Thursday, August 19, 2021

Quick Malware Analysis: pcap from 2021-05-14 Ursnif

Thanks to Brad Duncan for sharing this Ursnif pcap!

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:

If you'd like to follow along, you can create a minimal VM with 4GB RAM and install the latest version of Security Onion in Import mode following the screenshots in the Screenshot Tour here:

Here are some of the interesting Suricata alerts, Zeek logs, and session transcripts:

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive