disk.karelia.pro Fake PNG file Leads to unknown Windows Trojan Malware Traffic PCAP File Download

Download Attachments

  • 1 pcap repng
    disk.karelia.pro Fake PNG file Leads to unknown Windows Trojan Malware Traffic PCAP File Download
    Date added: October 23, 2016 6:11 am Added by: admin File size: 200 KB Downloads: 74

2016-10-23 00:29:41.781839 IP 192.168.1.102.58574 > 93.190.206.138.80: Flags [P.], seq 0:298, ack 1, win 256, length 298: HTTP: GET /jxmHQAN/re7.png HTTP/1.1
E..R`)@….%…f]……P…..:N.P…!…GET /jxmHQAN/re7.png HTTP/1.1
Host: disk.karelia.pro
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


E..(`+@….M…f]……P…..:P}P…6………
2016-10-23 00:29:42.023900 IP 192.168.1.102.58575 > 93.190.206.138.80: Flags [P.], seq 0:395, ack 1, win 256, length 395: HTTP: GET /jxmHQAN/ HTTP/1.1
E…`,@……..f]……P.).G.U<.P….e..GET /jxmHQAN/ HTTP/1.1
Host: disk.karelia.pro
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: session_id=5denov028ev897f643fivf85h3; user_hash=cde9b08085d64952b4f7cd914ec15f58; list_type=0
Connection: keep-alive


E..(`/@….I…f]……P.)…Uq.P….P……..
2016-10-23 00:29:42.423379 IP 192.168.1.102.58575 > 93.190.206.138.80: Flags [P.], seq 395:806, ack 13594, win 256, length 411: HTTP: GET /templates/css/style.css?56 HTTP/1.1
E…`0@……..f]……P.)…Uq.P….f..GET /templates/css/style.css?56 HTTP/1.1
Host: disk.karelia.pro
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://disk.karelia.pro/jxmHQAN/
Cookie: session_id=5denov028ev897f643fivf85h3; user_hash=cde9b08085d64952b4f7cd914ec15f58; list_type=0
Connection: keep-alive

2016-10-23 00:29:42.427885 IP 192.168.1.102.58574 > 93.190.206.138.80: Flags [P.], seq 298:692, ack 618, win 254, length 394: HTTP: GET /js/libs/jquery/jquery.js HTTP/1.1
E…`1@……..f]……P…..:P}P…w…GET /js/libs/jquery/jquery.js HTTP/1.1
Host: disk.karelia.pro
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://disk.karelia.pro/jxmHQAN/
Cookie: session_id=5denov028ev897f643fivf85h3; user_hash=cde9b08085d64952b4f7cd914ec15f58; list_type=0
Connection: keep-alive

2016-10-23 00:29:44.301548 IP 192.168.1.102.58586 > 213.180.193.119.80: Flags [P.], seq 0:278, ack 1, win 256, length 278: HTTP: GET /metrika/watch.js HTTP/1.1
E..>4.@…k….f…w…P.J.T….P…m…GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://disk.karelia.pro/jxmHQAN/
Connection: keep-alive


E..(.4@……..fX……P..V%.<6.P…h………
2016-10-23 00:29:44.309882 IP 192.168.1.102.58583 > 88.212.201.196.80: Flags [P.], seq 0:354, ack 1, win 256, length 354: HTTP: GET /hit;karelia?t45.6;r;s1920*1080*24;uhttp%3A//disk.karelia.pro/jxmHQAN/;0.9673235555279417 HTTP/1.1
E….5@……..fX……P..V%.<6.P…….GET /hit;karelia?t45.6;r;s1920*1080*24;uhttp%3A//disk.karelia.pro/jxmHQAN/;0.9673235555279417 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://disk.karelia.pro/jxmHQAN/
Connection: keep-alive


E..(a.@….^…f]……P0..`..[.P………….
2016-10-23 00:29:44.489851 IP 192.168.1.102.58583 > 88.212.201.196.80: Flags [P.], seq 354:749, ack 524, win 254, length 395: HTTP: GET /hit;karelia?q;t45.6;r;s1920*1080*24;uhttp%3A//disk.karelia.pro/jxmHQAN/;0.9673235555279417 HTTP/1.1
E….7@….f…fX……P..W..<8.P….X..GET /hit;karelia?q;t45.6;r;s1920*1080*24;uhttp%3A//disk.karelia.pro/jxmHQAN/;0.9673235555279417 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://disk.karelia.pro/jxmHQAN/
Cookie: FTID=1O33n_3ax0PW1O33n_00GKuX
Connection: keep-alive

E..:a ………fKKKK…5.&.4.{………..mc.yandex.ru…..
2016-10-23 00:30:06.936288 IP 192.168.1.102.58574 > 93.190.206.138.80: Flags [P.], seq 1932:2418, ack 137018, win 970, length 486: HTTP: GET /jxmHQAN/re7.png HTTP/1.1
E…a)@….i…f]……P…d.<eMP…….GET /jxmHQAN/re7.png HTTP/1.1
Host: disk.karelia.pro
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://disk.karelia.pro/jxmHQAN/
Cookie: session_id=5denov028ev897f643fivf85h3; user_hash=cde9b08085d64952b4f7cd914ec15f58; list_type=0; _ym_uid=1477196928131469790; _ym_isad=2
Connection: keep-alive

Leave a Reply