Tag Archives: Gondad EK Exploit Kit using QQ.com Malware Infection PCAP Traffic Sample

Gondad EK Exploit Kit using QQ.com Malware Infection PCAP Traffic Sample

2014-12-13 21:12:18.365748 IP 192.168.56.101.1389 > 8.8.8.8.53: 37206+ A? r.qzone.qq.com. (32) E..<……(…8e…..m.5.(*..V………..r.qzone.qq.com….. 2014-12-13 21:12:18.426615 IP 8.8.8.8.53 > 192.168.56.101.1389: 37206 4/0/0 CNAME qq.com.edgesuite.net., CNAME a1574.b.akamai.net., A 23.61.194.48, A 23.61.194.216 (127) E…….9..|……8e.5.m..^..V………..r.qzone.qq.com…………..W…qq.com edgesuite.net..,……J….a1574.b.akamai.=.N………..=.0.N………..=.. 2014-12-13 21:12:18.431687 IP 192.168.56.101.1040 > 23.61.194.48.80: Flags [S], seq 759589942, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0..@…….8e.=.0…P-Fl6….p…………… 2014-12-13 21:12:18.435525 IP 23.61.194.48.80 > 192.168.56.101.1040: Flags… Read More »

Share Button