Monday, July 26, 2021

Quick Malware Analysis: pcap from 2021-06-18

Thanks to Brad Duncan for sharing this pcap!

We did a quick analysis of the pcap on the latest version of Security Onion via so-import-pcap:

Here are some of the Suricata alerts, Zeek logs, and HTTP transcripts:

Suricata alerts

Overview of all logs

DNS lookups

HTTP transactions grouped by port

HTTP Virtual Hosts

Windows EXE download via HTTP

SSL/TLS certificates

Windows EXE download

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive