Category Archives: Nuclear Exploit Kit

Nuclear Exploit Kit with Callbacks PCAP Converted Traffic Sample

2015-02-04 11:51:34.092279 IP 192.168.221.134.63245 > 192.168.221.2.53: 19334+ A? www.clearimagedevices[.]com. (43) E..GU-……………..5.3LcK…………www.clearimagedevices[.]com….. 2015-02-04 11:51:34.135718 IP 192.168.221.2.53 > 192.168.221.134.63245: 19334 1/0/0 A 64.9.192.3 (59) E..W.!……………5…C..K…………www.clearimagedevices[.]com……………..@ .. 2015-02-04 11:51:34.139407 IP 192.168.221.134.50402 > 64.9.192.3.80: Flags [S], seq 2253522424, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 E..4U/@….Y….@ …..P.R…….. ._]………….. 2015-02-04 11:51:34.242046 IP 64.9.192.3.80 > 192.168.221.134.50402: Flags [S.], seq 3104561041,… Read More »

Share Button

Nuclear Exploit Kit Exploiting Vulnerable Java – Installs Trojan Cidox.d Malware

2014-08-06 18:31:57.643670 IP 172.16.165.132.50043 > 94.229.64.227.80: Flags [S], seq 724820888, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4@.@………^.@..{.P+3…….. …………….. 2014-08-06 18:31:57.770688 IP 94.229.64.227.80 > 172.16.165.132.50043: Flags [S.], seq 3911690002, ack 724820889, win 64240, options [mss 1460], length 0 E..,.w……^.@……P.{.’..+3..`…H……… 2014-08-06 18:31:57.772299 IP 172.16.165.132.50043 > 94.229.64.227.80: Flags [.], ack 1, win 64240, length 0 E..(@.@………^.@..{.P+3…’..P…`………… Read More »

Share Button

Nuclear Exploit Kit Variant 2015 Traffic Analysis

2015-04-09 14:07:19.244262 IP 192.168.122.89.49227 > 108.61.188.200.80: Flags [P.], seq 1:588, ack 1, win 16404, length 587 E..s..@….m..zYl=…K.P.. 192.168.122.89.49227: Flags [.], ack 588, win 493, length 0 E..(..@.5.65l=….zY.P.K:.eJ..?.P……. 2015-04-09 14:07:19.486930 IP 108.61.188.200.80 > 192.168.122.89.49227: Flags [.], seq 1:1368, ack 588, win 493, length 1367 E…..@.5.0.l=….zY.P.K:.eJ..?.P…7…HTTP/1.1 200 OK Server: nginx Date: Thu, 09 Apr 2015 18:07:19 GMT… Read More »

Share Button