Thanks to Brad Duncan for sharing this pcap from 2025-07-08 on his malware traffic analysis site! Due to issues with Google flagging a warning for the site, we're not including the actual hyperlink but it should be easy to find.
We did a quick analysis of this pcap using Security Onion 2.4.160:
https://blog.securityonion.net/2025/06/security-onion-24160-now-available.htmlIf you'd like to follow along, you can do the following:
- install Security Onion 2.4.160 in a VM:
https://docs.securityonion.net/en/2.4/first-time-users.html - import the pcap using the SOC Grid interface:
https://docs.securityonion.net/en/2.4/grid.html#icons-in-lower-left-corner - optionally enable the DNS lookups feature:
https://docs.securityonion.net/en/2.4/soc-customization.html?#reverse-dns-lookups - if you are a Security Onion Pro customer, set up our MCP server:
https://docs.securityonion.net/en/2.4/mcp.html
The screenshots at the bottom of this post show some of the interesting alerts and their associated AI Summaries and Guided Analysis. At the end, we use the new MCP server (available to Security Onion Pro customers) to ask a few questions and get some nicely formatted reports back.
Want more practice? Check out our other Quick Malware Analysis posts at:
https://blog.securityonion.net/search/label/quick%20malware%20analysis
About Security Onion
Security Onion is a versatile and scalable platform that can run on small virtual machines and can also scale up to the opposite end of the hardware spectrum to take advantage of extremely powerful server-class machines. Security Onion can also scale horizontally, growing from a standalone single-machine deployment to a full distributed deployment with tens or hundreds of machines as dictated by your enterprise visibility needs. To learn more about Security Onion, please see:
https://securityonion.net
Screenshots
Let's start with an overview of all logs generated by Security Onion:
No comments:
Post a Comment