Category Archives: Uncategoriezed Malware Types

HISTORICAL Malware Sample – TBOT TORNET – Traffic Sample Indicators Analysis

2012-10-07 08:37:05.992015 IP 172.16.253.131.1172 > 216.146.39.70.80: Flags [P.], seq 1:70, ack 1, win 64240, length 69 E..m..@…P…….’F…P..a’..h.P….   ..GET / HTTP/1.1 Host: checkip.dyndns.org Cache-Control: no-cache     2012-10-07 08:37:05.992351 IP 216.146.39.70.80 > 172.16.253.131.1172: Flags [.], ack 70, win 64240, length 0 E..(……….’F…..P….h…alP…^F…….. 2012-10-07 08:37:06.075207 IP 216.146.39.70.80 > 172.16.253.131.1172: Flags [FP.], seq 1:261, ack 70, win 64240,… Read More »

Share Button

HISTORICAL Malware Sample – StabUniq – Traffic Sample Indicators Analysis

2012-10-07 09:34:25.793964 IP 172.16.253.129.1131 > 75.102.25.76.80: Flags [P.], seq 1:154, ack 1, win 64240, length 153 E….n@………Kf.L.k.P.Q….;!P…+!..POST /rssnews.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: benhomelandefit.com Content-Length: 1093 Cache-Control: no-cache     2012-10-07 09:34:25.794046 IP 172.16.253.129.1131 > 75.102.25.76.80: Flags [P.], seq 154:1247, ack 1, win 64240, length 1093 E..m.o@………Kf.L.k.P.Q….;!P…….id=NzQxKDYoNig3&varname=SmdzdGc=&comp=QkNKSl5S&ver=UW9oYmlxdSZeVg==&src=NTREb3I=&sec=0&view=dWtnYWNocihjfmMmKyY5DHFrb3Z0cHVjKGN+YyYrJjkMcnRnaHVqZ3JpdChjfmMmKyY5DGVrYihjfmMmKyY5DGpnaGF2Z2VtKGN+YyYrJjkMSmdoYVN2YmdyY3QoY35jJismOQxla2IoY35jJismOQxla2IoY35jJismOQxSVkdzcmlFaWhoY2VyKGN+YyYrJjkMcXVlaHJgfyhjfmMmKyY5DGdqYShjfmMmKyY5DFJWR3NyaUVpaGhVcGUoY35jJismOQxwa3JpaWp1YihjfmMmKyY5DHFiYGthdChjfmMmKyY5DGtiayhjfmMmKyY5DGx3dShjfmMmKyY5DGNtdGgoY35jJismOQx1cGVuaXVyKGN+YyYrJjkMR2V0f2pvZVVjdHBvZWMoY35jJismOQxlcmBraWgoY35jJismOQxwa3JpaWp1YihjfmMmKyY5DHRzaGJqajU0KGN+YyYrJjkMdXZpaWp1cChjfmMmKyY5DGN+dmppdGN0KGN+YyYrJjkMdXBlbml1cihjfmMmKyY5DHVwZW5pdXIoY35jJismOQx1cGVuaXVyKGN+YyYrJjkMdXBlbml1cihjfmMmKyY5DHVwZW5pdXIoY35jJismOQxwa2dlcm5qdihjfmMmKyY5DGp1Z3V1KGN+YyYrJjkMdWN0cG9lY3UoY35jJismOQxxb2hqaWFpaChjfmMmKyY5DGV1dHV1KGN+YyYrJjkMdWt1dShjfmMmKyY5DFV/dXJjayYrJjkMXVV/dXJjayZWdGllY3V1WyYrJjkM&dat=&page=RTxaVnRpYXRnayZAb2pjdVoxK1xvdlpTaG9odXJnampadWtnYWNocihjfmM=&val=cnB5b3dub3BjZnRyZ2ZweWlyaXllYmdmZnhibHh4YWp5anN5b2x3YmxkeGRpcG9k&up=rpyownopcftrgfpy&xid=ZTU0N2BlPzMrZzc+NisyNWRiK2cyMzUrMDI1ZzNkNDBnNmA1

Share Button

Unknown Adultfriendfinder Malware Loads Click Fraud Adware PCAP Traffic Sample

2014-12-31 21:42:01.338041 IP 192.168.138.158.49167 > 91.109.247.12.80: Flags [S], seq 2496731022, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 E..4..@…[q….[m…..P………. .D…………… 2014-12-31 21:42:01.525412 IP 91.109.247.12.80 > 192.168.138.158.49167: Flags [S.], seq 2472158945, ack 2496731023, win 64240, options [mss 1460], length 0 E..,.]……[m…….P…Z&…..`….h…….. 2014-12-31 21:42:01.525564 IP 192.168.138.158.49167 > 91.109.247.12.80: Flags [.], ack 1, win 64240, length 0 E..(..@…[|….[m…..P…..Z&.P….%……..… Read More »

Share Button

Nocpos Trojan Malware PCAP Converted Traffic Sample Low Detection Rate

1970-01-01 -3:-59:-35.837643 IP 10.0.2.15.1025 > 10.0.2.2.53: 24554+ A? support.wordpress-dark[.]com. (44) E..H.b….”3 … ……5.4.._…………support.wordpress-dark[.]com….. 1970-01-01 -3:-59:-35.856699 IP 10.0.2.2.53 > 10.0.2.15.1025: 24554 2/2/0 A 104.28.4.94, A 104.28.5.94 (127) E…….@.b$ … ….5….`._…………support.wordpress-dark[.]com…………..,..h..^………,..h..^………….cody.ns cloudflare.#………….sue.] 1970-01-01 -3:-59:-35.858658 IP 10.0.2.15.1048 > 104.28.4.94.80: Flags [S], seq 2059076059, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0.c@….. …h..^…Pz…….p…………… 1970-01-01 -3:-59:-35.862945 IP 104.28.4.94.80 > 10.0.2.15.1048:… Read More »

Share Button

PassAlert Pass Alert Porn Malware Botnet

2013-05-12 16:13:41.237980 IP 172.16.253.240.53 > 8.8.8.8.53: 34127+ A? porno-video-free[.]com. (38) E..B……………..5.5…..O………..porno-video-free[.]com….. 2013-05-12 16:13:41.238039 IP 172.16.253.240.53 > 4.2.2.2.53: 34127+ A? porno-video-free[.]com. (38) E..B……………..5.5…..O………..porno-video-free[.]com….. 2013-05-12 16:13:41.265029 IP 8.8.8.8.53 > 172.16.253.240.53: 34127 1/0/0 A 64.74.223.10 (54) E..R……………..5.5.>…O………..porno-video-free[.]com……………..@J. 2013-05-12 16:13:41.270894 IP 172.16.253.240.1033 > 64.74.223.10.80: Flags [S], seq 3097962556, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@…1Z….@J. . .P..( 172.16.253.240.1033:… Read More »

Share Button