Category Archives: Uncategoriezed Malware Types

RSS Feeder Malware Trojan Using LiveJournal Traffic Sample

2013-01-05 23:20:37.052653 IP 172.16.253.240.53 > 8.8.8.8.53: 53824+ A? huming386.livejournal[.]com. (43) E..G…….x………5.5.3W..@………. huming386.livejournal[.]com….. 2013-01-05 23:20:37.052718 IP 172.16.253.240.53 > 4.2.2.2.53: 53824+ A? huming386.livejournal[.]com. (43) E..G……………..5.5.3a..@………. huming386.livejournal[.]com….. 2013-01-05 23:20:37.088158 IP 8.8.8.8.53 > 172.16.253.240.53: 53824 1/0/0 A 208.93.0.128 (59) E..W……………..5.5.C.v.@………. huming386.livejournal[.]com………………].. 2013-01-05 23:20:37.089454 IP 172.16.253.240.1145 > 208.93.0.128.80: Flags [S], seq 309795285, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0.… Read More »

Share Button

Enfal Lurid europd.ddns[.]info Drive-by-Download Attack – 443 Command and Control

2013-01-05 23:33:04.098269 IP 172.16.253.129.53 > 8.8.8.8.53: 8279+ A? time.windows[.]com. (34) E..>.e……………5.5.*.. W………..time.windows[.]com….. 2013-01-05 23:33:04.098335 IP 172.16.253.129.53 > 4.2.2.2.53: 8279+ A? time.windows[.]com. (34) E..>.f……………5.5.*.. W………..time.windows[.]com….. 2013-01-05 23:33:04.159320 IP 8.8.8.8.53 > 172.16.253.129.53: 8279 2/0/0 CNAME time.microsoft.akadns.net., A 65.55.21.13 (89) E..uu…………….5.5.aB. W………..time.windows[.]com………………time microsoft.akadns.net………….A7. 2013-01-05 23:33:04.173006 IP 4.2.2.2.53 > 172.16.253.129.53: 8279 2/0/0 CNAME time.microsoft.akadns.net., A 65.55.21.15 (89) E..uu…………….5.5.a.. W………..time.windows[.]com………………time… Read More »

Share Button

MALWARE-CNC Win.Trojan.Alurewo outbound connection Traffic Sample

1970-01-01 -4:00:00.000005 [|ether] 1970-01-01 -3:-59:-51.184821 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 08:00:27:30:5c:54, length 306 E..N.8….9h………D.C.:……..n…………………..’0\T………………………………………………………………………………………………………………………………………………………………………………….c.Sc5..t..=….’0\T2. …..tequilaboomboom 10.0.2.15.68: BOOTP/DHCP, Reply, length 548 E..@….@.`. … ….C.D.,……..n……… … ………’0\T………………………………………………………………..BEH021.pxe……………………………………………………………………………………………………….c.Sc5………. ….. …..!c..ovh.net3…Q.6. …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………. 1970-01-01 -3:-59:-51.185991 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 08:00:27:30:5c:54, length 331 E..g.9….9N………D.C.So…….n…………………..’0\T………………………………………………………………………………………………………………………………………………………………………………….c.Sc5..=….’0\T2. …6. …..tequilaboomboomQ….tequilaboomboom. 10.0.2.15.68: BOOTP/DHCP, Reply, length 548 E..@….@.`. … ….C.D.,……..n….. … …… Read More »

Share Button

Chanitor Vawtrak malspam TOR Botnet Traffic PCAP Converted Sample Malware BOTNET Welcome to Chat Program (Client Side)- Created by AbHI

2015-02-09 11:54:01.881561 IP 192.168.221.134 > 1.1.2.2: ICMP echo request, id 1, seq 1, length 40 E.. 1.1.2.2: ICMP echo request, id 1, seq 2, length 40 E.. 91.220.131.29.80: Flags [S], seq 2812042632, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4.{@…} ….[……P..]……. ..l………….. 2015-02-09 11:54:12.317850 IP 91.220.131.29.80 > 192.168.221.134.49158: Flags [S.], seq 3522513003, ack 2812042633,… Read More »

Share Button