Ransomware Torrentlocker TOR Malware Crimeware Botnet PCAP file download traffic sample oft.gfd

Download Attachments

  • 1 pcap oft
    Date added: April 26, 2017 2:15 am Added by: admin File size: 59 KB Downloads: 52
SHA256: 9c1b8dc277ae7c75a446a9ffb2d6eb05da48e27d699f095dd3838180b54d0459
File name: oft.gfd
Detection ratio: 32 / 57
Analysis date: 2017-04-26 02:03:42 UTC ( 1 minute ago )
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20170425
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9984 20170424
GData Win32.Trojan.Agent.84RAT9 20170425
Cyren W32/Trojan.TNFL-3209 20170425
Fortinet W32/Injector.DOCE!tr 20170425
Comodo UnclassifiedMalware 20170425
Kaspersky UDS:DangerousObject.Multi.Generic 20170425
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170425
AegisLab Uds.Dangerousobject.Multi!c 20170425
Invincea trojan.win32.skeeyah.a!rfn 20170413
AVware Trojan.Win32.Generic!BT 20170425
VIPRE Trojan.Win32.Generic!BT 20170425
F-Secure Trojan.GenericKD.4930825 20170425
Emsisoft Trojan.GenericKD.4929489 (B) 20170425
Ad-Aware Trojan.GenericKD.4929489 20170425
BitDefender Trojan.GenericKD.4929489 20170425
eScan Trojan.GenericKD.4929489 20170425
Arcabit Trojan.Generic.D4B37D1 20170425
Qihoo-360 Trojan.Generic 20170426
Panda Trj/RansomCrypt.E 20170424

2017-04-25 21:29:09.776867 IP 192.168.1.102.63089 > 193.233.60.122.80: Flags [.], ack 2711491197, win 256, length 0
E..(J.@……..f..<z.q.Pg..@…}P………….
2017-04-25 21:29:09.782018 IP 192.168.1.102.63089 > 193.233.60.122.80: Flags [P.], seq 0:285, ack 1, win 256, length 285: HTTP: GET /file/oft.gfd HTTP/1.1
E..EJ.@……..f..<z.q.Pg..@…}P…”!..GET /file/oft.gfd HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: costfer.pl
Connection: Keep-Alive
2017-04-25 21:29:58.373426 IP 192.168.1.102.63090 > 31.31.76.169.443: Flags [S], seq 927389296, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@….M…f..L..r..7F.p…… ..U…………..
2017-04-25 21:29:58.502366 IP 192.168.1.102.63090 > 31.31.76.169.443: Flags [.], ack 847962573, win 256, length 0
E..(..@….X…f..L..r..7F.q2…P…f………
2017-04-25 21:29:58.503090 IP 192.168.1.102.63090 > 31.31.76.169.443: Flags [P.], seq 0:101, ack 1, win 256, length 101
E…..@……..f..L..r..7F.q2…P…b…….`…\…..}U\………u…:..N..$.*..G$……/.5.
………%………www.6i8oni0h17kj6ab3.com.#..

2017-04-25 21:30:37.138220 IP 192.168.1.102.63094 > 5.12.153.81.80: Flags [P.], seq 0:79, ack 1, win 64952, length 79: HTTP: GET /plain HTTP/1.1
E..w`>@…9….f…Q.v.P..p..p.lP…….GET /plain HTTP/1.1
Accept: */*
Host: ipecho.net
Cache-Control: no-cache

2017-04-25 21:30:37.359215 IP 192.168.1.102.63094 > 5.12.153.81.80: Flags [.], ack 246, win 64707, length 0
E..(`?@…:%…f…Q.v.P..qG.p.aP…`9……..
2017-04-25 21:30:38.162461 IP 192.168.1.102.63089 > 193.233.60.122.80: Flags [F.], seq 570, ack 821334, win 3963, length 0
E..(K.@……..f..<z.q.Pg..z….P..{6………
2017-04-25 21:30:59.837934 IP 192.168.1.102.63095 > 208.83.223.34.80: Flags [S], seq 1480060622, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.J@……..f.S.”.w.PX7…….. ……………..
2017-04-25 21:30:59.930355 IP 192.168.1.102.63095 > 208.83.223.34.80: Flags [.], ack 1970375308, win 256, length 0
E..(.K@……..f.S.”.w.PX7..uq..P………….
2017-04-25 21:30:59.930885 IP 192.168.1.102.63095 > 208.83.223.34.80: Flags [P.], seq 0:99, ack 1, win 256, length 99: HTTP
E….L@……..f.S.”.w.PX7..uq..P………..^…Z…&..72.^…^s.>……C..W.)..Z……../.5.
………#………www.a8k57b0dj9j4me.com.#..

 

2017-04-25 21:31:07.334094 IP 192.168.1.102.63096 > 209.141.47.169.9090: Flags [S], seq 2222676753, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4_.@……..f../..x#..{[……. ..C…………..
2017-04-25 21:31:07.423242 IP 192.168.1.102.63096 > 209.141.47.169.9090: Flags [.], ack 423700117, win 256, length 0
E..(_.@……..f../..x#..{[..A&.P….0……..
2017-04-25 21:31:07.423774 IP 192.168.1.102.63096 > 209.141.47.169.9090: Flags [P.], seq 0:100, ack 1, win 256, length 100
E…_.@……..f../..x#..{[..A&.P….`……_…[..T..|.KaU.O3.n…K!…..Y.ic…F……./.5.
………$………www.neoc27io5cf1ian.com.#..
2017-04-25 21:31:07.516179 IP 192.168.1.102.63096 > 209.141.47.169.9090: Flags [.], ack 9, win 256, length 0
E..(_.@……..f../..x#..{[v.A&.P………….
2017-04-25 21:31:12.515250 IP 192.168.1.102.63097 > 212.47.241.21.443: Flags [S], seq 176368332, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4|.@……..f./…y..
.*……. ..8…………..
2017-04-25 21:31:12.621598 IP 192.168.1.102.63097 > 212.47.241.21.443: Flags [.], ack 2263376506, win 256, length 0
E..(|.@……..f./…y..
.*…bzP………….
2017-04-25 21:31:12.622117 IP 192.168.1.102.63097 > 212.47.241.21.443: Flags [P.], seq 0:93, ack 1, win 256, length 93
E…|.@….i…f./…y..
.*…bzP………..X…T……_.~5YV%….q..Dh.n.P…+.eO……./.5.
……………….www.1aaf7d6d.com.#..
2017-04-25 21:31:12.878200 IP 192.168.1.102.63097 > 212.47.241.21.443: Flags [.], ack 9, win 256, length 0
E..(|.@……..f./…y..
.+*..b.P….4……..

Leave a Reply