Security Onion Blog

Monday, July 26, 2021

Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-18

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/06/18/index.html

We did a quick analysis of the pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

Here are some of the Suricata alerts, Zeek logs, and HTTP transcripts:

Suricata alerts

Overview of all logs

DNS lookups

HTTP transactions grouped by port

HTTP Virtual Hosts

Windows EXE download via HTTP

SSL/TLS certificates

Windows EXE download


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.201 now available with Suricata and Zeek Updates!

Last month, we released Security Onion 2.4.200: https://blog.securityonion.net/2025/12/security-onion-24200-now-available-with.html This wee...

Popular Posts

Blog Archive