HISTORICAL Malware Sample – Kelihos – Traffic Sample Indicators Analysis

By | July 25, 2015

2013-02-03 20:35:15.922405 IP 172.16.253.132.1416 > 176.8.210.229.80: Flags [F.], seq 1, ack 1, win 64240, length 0

E..(.^M@….?………..P..t!ZZ..P…….

2013-02-03 20:35:15.922525 IP 176.8.210.229.80 > 172.16.253.132.1416: Flags [.], ack 2, win 64239, length 0

E..(……5……….P..ZZ….t”P………….

2013-02-03 20:35:15.971042 IP 172.16.253.132.1417 > 94.154.224.58.80: Flags [S], seq 2079267976, win 64240, options [mss 1460,nop,nop,sackOK], length 0

E..0..@….P….^..:…P{…….p….t……….

2013-02-03 20:35:16.243353 IP 176.8.210.229.80 > 172.16.253.132.1416: Flags [FP.], seq 1, ack 2, win 64239, length 0

E..(……5……….P..ZZ….t”P………….

2013-02-03 20:35:16.243391 IP 172.16.253.132.1416 > 176.8.210.229.80: Flags [.], ack 2, win 64240, length 0

E..(..@….=………..P..t”ZZ..P…….

2013-02-03 20:35:16.248283 IP 94.154.224.58.80 > 172.16.253.132.1417: Flags [S.], seq 329287744, ack 2079267977, win 64240, options [mss 1460], length 0

E..,……y.^..:…..P…..@{…`…z………

2013-02-03 20:35:16.248344 IP 172.16.253.132.1417 > 94.154.224.58.80: Flags [.], ack 1, win 64240, length 0

E..(..@….V….^..:…P{……AP….F..

2013-02-03 20:35:16.248494 IP 172.16.253.132.1417 > 94.154.224.58.80: Flags [F.], seq 1, ack 1, win 64240, length 0

E..(..@….U….^..:…P{……AP….E..

2013-02-03 20:35:16.248633 IP 94.154.224.58.80 > 172.16.253.132.1417: Flags [.], ack 2, win 64239, length 0

E..(……y.^..:…..P…..A{…P….F……..

2013-02-03 20:35:16.298432 IP 172.16.253.132.1418 > 213.157.45.117.80: Flags [S], seq 4254272840, win 64240, options [mss 1460,nop,nop,sackOK], length 0

E..0..@…H…….-u…P..^MH….p……………

2013-02-03 20:35:16.551007 IP 94.154.224.58.80 > 172.16.253.132.1417: Flags [FP.], seq 1, ack 2, win 64239, length 0

E..(……y.^..:…..P…..A{…P….=……..

2013-02-03 20:35:16.551060 IP 172.16.253.132.1417 > 94.154.224.58.80: Flags [.], ack 2, win 64240, length 0

E..(..@….S….^..:…P{……BP….D..

2013-02-03 20:35:16.703146 IP 213.157.45.117.80 > 172.16.253.132.1418: Flags [S.], seq 1408731193, ack 4254272841, win 64240, options [mss 1460], length 0

E..,…….S..-u…..P..S..9..^MI`………….

2013-02-03 20:35:16.703220 IP 172.16.253.132.1418 > 213.157.45.117.80: Flags [.], ack 1, win 64240, length 0

E..(..@…H…….-u…P..^MIS..:P….S..

2013-02-03 20:35:16.703408 IP 172.16.253.132.1418 > 213.157.45.117.80: Flags [F.], seq 1, ack 1, win 64240, length 0

E..(..@…H…….-u…P..^MIS..:P….R..

2013-02-03 20:35:16.703559 IP 213.157.45.117.80 > 172.16.253.132.1418: Flags [.], ack 2, win 64239, length 0

E..(…….V..-u…..P..S..:..^MJP….S……..

2013-02-03 20:35:16.751972 IP 172.16.253.132.1419 > 46.185.30.2.80: Flags [S], seq 2934743498, win 64240, options [mss 1460,nop,nop,sackOK], length 0

E..0..@….a………..P……..p…;L……….

2013-02-03 20:35:17.063869 IP 46.185.30.2.80 > 172.16.253.132.1419: Flags [S.], seq 1852445373, ack 2934743499, win 64240, options [mss 1460], length 0

E..,……k……….P..nj……`………….

2013-02-03 20:35:17.063925 IP 172.16.253.132.1419 > 46.185.30.2.80: Flags [.], ack 1, win 64240, length 0

E..(..@….h………..P….nj..P…….

2013-02-03 20:35:17.064089 IP 172.16.253.132.1419 > 46.185.30.2.80: Flags [F.], seq 1, ack 1, win 64240, length 0

E..(..@….g………..P….nj..P…….

2013-02-03 20:35:17.064213 IP 46.185.30.2.80 > 172.16.253.132.1419: Flags [.], ack 2, win 64239, length 0

E..(……k……….P..nj……P………….

2013-02-03 20:35:17.082802 IP 213.157.45.117.80 > 172.16.253.132.1418: Flags [FP.], seq 1, ack 2, win 64239, length 0

E..(…….S..-u…..P..S..:..^MJP….J……..

2013-02-03 20:35:17.082848 IP 172.16.253.132.1418 > 213.157.45.117.80: Flags [.], ack 2, win 64240, length 0

E..(..@…H…….-u…P..^MJS..;P….Q..

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *