Category Archives: RAT – Remote Access Trojan

AlienSpyRAT – APT Alien Spy RAT Backdoor Trojan Windows XP Variant Traffic Sample Malware

2013-09-25 22:24:57.659016 IP 172.16.253.129.1066 > 204.45.207.40.1077: Flags [P.], seq 22:838, ack 5, win 64236, length 816 E..X.j@….M…..-.(.*.5..^K…eP…AD..xp…*……….mT…F……Y@.].R+q..v.;…X.6,..V.$K..{..fD…/.C…..lv.*”..{..s.s…K..”wO….0n.S…0…?.^…..+…..Jn.!…..&z….V.N[…..9.w>…..?.wI…p .!$F.#.m…..i] 172.16.253.129.1067: Flags [.], ack 838, win 64240, length 0 E..(……N..-.(…..5.+.zW.v~.%P…………. 2013-09-25 22:35:20.179611 IP 172.16.253.254 > 172.16.253.129: ICMP echo request, id 63984, seq 0, length 28 E..0……?X…………….p..X….|2………. 2013-09-25 22:35:21.180076 IP 172.16.253.254.67 > 172.16.253.129.68: BOOTP/DHCP, Reply, length 300 E..H……U……….C.D.4Y#….0..P………………….){……………………………………………………………………………………………………………………………………………………………………………………c.Sc5..6…..3………….localdomain…………,………….… Read More »

Share Button

AlienSpyRAT – APT Alien Spy RAT Backdoor Trojan MAC OSX Lion Malware

2014-11-17 09:12:15.110142 IP 172.16.253.140.60644 > 8.8.8.8.53: 64315+ A? 1.courier-sandbox-push-apple.com.akadns.net. (61) E..Yvz……………..5.E…;………..1.courier-sandbox-push-apple.com.akadns.net….. 2014-11-17 09:12:15.156219 IP 8.8.8.8.53 > 172.16.253.140.60644: 64315 7/0/0 A 17.172.232.12, A 17.172.238.201, A 17.172.238.205, A 17.172.232.9, A 17.172.232.8, A 17.172.232.10, A 17.172.232.11 (173) E………………..5….3..;………..1.courier-sandbox-push-apple.com.akadns.net…………..+……………+……………+……………+….. ………+……………+….. ………+…… 2014-11-17 09:12:26.477863 IP 172.16.253.140.49662 > 8.8.8.8.53: 56342+ A? us-courier.push-apple.com.akadns.net. (54) E..R……………….5.>………….. us-courier push-apple.com.akadns.net….. 2014-11-17 09:12:26.514830 IP 8.8.8.8.53 >… Read More »

Share Button

AlienSpyRAT – APT Alien Spy RAT Backdoor Trojan port 1505 Traffic Sample

2013-11-09 14:21:22.538858 IP 172.16.253.146.53 > 4.2.2.2.53: 27400+ A? installone.no-ip[.]biz. (38) E..B……n……….5.5….k……….. installone.no-ip[.]biz….. 2013-11-09 14:21:23.536430 IP 172.16.253.146.53 > 8.8.8.8.53: 27400+ A? installone.no-ip[.]biz. (38) E..B……c……….5.5….k……….. installone.no-ip[.]biz….. 2013-11-09 14:21:23.536563 IP 172.16.253.146.53 > 4.2.2.2.53: 27400+ A? installone.no-ip[.]biz. (38) E..B……n……….5.5….k……….. installone.no-ip[.]biz….. 2013-11-09 14:21:23.660598 IP 172.16.253.146.1141 > 185.32.221.17.1505: Flags [S], seq 1501916260, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@………. …u..Y.ld….p…x………..… Read More »

Share Button