Ransomware Vector Variant Unknown Onenote.net PCAP file download traffic sample

Download Attachments

  • 1 pcap ubaupn
    Date added: December 17, 2016 5:41 am Added by: admin File size: 7 KB Downloads: 91
SHA256: 87fad71988400eefc2139cc3a3616fa21f683290b73247bc2b9ba37bba54e636
File name: ubaupn
Detection ratio: 3 / 54
Analysis date: 2016-12-17 05:38:18 UTC ( 0 minutes ago )
Antivirus Result Update
CAT-QuickHeal TrojanPWS.ZBot 20161216
TrendMicro Ransom_LOCKYENC.AXFAR 20161217
TrendMicro-HouseCall Ransom_LOCKYENC.AXFAR 20161217

2016-12-16 23:54:44.875193 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [P.], seq 0:288, ack 1, win 64240, length 288: HTTP: GET /ubaupn HTTP/1.1
E..H=.@…VI…f.i…^.P….T}..P…l…GET /ubaupn HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: amaniinitiative.org
Connection: Keep-Alive

2016-12-16 23:54:46.999606 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [P.], seq 288:490, ack 161914, win 62927, length 202: HTTP: GET /favicon.ico HTTP/1.1
E…=R@…Vj…f.i…^.P….T.U.P….-..GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: amaniinitiative.org
Connection: Keep-Alive

2016-12-16 23:54:47.338390 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [.], ack 162444, win 64240, length 0
E..(=S@…W3…f.i…^.P….T.W.P….I……..
2016-12-16 23:54:52.275637 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [.], ack 162445, win 64240, length 0
E..(=T@…W2…f.i…^.P….T.W.P….H……..
2016-12-16 23:54:52.277577 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [F.], seq 490, ack 162445, win 64240, length 0
E..(=U@…W1…f.i…^.P….T.W.P….G……..
2016-12-16 23:56:39.349925 IP 192.168.1.102.56466 > 75.75.75.75.53: 35821+ A? cdn.onenote.net. (33)
E..=,……….fKKKK…5.)……………cdn.onenote.net…..

 

Leave a Reply