Category Archives: Ransomware Family

CryptoWall Ransomware ip-addr.es Malware PCAP Traffic Sample Analysis

2015-02-06 17:01:26.933605 IP 192.168.221.134.56756 > 192.168.221.2.53: 47786+ A? ip-addr.es. (28) E..8……………….5.$wa………….ip-addr.es….. 2015-02-06 17:01:27.028356 IP 192.168.221.2.53 > 192.168.221.134.56756: 47786 1/0/0 A 188.165.164.184 (44) E..H!…… ………5…4.I………….ip-addr.es………………… 2015-02-06 17:01:27.029865 IP 192.168.221.134.49316 > 188.165.164.184.80: Flags [S], seq 2283557266, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 E..4..@…./………..P..Q……. …………….. 2015-02-06 17:01:27.158132 IP 188.165.164.184.80 > 192.168.221.134.49316: Flags [S.], seq 351522798, ack… Read More »

Share Button

Trojan.Win32.Kovter.sm / Hyteod Ransomware Trojan Malware PCAP Traffic conveted Sample

Trojan.Win32.Kovter.sm / Hyteod  is a Trojan that targets the Windows platform. This malware sends out system information and locks infected computers in order to extort money from victim users. It has reportedly been spreading through malicious advertisements leading to an exploit kit. The advertisements have reportedly been showing up on the legitimate “YouTube” website.  … Read More »

Share Button

Matsnu MBR Master Boot Record wiping RANSOMWARE Trojan Malware PCAP Converted Traffic Sample

The malware gathers information about the infected PC and sends it to its command and control server — and then is able to wipe the Master Boot Record and/or to lock the screen and demand payment from the victim in order to unlock it, in classic ransomware fashion. Which of the two it does (or… Read More »

Share Button

CryptoLocker Ransomware Family Ransom Trojan Malware

2012-10-04 10:28:23.925489 IP 192.168.248.165.53 > 8.8.8.8.53: 33475+ A? rcoxshllfoldxie.org. (37) E..A.s….p……….5.5.- 4.2.2.2.53: 33475+ A? rcoxshllfoldxie.org. (37) E..A.t….z……….5.5.-F…………..rcoxshllfoldxie.org….. 2012-10-04 10:28:23.948689 IP 8.8.8.8.53 > 192.168.248.165.53: 33475 NXDomain 0/1/0 (100) E………………..5.5.l……………rcoxshllfoldxie.org…………..c.3.a0.org.afilias-nst.info..noc.8w.Y………. :…Q. 2012-10-04 10:28:23.949191 IP 192.168.248.165.53 > 8.8.8.8.53: 57946+ A? rcoxshllfoldxie.org.localdomain. (49) E..M.w….p……….5.5.9…Z………..rcoxshllfoldxie.org.localdomain….. 2012-10-04 10:28:23.949276 IP 192.168.248.165.53 > 4.2.2.2.53: 57946+ A? rcoxshllfoldxie.org.localdomain. (49) E..M.x….z……….5.5.9…Z………..rcoxshllfoldxie.org.localdomain….. 2012-10-04 10:28:24.002224 IP 8.8.8.8.53… Read More »

Share Button