Tag Archives: HISTORICAL Malware Sample – Citadel Banking Trojan – Traffic Sample Indicators Analysis

HISTORICAL Malware Sample – Citadel Banking Trojan – Traffic Sample Indicators Analysis

2013-02-03 21:49:49.204451 IP 172.16.253.130.1068 > 174.112.126.155.80: Flags [P.], seq 0:428, ack 1, win 64240, length 428 E….D@…”A…..p~..,.P[..0W.E.P…….POST /C270suqdh/file.php HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) Host: vivaspace2013.com Content-Length: 122 Connection: Keep-Alive Cache-Control: no-cache   ..Cx.oB…3.Yc>……..8|….M………8…E.a4.!.A…A+.z.Q…,\.\<\.#.$?………@;…C ‘J-j*L…R….)3.HP….eu……. 2013-02-03 21:49:49.206158 IP… Read More »

Share Button