Security Onion Blog

Wednesday, August 18, 2021

Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-18 Qakbot

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/05/18/index.html

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

If you'd like to follow along, you can create a minimal VM with 4GB RAM and install the latest version of Security Onion in Import mode following the screenshots in the Screenshot Tour here:
https://blog.securityonion.net/2021/07/security-onion-2360-now-available.html

Here are some of the interesting Suricata alerts, Zeek logs, and session transcripts:















at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Quick Malware Analysis: NETSUPPORT RAT pcap from 2025-08-20

Thanks to Brad Duncan for sharing this pcap from 2025-08-20 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive