Security Onion Blog

Thursday, August 19, 2021

Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-14 Ursnif

Thanks to Brad Duncan for sharing this Ursnif pcap!
https://www.malware-traffic-analysis.net/2021/05/14/index.html

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

If you'd like to follow along, you can create a minimal VM with 4GB RAM and install the latest version of Security Onion in Import mode following the screenshots in the Screenshot Tour here:
https://blog.securityonion.net/2021/07/security-onion-2360-now-available.html

Here are some of the interesting Suricata alerts, Zeek logs, and session transcripts:











at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Coming soon to Security Onion: CyberChef 10.19.4!

 Our upcoming Security Onion 2.4.120 release includes CyberChef 10.19.4! Security Onion 2.4.120 is coming soon!

Popular Posts

  • Community Webinars featuring Security Onion
    Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...
  • Security Onion 2.4 Base OS
    Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4.  On 6/21/2023, Red Hat ...
  • Security Advisory for Squert
    Introduction Jeffrey Medsger reported several command injection and SQL injection vulnerabilities in Squert.  Wes Lambert also discovered s...

Blog Archive