Security Onion Blog

Wednesday, August 18, 2021

Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-18 Qakbot

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/05/18/index.html

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

If you'd like to follow along, you can create a minimal VM with 4GB RAM and install the latest version of Security Onion in Import mode following the screenshots in the Screenshot Tour here:
https://blog.securityonion.net/2021/07/security-onion-2360-now-available.html

Here are some of the interesting Suricata alerts, Zeek logs, and session transcripts:















at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 3.1.0 Now Available with Elastic 9.3.3, Suricata 8.0.5, Zeek 8.0.8, and much more!

Security Onion 3.1.0 is now available and includes new features, updated components, and many quality of life improvements! For a full scree...

Popular Posts

Blog Archive