Thursday, June 9, 2022

Quick Malware Analysis: Emotet E5 with Cobalt Strike and Spambot pcap from 2022-06-07

Thanks to Brad Duncan for sharing this pcap!
https://www.malware-traffic-analysis.net/2022/06/07/index.html

We did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:
https://docs.securityonion.net/en/2.3/so-import-pcap.html

One of our favorite parts of our recent Security Onion 2.3.130 release is the new Sankey diagram feature. We've used Sankey diagrams throughout the screenshots below to represent the different data types that Security Onion generates. We start with Suricata NIDS alerts and then go through each of the major Zeek metadata types.

About Security Onion

Security Onion is a versatile and scalable platform that can run on small virtual machines and can also scale up to the opposite end of the hardware spectrum to take advantage of extremely powerful server-class machines.  Security Onion can also scale horizontally, growing from a standalone single-machine deployment to a full distributed deployment with tens or hundreds of machines as dictated by your enterprise visibility needs.

To learn more about Security Onion, please see:
https://securityonion.net
https://securityonion.net/docs

More Samples

Find all of our Quick Malware posts at:
https://blog.securityonion.net/search/label/quick%20malware%20analysis

Screenshots

Click the first image to start the screenshot tour:















No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive