Category Archives: Spyware & Keyloggers

Ardamax Keylogger Key Stroke Logger Spyware Software PCAP Malware Traffic Sample

2013-02-03 18:21:34.765332 IP 172.16.253.129.53 > 8.8.8.8.53: 27825+ A? smtp.mail.yahoo.com. (37) E..A……………..5.5.-..l…………smtp.mail.yahoo.com….. 2013-02-03 18:21:34.765388 IP 172.16.253.129.53 > 4.2.2.2.53: 27825+ A? smtp.mail.yahoo.com. (37) E..A. ……………5.5.-..l…………smtp.mail.yahoo.com….. 2013-02-03 18:21:34.787972 IP 4.2.2.2.53 > 172.16.253.129.53: 27825 5/0/0 CNAME smtp.mail.global.gm0.yahoodns.net., CNAME smtp.mail.us.am0.yahoodns.net., A 63.250.193.228, A 98.138.105.21, A 98.139.211.125 (163) E…R…..8……….5.5….l…………smtp.mail.yahoo.com…………….#.smtp.mail.global.gm0.yahoodns.net..1………..smtp.mail.us.am0.F.`……….?….`……….b.i..`……….b..} 2013-02-03 18:21:34.812374 IP 172.16.253.129.1043 > 63.250.193.228.587: Flags [S], seq 751532671, win 64240,… Read More »

Share Button

Ramnit Sneaky DNS Exfiltrating Credential Stealing Malware – Using MSN as TTP and Hundreds of crafted domain names

2011-07-30 00:09:33.828441 IP 172.29.0.116.1026 > 68.87.73.246.53: 13898+ A? google[.]com. (28) E..8*……;…tDWI….5.$v.6J………..google[.]com….. 2011-07-30 00:09:33.857089 IP 68.87.73.246.53 > 172.29.0.116.1026: 13898 6/0/0 A 74.125.113.105, A 74.125.113.104, A 74.125.113.106, A 74.125.113.103, A 74.125.113.147, A 74.125.113.99 (124) E@….@.9..7DWI….t.5……6J………..google[.]com…………..A..J}qi………A..J}qh………A..J}qj………A..J}qg………A..J}q……….A..J}qc 2011-07-30 00:09:33.857945 IP 172.29.0.116.1487 > 74.125.113.105.80: Flags [S], seq 4276131041, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…g….tJ}qi…P……..p…………… 2011-07-30 00:09:33.890833 IP 74.125.113.105.80… Read More »

Share Button

TrojanSpy:Win32/Usteal.D U Steal You Steal Spyware Trojan – Uses FTP to transfer your sensitive data out – Traffic Sample

TrojanSpy:Win32/Usteal.D is a dangerous trojan that collects sensitive information from its infected host and uses FTP to transfer the data to the command and control server     2013-03-07 06:57:38.635080 IP 10.0.2.15.1039 > 10.0.2.3.53: 18556+ A? jeck1072.ucoz[.]ru. (34) E..>.7….”g … ……5.*.;H|………..jeck1072.ucoz[.]ru….. 2013-03-07 06:57:38.665478 IP 10.0.2.3.53 > 10.0.2.15.1039: 18556 1/0/0 A 193.109.247.77 (50) E..N….@.b. … ….5…:..H|………..jeck1072.ucoz[.]ru………….8@…m.M… Read More »

Share Button