Tag Archives: Another Sality Family Malware Traffic Example – Using Yahoo Document as TTP Vector

Another Sality Family Malware Traffic Example – Using Yahoo Document as TTP Vector

2013-02-03 18:20:55.267923 IP 172.16.253.129.53 > 8.8.8.8.53: 39453+ A? yahoo[.]com. (27) E..7……………..5.5.#_\………….yahoo[.]com….. 2013-02-03 18:20:55.267969 IP 172.16.253.129.53 > 4.2.2.2.53: 39453+ A? yahoo[.]com. (27) E..7……………..5.5.#ih………….yahoo[.]com….. 2013-02-03 18:20:55.294540 IP 4.2.2.2.53 > 172.16.253.129.53: 39453 3/0/0 A 98.139.183.24, A 98.138.253.109, A 206.190.36.45 (75) E..g……………..5.5.SH…………..yahoo[.]com……………..b……………b..m…………..$- 2013-02-03 18:20:55.294559 IP 8.8.8.8.53 > 172.16.253.129.53: 39453 3/0/0 A 206.190.36.45, A 98.138.253.109, A 98.139.183.24 (75) E..g……………..5.5.SP…………..yahoo[.]com……………….$-…………b..m…………b… 2013-02-03… Read More »

Share Button