Monday, July 26, 2021

Quick Malware Analysis: pcap from 2021-06-18

Thanks to Brad Duncan for sharing this pcap!

We did a quick analysis of the pcap on the latest version of Security Onion via so-import-pcap:

Here are some of the Suricata alerts, Zeek logs, and HTTP transcripts:

Suricata alerts

Overview of all logs

DNS lookups

HTTP transactions grouped by port

HTTP Virtual Hosts

Windows EXE download via HTTP

SSL/TLS certificates

Windows EXE download

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive