Category Archives: Trojan Downloaders

Nitedrem NAUGHTY USER-AGENT Malware Trojan Downloader PCAP converted Traffic Sample

2013-08-19 14:49:42.114217 IP 172.16.148.184.1033 > 172.16.1.1.53: 8903+ A? bucks.onepiecedream[.]com. (41) E..E. ….L………. .5.1..”…………bucks.onepiecedream[.]com….. 2013-08-19 14:49:42.170424 IP 172.16.1.1.53 > 172.16.148.184.1033: 8903 1/0/0 A 103.20.193.157 (57) E..U….@..+………5. .A.?”…………bucks.onepiecedream[.]com…………..<..g… 2013-08-19 14:49:42.335106 IP 172.16.148.184.1034 > 103.20.193.157.99: Flags [S], seq 343492936, win 65535, options [mss 1460,nop,nop,sackOK], length 0 E..0.!@….,….g…. .c.yIH….p….v………. 2013-08-19 14:49:42.581486 IP 103.20.193.157.99 > 172.16.148.184.1034: Flags [S.], seq 989768705,… Read More »

Share Button

PonyLoader Pony Trojan Downloader Loads ZeuS and Hides with crafted Google Short Packets Malware Traffic Sample

2013-02-03 19:10:20.060946 IP 172.16.253.131.53 > 8.8.8.8.53: 47611+ A? mail.yaklasim[.]com. (35) E..?……………..5.5.+./………….mail.yaklasim[.]com….. 2013-02-03 19:10:20.061008 IP 172.16.253.131.53 > 4.2.2.2.53: 47611+ A? mail.yaklasim[.]com. (35) E..?……………..5.5.+.;………….mail.yaklasim[.]com….. 2013-02-03 19:10:20.176217 IP 8.8.8.8.53 > 172.16.253.131.53: 47611 1/0/0 A 212.58.4.13 (51) E..OMx….3……….5.5.;……………mail.yaklasim[.]com………….P….:. 2013-02-03 19:10:20.178264 IP 172.16.253.131.1045 > 212.58.4.13.8080: Flags [S], seq 1596311614, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@…x……:……_%.>….p….I………. 2013-02-03 19:10:20.434860 IP… Read More »

Share Button

PowerLoader Trojan Downloader cacax.exe Malware Traffic Sample

2013-02-03 22:51:29.389714 IP 172.16.253.130.53 > 8.8.8.8.53: 34738+ A? real-newslife[.]com. (35) E..?.@……………5.5.+.^………….real-newslife[.]com….. 2013-02-03 22:51:29.389769 IP 172.16.253.130.53 > 4.2.2.2.53: 34738+ A? real-newslife[.]com. (35) E..?.A……………5.5.+.j………….real-newslife[.]com….. 2013-02-03 22:51:29.533563 IP 8.8.8.8.53 > 172.16.253.130.53: 34738 1/0/0 A 213.57.77.220 (51) E..Ohb……………5.5.;……………real-newslife[.]com………….T`…9M. 2013-02-03 22:51:29.542478 IP 172.16.253.130.1067 > 213.57.77.220.80: Flags [S], seq 2345406742, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0.C@…-……9M..+.P……..p….(………. 2013-02-03 22:51:29.564096 IP… Read More »

Share Button

Tinba Trojan Downloader Malware Traffic Sample

2012-05-09 23:14:39.261738 IP 10.0.2.15.1053 > 8.8.8.8.53: 59449+ A? dakotavolandos[.]com. (36) E..@J……. ……….5.,<q.9………..dakotavolandos[.]com….. 2012-05-09 23:14:39.287205 IP 8.8.8.8.53 > 10.0.2.15.1026: 37388 NXDomain 0/1/0 (109) E…. ..@.^<…. ….5…u.A………….dakotavolandos[.]com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..”……… :…Q. 2012-05-09 23:14:39.287372 IP 10.0.2.15.1026 > 8.8.8.8.53: 60686+ A? dakotavolandos[.]com.hsd1.va[.]comcast.net. (56) E..TJ……n ……….5.@~…………..dakotavolandos[.]com.hsd1.va[.]comcast.net….. 2012-05-09 23:14:39.287556 IP 8.8.8.8.53 > 10.0.2.15.1053: 59449 NXDomain 0/1/0 (109) E…….@.^;…. ….5…u^..9………..dakotavolandos[.]com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..”……… :…Q. 2012-05-09 23:14:39.287725 IP 10.0.2.15.1053… Read More »

Share Button

Sneaky torpig miniloader Trojan Downloader – Google Short packets disguise Malware

2013-02-03 22:50:31.622400 IP 172.16.253.130.53 > 8.8.8.8.53: 34738+ A? annotatinggramma[.]info. (39) E..C.@……………5.5./……………annotatinggramma[.]info….. 2013-02-03 22:50:31.622462 IP 172.16.253.130.53 > 4.2.2.2.53: 34738+ A? annotatinggramma[.]info. (39) E..C.A……………5.5./……………annotatinggramma[.]info….. 2013-02-03 22:50:31.654605 IP 4.2.2.2.53 > 172.16.253.130.53: 34738 1/0/0 A 66.240.236.39 (55) E..S ……!………5.5.?……………annotatinggramma[.]info………….Q…B..’ 2013-02-03 22:50:31.655928 IP 172.16.253.130.1068 > 66.240.236.39.80: Flags [S], seq 2267121616, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0.C@…!…..B..’.,.P.!……p…………… 2013-02-03 22:50:31.763433… Read More »

Share Button