38.111490 IP 192.168.2.50.50842 > 185.141.25.235.80: Flags [.], ack 2223, win 16319, length 0
E..(..@…[….2…….P.v..v..$P.?………..
2016-07-11 14:29:38.131123 IP 192.168.2.50.50842 > 185.141.25.235.80: Flags [P.], seq 308:627, ack 2223, win 16319, length 319: HTTP: GET /give/YnZuZ3Y.swf HTTP/1.1
E..g..@…Zd…2…….P.v..v..$P.?…..GET /give/YnZuZ3Y.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://mirfn.vp2izfj.top/false/ZnJjZ2h2bWhpcw
x-flash-version: 19,0,0,245
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: mirfn.vp2izfj.top
Connection: Keep-Alive

Share

Leave a Reply