Category Archives: Gondad Exploit Kit

PCAP Converted Traffic Sample Gondad Exploit Kit

2014-12-13 16:53:26.092318 IP 192.168.204.137.49673 > 110.45.146.93.80: Flags [.], ack 1, win 64240, length 0 E..().@…D…..n-.]. .P..u.@. .P…u,…….. 2014-12-13 16:53:26.093193 IP 192.168.204.137.49673 > 110.45.146.93.80: Flags [P.], seq 1:549, ack 1, win 64240, length 548 E..L).@…A…..n-.]. .P..u.@. .P….j..GET / HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://www.bing[.]com/search?q=gilsangart[.]com&src=IE-SearchBox&FORM=IE8SRC Accept-Language: en-US User-Agent: Mozilla/4.0… Read More »

Share Button

Gondad EK Exploit Kit using QQ.com Malware Infection PCAP Traffic Sample

2014-12-13 21:12:18.365748 IP 192.168.56.101.1389 > 8.8.8.8.53: 37206+ A? r.qzone.qq.com. (32) E..<……(…8e…..m.5.(*..V………..r.qzone.qq.com….. 2014-12-13 21:12:18.426615 IP 8.8.8.8.53 > 192.168.56.101.1389: 37206 4/0/0 CNAME qq.com.edgesuite.net., CNAME a1574.b.akamai.net., A 23.61.194.48, A 23.61.194.216 (127) E…….9..|……8e.5.m..^..V………..r.qzone.qq.com…………..W…qq.com edgesuite.net..,……J….a1574.b.akamai.=.N………..=.0.N………..=.. 2014-12-13 21:12:18.431687 IP 192.168.56.101.1040 > 23.61.194.48.80: Flags [S], seq 759589942, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@…….8e.=.0…P-Fl6….p…………… 2014-12-13 21:12:18.435525 IP 23.61.194.48.80 > 192.168.56.101.1040: Flags… Read More »

Share Button