Security Onion Blog

Monday, July 26, 2021

Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-18

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/06/18/index.html

We did a quick analysis of the pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

Here are some of the Suricata alerts, Zeek logs, and HTTP transcripts:

Suricata alerts

Overview of all logs

DNS lookups

HTTP transactions grouped by port

HTTP Virtual Hosts

Windows EXE download via HTTP

SSL/TLS certificates

Windows EXE download


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Early Bird Discount for "Security Onion for Analysts and Threat Hunters" Class Running Virtually in August 2026!

Our "Security Onion for Analysts and Threat Hunters" class will be running virtually August 25, 2026 through August 28, 2026. Use ...

Popular Posts

Blog Archive