Category Archives: Smoke Exploit Kit

Smoke Exploit Kit EK CONNECT 443 over 8888 Proxy Loads T150 Malware

2012-09-19 21:36:10.285073 IP 10.37.130.4.49172 > 192.168.186.6.8888: Flags [P.], seq 1:182, ack 1, win 16425, length 181 E…..@….. %……..”.w…….P.@)….CONNECT javadl-esd-secure.oracle[.]com:443 HTTP/1.0 User-Agent: jupdate Host: javadl-esd-secure.oracle[.]com:443 Content-Length: 0 Proxy-Connection: Keep-Alive Pragma: no-cache 2012-09-19 21:36:10.285330 IP 192.168.186.6.8888 > 10.37.130.4.49172: Flags [.], ack 182, win 16384, length 0 E..(.~….$z…. %..”…….w…P.@..g…….. 2012-09-19 21:36:10.535359 IP 192.168.186.6.8888 > 10.37.130.4.49172: Flags [P.], seq… Read More »

Share Button