Wednesday, December 29, 2021

Quick Malware Analysis: Revil ransomware

This is our last Quick Malware Analysis of 2021, so we're making it a fun one! 

We prepared a Windows VM with Sysmon and then downloaded Revil ransomware:

We captured the network traffic and system logs and then imported into Security Onion via so-import-pcap and so-import-evtx:

Below are some of the interesting Suricata alerts, Zeek logs, and session transcripts.

About Security Onion

Security Onion is a versatile and scalable platform that can run on small virtual machines and can also scale up to the opposite end of the hardware spectrum to take advantage of extremely powerful server-class machines.  Security Onion can also scale horizontally, growing from a standalone single-machine deployment to a full distributed deployment with tens or hundreds of machines as dictated by your enterprise visibility needs.

To learn more about Security Onion, please see:

More Samples

Find all of our Quick Malware posts at:


No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive