APT – Advanced Persistent Threat / MALWARE – Reedum – Historical Traffic Sample

By | July 25, 2015

1970-01-01 -4:-59:-35.7292 IP 10.0.2.15.1047 > 109.234.159.254.21: Flags [P.], seq 1:17, ack 62, win 64179, length 16

E..8.X@….p

…m…….X{.a…?P…l…USER user37704

 

1970-01-01 -4:-59:-35.7292 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [.], ack 17, win 65535, length 0

E..(….@.`.m…

……….?X{.qP…|…

1970-01-01 -4:-59:-35.7866 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [P.], seq 62:141, ack 17, win 65535, length 79

E..w….@.`rm…

……….?X{.qP…kZ..331 ……………… ………… …… …………………… user37704

 

1970-01-01 -4:-59:-35.7869 IP 10.0.2.15.1047 > 109.234.159.254.21: Flags [P.], seq 17:31, ack 141, win 64100, length 14

E..6.Y@….q

…m…….X{.q….P..d….PASS intro22

 

1970-01-01 -4:-59:-35.7870 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [.], ack 31, win 65535, length 0

E..(….@.`.m…

………..X{..P…|’..

1970-01-01 -4:-59:-35.8473 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [P.], seq 141:200, ack 31, win 65535, length 59

E..c….@.`.m…

………..X{..P…….230 …………………… user37704 ………………

 

1970-01-01 -4:-59:-35.8493 IP 10.0.2.15.1047 > 109.234.159.254.21: Flags [P.], seq 31:39, ack 200, win 64041, length 8

E..0.Z@….v

…m…….X{……P..)….TYPE A

 

1970-01-01 -4:-59:-35.8493 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [.], ack 39, win 65535, length 0

E..(….@.`.m…

………..X{..P…{…

1970-01-01 -4:-59:-35.9066 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [P.], seq 200:238, ack 39, win 65535, length 38

E..N….@.`.m…

………..X{..P…….200 …… ……………….. .. A

Share Button