Security Onion Blog

Thursday, August 26, 2021

Quick Malware Analysis: malware-traffic-analysis.net ICEDID/BOKBOT pcap from 2021-04-23

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2021/04/23/index.html

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

Some of the interesting Suricata alerts, Zeek logs, and session transcripts can be seen below. Want to follow along? All you need is a minimal virtual machine with 4GB RAM and you can follow the screenshots here:
https://docs.securityonion.net/en/2.3/first-time-users.html










at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.210 Now Available with Updated Components and New Features including Local Model Support for Onion AI!

For Security Onion Pro customers, we've made major improvements for our popular new Onion AI Assistant. Many folks have been asking for ...

Popular Posts

Blog Archive