Security Onion Blog

Monday, July 26, 2021

Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-18

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/06/18/index.html

We did a quick analysis of the pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

Here are some of the Suricata alerts, Zeek logs, and HTTP transcripts:

Suricata alerts

Overview of all logs

DNS lookups

HTTP transactions grouped by port

HTTP Virtual Hosts

Windows EXE download via HTTP

SSL/TLS certificates

Windows EXE download


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.190 now available including Onion AI Assistant for Pro Customers!

Security Onion 2.4.190 is now available and includes several new features, updated components, and many quality of life improvements!  For S...

Popular Posts

Blog Archive