Tag Archives: Ramnit Sneaky DNS Exfiltrating Credential Stealing Malware – Using MSN as TTP and Hundreds of crafted domain names

Ramnit Sneaky DNS Exfiltrating Credential Stealing Malware – Using MSN as TTP and Hundreds of crafted domain names

2011-07-30 00:09:33.828441 IP 172.29.0.116.1026 > 68.87.73.246.53: 13898+ A? google[.]com. (28) E..8*……;…tDWI….5.$v.6J………..google[.]com….. 2011-07-30 00:09:33.857089 IP 68.87.73.246.53 > 172.29.0.116.1026: 13898 6/0/0 A 74.125.113.105, A 74.125.113.104, A 74.125.113.106, A 74.125.113.103, A 74.125.113.147, A 74.125.113.99 (124) E@….@.9..7DWI….t.5……6J………..google[.]com…………..A..J}qi………A..J}qh………A..J}qj………A..J}qg………A..J}q……….A..J}qc 2011-07-30 00:09:33.857945 IP 172.29.0.116.1487 > 74.125.113.105.80: Flags [S], seq 4276131041, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…g….tJ}qi…P……..p…………… 2011-07-30 00:09:33.890833 IP 74.125.113.105.80… Read More »

Share Button