CERBER RANSOMWARE bogidoggy.top search.php 97.15.12.* UDP 6892 PCAP File Download Traffic Sample

Download Attachments

  • 1 pcap search
    Date added: January 16, 2017 5:50 am Added by: admin File size: 55 KB Downloads: 42
SHA256: 89abe21fd540fedaa12b4e08264a183720dc5d331bd6f7f013a9e33fbdf9dbd3
File name: 1
Detection ratio: 26 / 57
Analysis date: 2017-01-16 05:46:29 UTC ( 0 minutes ago )
ESET-NOD32 Win32/Filecoder.Cerber.F 20170115
Emsisoft Dropped:Trojan.GenericKD.4176181 (B) 20170116
F-Secure Trojan.GenericKD.4176181 20170116
Fortinet W32/Filecoder_Cerber.F!tr 20170116
GData Dropped:Trojan.GenericKD.4176181 20170116
Ikarus Trojan.Win32.Injector 20170115
Invincea trojan.win32.startpage.qs 20170111
Kaspersky Trojan.Win32.Inject.addtx 20170116
Malwarebytes Ransom.Cerber 20170116
McAfee Artemis!007EF1EF44DF 20170108
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20170116
eScan Dropped:Trojan.GenericKD.4176181 20170116
Rising Malware.Generic!YNz7NgPxwWG@1 (thunder) 20170116
Sophos Mal/Generic-S 20170116
Symantec Trojan.Gen.2 20170115
TrendMicro Ransom_CERBER.PDE 20170116
TrendMicro-HouseCall Ransom_CERBER.PDE 20170116

2017-01-15 23:49:59.881161 IP 192.168.1.102.63100 > 54.186.16.83.80: Flags [P.], seq 0:286, ack 1, win 256, length 286: HTTP: GET /search.php HTTP/1.1
E..FC.@……..f6..S.|.P{…..@GP…….GET /search.php HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: bogidoggy.top
Connection: Keep-Alive

2017-01-15 23:49:59.930464 IP 192.168.1.102.57969 > 75.75.75.75.53: 49611+ A? bogidoggy.top. (31)
E..;…….t…fKKKK.q.5.’…………..        bogidoggy.top…..
2017-01-15 23:49:59.983504 IP 192.168.1.102.57971 > 75.75.76.76.53: 49611+ A? bogidoggy.top. (31)
E..;r
….o….fKKLL.s.5.’…………..      bogidoggy.top…..

2017-01-15 23:51:16.208276 IP 192.168.1.102.57972 > 97.15.12.0.6892: UDP, length 25
E..5%……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208319 IP 192.168.1.102.57972 > 97.15.12.1.6892: UDP, length 25
E..5j7…..b…fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208396 IP 192.168.1.102.57972 > 97.15.12.2.6892: UDP, length 25
E..5.U….
D…fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208405 IP 192.168.1.102.57972 > 97.15.12.3.6892: UDP, length 25
E..5M……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208457 IP 192.168.1.102.57972 > 97.15.12.4.6892: UDP, length 25
E..5ve…..1…fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208534 IP 192.168.1.102.57972 > 97.15.12.5.6892: UDP, length 25
E..59……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208543 IP 192.168.1.102.57972 > 97.15.12.6.6892: UDP, length 25
E..5Q……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208596 IP 192.168.1.102.57972 > 97.15.12.7.6892: UDP, length 25
E..5………..fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208670 IP 192.168.1.102.57972 > 97.15.12.8.6892: UDP, length 25
E..5L……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208679 IP 192.168.1.102.57972 > 97.15.12.9.6892: UDP, length 25
E..5………..fa..     .t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208740 IP 192.168.1.102.57972 > 97.15.12.10.6892: UDP, length 25
E..5k……….fa..
.t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208782 IP 192.168.1.102.57972 > 97.15.12.11.6892: UDP, length 25
E..5$(…..g…fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208834 IP 192.168.1.102.57972 > 97.15.12.12.6892: UDP, length 25
E..5………..fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208884 IP 192.168.1.102.57972 > 97.15.12.13.6892: UDP, length 25
E..5P<…..Q…fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208888 IP 192.168.1.102.57972 > 97.15.12.14.6892: UDP, length 25
E..58X…..4…fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.208934 IP 192.168.1.102.57972 > 97.15.12.15.6892: UDP, length 25
E..5x……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209017 IP 192.168.1.102.57972 > 97.15.12.16.6892: UDP, length 25
E..5………..fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209068 IP 192.168.1.102.57972 > 97.15.12.17.6892: UDP, length 25
E..5^……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209071 IP 192.168.1.102.57972 > 97.15.12.18.6892: UDP, length 25
E..56……….fa….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209120 IP 192.168.1.102.57972 > 97.15.12.19.6892: UDP, length 25

2017-01-15 23:51:16.209429 IP 192.168.1.102.57972 > 97.15.12.25.6892: UDP, length 25
E..57S………fa….t…!.y9b735127a8440091c50100086
2017-01-15 23:51:16.209433 IP 192.168.1.102.57972 > 97.15.12.26.6892: UDP, length 25
E..5_y………fa….t…!.x9b735127a8440091c50100086
2017-01-15 23:51:16.209484 IP 192.168.1.102.57972 > 97.15.12.27.6892: UDP, length 25
E..5…….~…fa….t…!.w9b735127a8440091c50100086
2017-01-15 23:51:16.209561 IP 192.168.1.102.57972 > 97.15.12.28.6892: UDP, length 25
E..5+……….fa….t…!.v9b735127a8440091c50100086
2017-01-15 23:51:16.209612 IP 192.168.1.102.57972 > 97.15.12.29.6892: UDP, length 25
E..5d……….fa….t…!.u9b735127a8440091c50100086
2017-01-15 23:51:16.209616 IP 192.168.1.102.57972 > 97.15.12.30.6892: UDP, length 25
E..5………..fa….t…!.t9b735127a8440091c50100086
2017-01-15 23:51:16.209665 IP 192.168.1.102.57972 > 97.15.12.31.6892: UDP, length 25
E..5C’…..T…fa….t…!.s9b735127a8440091c50100086
2017-01-15 23:51:16.209742 IP 192.168.1.102.57972 > 97.2.48.0.6892: UDP, length 25
E..5A……….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209746 IP 192.168.1.102.57972 > 97.2.48.1.6892: UDP, length 25
E..5………..fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209829 IP 192.168.1.102.57972 > 97.2.48.2.6892: UDP, length 25
E..5f……….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209879 IP 192.168.1.102.57972 > 97.2.48.3.6892: UDP, length 25
E..5)p…..4…fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209882 IP 192.168.1.102.57972 > 97.2.48.4.6892: UDP, length 25
E..5………..fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.209947 IP 192.168.1.102.57972 > 97.2.48.5.6892: UDP, length 25
E..5]d…..>…fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210005 IP 192.168.1.102.57972 > 97.2.48.6.6892: UDP, length 25
E..55@…..a…fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210008 IP 192.168.1.102.57972 > 97.2.48.7.6892: UDP, length 25
E..5z…..n….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210082 IP 192.168.1.102.57972 > 97.2.48.8.6892: UDP, length 25
E..5)……….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210137 IP 192.168.1.102.57972 > 97.2.48.9.6892: UDP, length 25
E..5gO…..O…fa.0     .t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210188 IP 192.168.1.102.57972 > 97.2.48.10.6892: UDP, length 25
E..5.-…..p…fa.0
.t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210192 IP 192.168.1.102.57972 > 97.2.48.11.6892: UDP, length 25
E..5@……….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210261 IP 192.168.1.102.57972 > 97.2.48.12.6892: UDP, length 25
E..5{…..m~…fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210317 IP 192.168.1.102.57972 > 97.2.48.13.6892: UDP, length 25
E..54……….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210368 IP 192.168.1.102.57972 > 97.2.48.14.6892: UDP, length 25
E..5\……….fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210371 IP 192.168.1.102.57972 > 97.2.48.15.6892: UDP, length 25
E..5………..fa.0..t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.210454 IP 192.168.1.102.57972 > 97.2.48.16.6892: UDP, length 25
E..5v…..r….fa.0..t…!..9b735127a8440091c50100086

2017-01-15 23:51:16.211132 IP 192.168.1.102.57972 > 91.239.24.0.6892: UDP, length 25
E..5I……#…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211182 IP 192.168.1.102.57972 > 91.239.24.1.6892: UDP, length 25
E..5./………f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211241 IP 192.168.1.102.57972 > 91.239.24.2.6892: UDP, length 25
E..5fM…..k…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211304 IP 192.168.1.102.57972 > 91.239.24.3.6892: UDP, length 25
E..51……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211354 IP 192.168.1.102.57972 > 91.239.24.4.6892: UDP, length 25
E..5.}…..9…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211357 IP 192.168.1.102.57972 > 91.239.24.5.6892: UDP, length 25
E..5]……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211416 IP 192.168.1.102.57972 > 91.239.24.6.6892: UDP, length 25
E..55……     …f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211480 IP 192.168.1.102.57972 > 91.239.24.7.6892: UDP, length 25
E..5.#………f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211488 IP 192.168.1.102.57972 > 91.239.24.8.6892: UDP, length 25
E..50h…..J…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211531 IP 192.168.1.102.57972 > 91.239.24.9.6892: UDP, length 25
E..5g……….f[..     .t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211597 IP 192.168.1.102.57972 > 91.239.24.10.6892: UDP, length 25
E..5………..f[..
.t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211660 IP 192.168.1.102.57972 > 91.239.24.11.6892: UDP, length 25
E..5H……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211662 IP 192.168.1.102.57972 > 91.239.24.12.6892: UDP, length 25
E..5………..f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211750 IP 192.168.1.102.57972 > 91.239.24.13.6892: UDP, length 25
E..54D…..i…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211800 IP 192.168.1.102.57972 > 91.239.24.14.6892: UDP, length 25
E..5\`…..L…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211850 IP 192.168.1.102.57972 > 91.239.24.15.6892: UDP, length 25
E..5………..f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211900 IP 192.168.1.102.57972 > 91.239.24.16.6892: UDP, length 25
E..5u|………f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:16.211903 IP 192.168.1.102.57972 > 91.239.24.17.6892: UDP, length 25

2017-01-15 23:51:17.214135 IP 192.168.1.102.57972 > 91.239.25.0.6892: UDP, length 25
E..5K……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214213 IP 192.168.1.102.57972 > 91.239.25.1.6892: UDP, length 25
E..5.b…..W…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214223 IP 192.168.1.102.57972 > 91.239.25.2.6892: UDP, length 25
E..5f……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214325 IP 192.168.1.102.57972 > 91.239.25.3.6892: UDP, length 25
E..53……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214343 IP 192.168.1.102.57972 > 91.239.25.4.6892: UDP, length 25
E..5.:…..|…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214366 IP 192.168.1.102.57972 > 91.239.25.5.6892: UDP, length 25
E..5_……!…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214442 IP 192.168.1.102.57972 > 91.239.25.6.6892: UDP, length 25
E..57……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214451 IP 192.168.1.102.57972 > 91.239.25.7.6892: UDP, length 25
E..5.Z…..Z…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214510 IP 192.168.1.102.57972 > 91.239.25.8.6892: UDP, length 25
E..547…..{…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214601 IP 192.168.1.102.57972 > 91.239.25.9.6892: UDP, length 25
E..5e……….f[..     .t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214619 IP 192.168.1.102.57972 > 91.239.25.10.6892: UDP, length 25
E..5………..f[..
.t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214645 IP 192.168.1.102.57972 > 91.239.25.11.6892: UDP, length 25
E..5LU…..Z…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214714 IP 192.168.1.102.57972 > 91.239.25.12.6892: UDP, length 25
E..5………..f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214721 IP 192.168.1.102.57972 > 91.239.25.13.6892: UDP, length 25
E..58……(…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214770 IP 192.168.1.102.57972 > 91.239.25.14.6892: UDP, length 25
E..5`+………f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214838 IP 192.168.1.102.57972 > 91.239.25.15.6892: UDP, length 25
E..5………..f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214892 IP 192.168.1.102.57972 > 91.239.25.16.6892: UDP, length 25
E..5w3…..w…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214900 IP 192.168.1.102.57972 > 91.239.25.17.6892: UDP, length 25
E..5B……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.214946 IP 192.168.1.102.57972 > 91.239.25.18.6892: UDP, length 25
E..5[……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.215010 IP 192.168.1.102.57972 > 91.239.25.19.6892: UDP, length 25
E..5.Y…..N…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.215071 IP 192.168.1.102.57972 > 91.239.25.20.6892: UDP, length 25
E..5&……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.215078 IP 192.168.1.102.57972 > 91.239.25.21.6892: UDP, length 25
E..5s……….f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.215162 IP 192.168.1.102.57972 > 91.239.25.22.6892: UDP, length 25
E..5.’…..}…f[….t…!..9b735127a8440091c50100086
2017-01-15 23:51:17.215169 IP 192.168.1.102.57972 > 91.239.25.23.6892: UDP, length 25

 

Leave a Reply