Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/06/18/index.html
We did a quick analysis of the pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html
Here are some of the Suricata alerts, Zeek logs, and HTTP transcripts:
 |
| Suricata alerts |
 |
| Overview of all logs |
 |
| DNS lookups |
 |
| HTTP transactions grouped by port |
 |
| HTTP Virtual Hosts |
 |
| Windows EXE download via HTTP |
 |
| SSL/TLS certificates |
 |
| Windows EXE download |
No comments:
Post a Comment