Wednesday, August 18, 2021

Quick Malware Analysis: pcap from 2021-05-18 Qakbot

Thanks to Brad Duncan for sharing this pcap!

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:

If you'd like to follow along, you can create a minimal VM with 4GB RAM and install the latest version of Security Onion in Import mode following the screenshots in the Screenshot Tour here:

Here are some of the interesting Suricata alerts, Zeek logs, and session transcripts:

No comments:

Search This Blog

Featured Post

Security Onion 2.4 Feature o' the Day - Configure Packet Capture

Security Onion 2.4 includes lots of new features! SOC's new Configuration interface allows you to configure packet capture: You can read...

Popular Posts

Blog Archive