Category Archives: DDoS Botnets

DirtJumper DDoS Malware Botnet Traffic Sample Analysis PCAP

Download raw PCAP file for DIRTJUMPER : dirtjumper 2011-10-03 20:42:49.094710 IP 172.16.165.128.49770 > 172.16.165.2.53: 17008+ A? asdaddddaaaa.com. (34) E..>……. ………j.5.*..Bp………..asdaddddaaaa.com….. 2011-10-03 20:42:49.109841 IP 172.16.165.2.53 > 172.16.165.128.49770: 17008 1/0/0 A 195.3.145.87 (50) E..N.6……………5.j.:. Bp………..asdaddddaaaa.com………………..W 2011-10-03 20:42:49.114307 IP 172.16.165.128.1035 > 195.3.145.87.80: Flags [S], seq 2900643694, win 16384, options [mss 1460,nop,nop,sackOK], length 0 E..0..@…S……..W…P..On….p.@…………. 2011-10-03 20:42:49.232779 IP 195.3.145.87.80 >… Read More »

Share Button

The Darkness DDoS Malware Botnet Traffic Analysis PCAP Sample

Download Darkness DDoS PCAP Sample here : darknessddos.pcap   2011-01-17 15:39:22.291158 IP 172.16.3.27.1040 > 195.189.226.193.80: Flags [P.], seq 1376765198:1376765351, ack 1691404056, win 65535, length 153: HTTP: GET /index.php?uid=587609&ver=8g%20XP HTTP/1.0 E…..@…………….PR…d…P…. ..GET /index.php?uid=587609&ver=8g%20XP HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Host: vkotalke.info Pragma: no-cache 2011-01-17 15:39:23.214052 IP 195.189.226.193.80 > 172.16.3.27.1040: Flags [P.], seq 1:521,… Read More »

Share Button

Cutwail PUSHDO Malware Traffic Sample Weirdest Botnet with PCAP DDoS Spam SEO

Download PUSHDO Sample PCAP here : pushdo.pcap Crazy botnet, it is capable of launching DDoS attacks, sending mass spam e-mail, downloading other malware and all blackhat SEO techniques. 2012-10-04 09:27:06.414312 IP 192.168.248.165.53 > 8.8.8.8.53: 40552+ A? accounting.ee. (31) E..;.r….p……….5.5.’…h………. accounting.ee….. 2012-10-04 09:27:06.414403 IP 192.168.248.165.53 > 4.2.2.2.53: 40552+ A? accounting.ee. (31) E..;.s….z……….5.5.’…h………. accounting.ee….. 2012-10-04 09:27:06.420403 IP… Read More »

Share Button

SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems worldwide… Read More »

Share Button

Darkness DDoS Malware Botnet PCAP Converted Traffic Sample

2011-01-17 16:39:20.442096 IP 172.16.3.27.1025 > 172.16.1.1.53: 28850+ A? vkotalke[.]info. (31) E..;……………….5.’..p…………vkotalke[.]info….. 2011-01-17 16:39:21.439208 IP 172.16.3.27.1025 > 172.16.1.1.53: 28850+ A? vkotalke[.]info. (31) E..;…….z………..5.’..p…………vkotalke[.]info….. 2011-01-17 16:39:21.538379 IP 172.16.1.1.53 > 172.16.3.27.1025: 28850* 1/0/0 A 195.189.226.193 (47) E..K..@.@..e………5…7\.p…………vkotalke[.]info………………… 2011-01-17 16:39:21.541319 IP 172.16.1.1.53 > 172.16.3.27.1025: 28850* 1/0/0 A 195.189.226.193 (47) E..K..@.@..e………5…7\.p…………vkotalke[.]info………………… 2011-01-17 16:39:21.548295 IP 172.16.3.27.1040 > 195.189.226.193.80: Flags [S], seq… Read More »

Share Button