Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

RAMNIT Malware RAT Remote Access Trojan Backdoor Traffic Sample Download PCAP

Download RAMNIT Pcap here : ramnit2

2011-07-29 23:09:45.901035 IP 172.29.0.116.1026 > 68.87.73.246.53: 10515+ A? star-trakers.com. (34)
E..>*……….tDWI….5.*$.)…………star-trakers.com…..
2011-07-29 23:09:45.934019 IP 68.87.73.246.53 > 172.29.0.116.1026: 10515 1/0/0 A 207.223.0.140 (50)
[email protected][email protected]…DWI….t.5…:..)…………star-trakers.com…………………
2011-07-29 23:09:45.934377 IP 172.29.0.116.1489 > 207.223.0.140.443: Flags [S], seq 1010670280, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0*.@…S(…t……..<=……p…,………..
2011-07-29 23:09:48.934987 IP 172.29.0.116.1489 > 207.223.0.140.443: Flags [S], seq 1010670280, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0*.@…S’…t……..<=……p…,………..
2011-07-29 23:09:54.943623 IP 172.29.0.116.1489 > 207.223.0.140.443: Flags [S], seq 1010670280, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0*.@…S&…t……..<=……p…,………..
2011-07-29 23:09:55.936411 IP 172.29.0.116.1026 > 68.87.73.246.53: 23649+ A? ufxsqnjtryrny.com. (35)
E..?*……)…tDWI….5.+<(\a………..ufxsqnjtryrny.com…..
2011-07-29 23:09:55.937814 IP 172.29.0.116.1491 > 68.87.73.246.53: 45333+ A? stleikxkbjwo.com. (34)
E..>*……)…tDWI….5.*……………stleikxkbjwo.com…..
2011-07-29 23:09:55.938104 IP 172.29.0.116.1490 > 68.87.73.246.53: 54629+ A? lrqxvrqsihwtudox.com. (38)
E..B*……$…tDWI….5..}E.e………..lrqxvrqsihwtudox.com…..
2011-07-29 23:09:55.939051 IP 172.29.0.116.1492 > 68.87.73.246.53: 22222+ A? eeuprbpohspwje.com. (36)
E..@*……%…tDWI….5.,.iV…………eeuprbpohspwje.com…..
2011-07-29 23:09:55.939339 IP 172.29.0.116.1493 > 68.87.73.246.53: 57609+ A? tlxfrilp.com. (30)
E..:*……*…tDWI….5.&Wn. ………..tlxfrilp.com…..
2011-07-29 23:09:55.940121 IP 172.29.0.116.1494 > 68.87.73.246.53: 8187+ A? itehtxcch.com. (31)
E..;*……(…tDWI….5.’f…………. itehtxcch.com…..
2011-07-29 23:09:55.940689 IP 172.29.0.116.1496 > 68.87.73.246.53: 46658+ A? ovgucbrrvxqufkwq.com. (38)
E..B*…… …tDWI….5…{.B………..ovgucbrrvxqufkwq.com…..
2011-07-29 23:09:55.940960 IP 172.29.0.116.1495 > 68.87.73.246.53: 12188+ A? snkbcptiqgqmlvw.com. (37)
E..A*…… …tDWI….5.-../…………snkbcptiqgqmlvw.com…..
2011-07-29 23:09:55.941454 IP 172.29.0.116.1497 > 68.87.73.246.53: 30414+ A? rykgnuncbedueeuevxg.com. (41)
E..E*……….tDWI….5.1..v…………rykgnuncbedueeuevxg.com…..
2011-07-29 23:09:55.941788 IP 172.29.0.116.1498 > 68.87.73.246.53: 48158+ A? yssrqxyljwrioko.com. (37)
E..A*……….tDWI….5.-f#………….yssrqxyljwrioko.com…..
2011-07-29 23:09:55.952799 IP 68.87.73.246.53 > 172.29.0.116.1490: 54629 NXDomain 0/1/0 (111)
E@…[email protected]….t.5…wgK.e………..lrqxvrqsihwtudox.com…………..V.=.a.gtld-servers.net..nstld.verisign-grs..O………… :…Q.
2011-07-29 23:09:55.952998 IP 172.29.0.116.1490 > 68.87.73.246.53: 18949+ A? lrqxvrqsihwtudox.com.hsd1.va.comcast.net. (58)
E..V*……….tDWI….5.BO.J…………lrqxvrqsihwtudox.com.hsd1.va.comcast.net…..
2011-07-29 23:09:55.958811 IP 68.87.73.246.53 > 172.29.0.116.1491: 45333 NXDomain 0/1/0 (107)
E@…[email protected]….t.5…sbf………….stleikxkbjwo.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:55.959063 IP 172.29.0.116.1491 > 68.87.73.246.53: 42677+ A? stleikxkbjwo.com.hsd1.va.comcast.net. (54)
E..R*……….tDWI….5.>……………stleikxkbjwo.com.hsd1.va.comcast.net…..
2011-07-29 23:09:55.980955 IP 68.87.73.246.53 > 172.29.0.116.1490: 18949 NXDomain 0/1/0 (138)
E@…[email protected]..)DWI….t.5….n.J…………lrqxvrqsihwtudox.com.hsd1.va.comcast.net……!…….X.D.dns1.inflow.pa.bo.).dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:55.984981 IP 68.87.73.246.53 > 172.29.0.116.1491: 42677 NXDomain 0/1/0 (134)
E@…[email protected]….t.5…..`………….stleikxkbjwo.com.hsd1.va.comcast.net…………..X.D.dns1.inflow.pa.bo.%.dnsadmin.cable.comcast.com..<i…*0….. :….X

Related Articles

2011-07-29 23:09:56.032534 IP 68.87.73.246.53 > 172.29.0.116.1497: 30414 NXDomain 0/1/0 (114)
E@…[email protected]….t.5…zN.v…………rykgnuncbedueeuevxg.com…… ………=.a.gtld-servers.net..nstld.verisign-grs. O..L……… :…Q.
2011-07-29 23:09:56.032702 IP 172.29.0.116.1497 > 68.87.73.246.53: 58106+ A? rykgnuncbedueeuevxg.com.hsd1.va.comcast.net. (61)
E..Y*……….tDWI….5.E……………rykgnuncbedueeuevxg.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.038572 IP 68.87.73.246.53 > 172.29.0.116.1498: 48158 NXDomain 0/1/0 (110)
E@…[email protected]….t.5…v.G………….yssrqxyljwrioko.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:56.038737 IP 172.29.0.116.1498 > 68.87.73.246.53: 54018+ A? yssrqxyljwrioko.com.hsd1.va.comcast.net. (57)
E..U*……….tDWI….5.Ay^………….yssrqxyljwrioko.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.041087 IP 68.87.73.246.53 > 172.29.0.116.1493: 57609 NXDomain 0/1/0 (103)
E@…[email protected]….t.5…o.L. ………..tlxfrilp.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:56.041249 IP 172.29.0.116.1493 > 68.87.73.246.53: 32634+ A? tlxfrilp.com.hsd1.va.comcast.net. (50)
E..N*……….tDWI….5.:…z………..tlxfrilp.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.042079 IP 68.87.73.246.53 > 172.29.0.116.1496: 46658 NXDomain 0/1/0 (111)
E@…[email protected]….t.5…wTQ.B………..ovgucbrrvxqufkwq.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:56.042240 IP 172.29.0.116.1496 > 68.87.73.246.53: 3548+ A? ovgucbrrvxqufkwq.com.hsd1.va.comcast.net. (58)
E..V*……….tDWI….5.B……………ovgucbrrvxqufkwq.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.046375 IP 68.87.73.246.53 > 172.29.0.116.1490: 32871 NXDomain 0/1/0 (135)
E@…[email protected]..,DWI….t.5….R..g………..ufxsqnjtryrny.com.hsd1.va.comcast.net…………..X.D.dns1.inflow.pa.bo.&.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.054693 IP 68.87.73.246.53 > 172.29.0.116.1497: 58106 NXDomain 0/1/0 (141)
E@…[email protected]..&DWI….t.5…..3………….rykgnuncbedueeuevxg.com.hsd1.va.comcast.net……$…….X.D.dns1.inflow.pa.bo.,.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.062427 IP 68.87.73.246.53 > 172.29.0.116.1498: 54018 NXDomain 0/1/0 (137)
E@…[email protected]..*DWI….t.5……………….yssrqxyljwrioko.com.hsd1.va.comcast.net…… …….X.D.dns1.inflow.pa.bo.(.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.066425 IP 68.87.73.246.53 > 172.29.0.116.1493: 32634 NXDomain 0/1/0 (130)
E@…[email protected]….t.5…..y.z………..tlxfrilp.com.hsd1.va.comcast.net…………..X.D.dns1.inflow.pa.bo.!.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.066801 IP 172.29.0.116.137 > 172.29.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
E..N*……:…t………:…v………. FEEMFIEGFCEJEMFACOEDEPENCACACAAA.. ..
2011-07-29 23:09:56.067037 IP 68.87.73.246.53 > 172.29.0.116.1496: 3548 NXDomain 0/1/0 (138)
E@…[email protected]..)DWI….t.5…..M………….ovgucbrrvxqufkwq.com.hsd1.va.comcast.net……!…….X.D.dns1.inflow.pa.bo.).dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.168194 IP 68.87.73.246.53 > 172.29.0.116.1495: 12188 0/1/0 (105)
E@…[email protected]….t.5…q7./…………snkbcptiqgqmlvw.com………….*0.8.ns1.nameself…support.regtime.net.O…..*0….. :…Q.
2011-07-29 23:09:56.168423 IP 172.29.0.116.1490 > 68.87.73.246.53: 4051+ A? snkbcptiqgqmlvw.com.hsd1.va.comcast.net. (57)
E..U*……….tDWI….5.A]…………..snkbcptiqgqmlvw.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.183505 IP 68.87.73.246.53 > 172.29.0.116.1492: 22222 1/0/0 A 176.31.62.76 (52)
[email protected][email protected]…DWI….t.5…<^.V…………eeuprbpohspwje.com…………..X….>L
2011-07-29 23:09:56.183809 IP 172.29.0.116.1499 > 176.31.62.76.443: Flags [S], seq 3503633909, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0*.@…5….t..>L……5…..p……………
2011-07-29 23:09:56.188616 IP 68.87.73.246.53 > 172.29.0.116.1494: 8187 1/0/0 A 176.31.62.76 (47)
[email protected][email protected]…DWI….t.5…7………….. itehtxcch.com…………..X….>L
2011-07-29 23:09:56.188857 IP 172.29.0.116.1500 > 176.31.62.76.443: Flags [S], seq 2279586642, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0*.@…5….t..>L…….R….p….h……….
2011-07-29 23:09:56.191319 IP 68.87.73.246.53 > 172.29.0.116.1490: 4051 NXDomain 0/1/0 (137)
E@…[email protected]..*DWI….t.5….l’………….snkbcptiqgqmlvw.com.hsd1.va.comcast.net…… …….X.D.dns1.inflow.pa.bo.(.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.285796 IP 176.31.62.76.443 > 172.29.0.116.1499: Flags [S.], seq 2172809880, ack 3503633910, win 5840, options [mss 1460,nop,nop,sackOK], length 0
E [email protected]…..>L…t……r…5.p……………
2011-07-29 23:09:56.285829 IP 172.29.0.116.1499 > 176.31.62.76.443: Flags [.], ack 1, win 64240, length 0
E..(*.@…5….t..>L……5…r.P….i..
2011-07-29 23:09:56.286214 IP 172.29.0.116.1499 > 176.31.62.76.443: Flags [P.], seq 1:7, ack 1, win 64240, length 6
E…*.@…5….t..>L……5…r.P….[….K…
2011-07-29 23:09:56.302542 IP 176.31.62.76.443 > 172.29.0.116.1500: Flags [S.], seq 2165460878, ack 2279586643, win 5840, options [mss 1460,nop,nop,sackOK], length 0
E [email protected]…..>L…t……O….Sp……………
2011-07-29 23:09:56.302568 IP 172.29.0.116.1500 > 176.31.62.76.443: Flags [.], ack 1, win 64240, length 0
E..(*.@…5….t..>L…….S..O.P….z..
2011-07-29 23:09:56.302888 IP 172.29.0.116.1500 > 176.31.62.76.443: Flags [P.], seq 1:7, ack 1, win 64240, length 6
E…*.@…5….t..>L…….S..O.P….m….K…
2011-07-29 23:09:56.457898 IP 176.31.62.76.443 > 172.29.0.116.1499: Flags [.], ack 7, win 5840, length 0
E .([email protected].*…>L…t……r…5.P………\./.
2011-07-29 23:09:56.457995 IP 172.29.0.116.1499 > 176.31.62.76.443: Flags [P.], seq 7:82, ack 1, win 64240, length 75
E..s*.@…4….t..>L……5…r.P……… …..07F……\…….bP..c.H…..r. …..57……._……Vb[..7.G…..%
2011-07-29 23:09:56.458604 IP 176.31.62.76.443 > 172.29.0.116.1499: Flags [F.], seq 1, ack 7, win 5840, length 0
E .([email protected]..>L…t……r…5.P………….
2011-07-29 23:09:56.458632 IP 172.29.0.116.1499 > 176.31.62.76.443: Flags [.], ack 2, win 64240, length 0
E..(*.@…5….t..>L……6G..r.P…….

2011-07-29 23:09:56.474110 IP 172.29.0.116.1500 > 176.31.62.76.443: Flags [F.], seq 82, ack 2, win 64240, length 0
E..(*.@…5….t..>L……….O.P….’..
2011-07-29 23:09:56.476071 IP 172.29.0.116.1492 > 68.87.73.246.53: 24878+ A? bunxomdqokknkkllvkr.com. (41)
E..E*……….tDWI….5.1.da…………bunxomdqokknkkllvkr.com…..
2011-07-29 23:09:56.486033 IP 172.29.0.116.1491 > 68.87.73.246.53: 64968+ A? xioyjfiguiuluff.com. (37)
E..A*……….tDWI….5.-N…………..xioyjfiguiuluff.com…..
2011-07-29 23:09:56.498204 IP 68.87.73.246.53 > 172.29.0.116.1492: 24878 NXDomain 0/1/0 (114)
E@…[email protected]….t.5…zR.a…………bunxomdqokknkkllvkr.com…… ………=.a.gtld-servers.net..nstld.verisign-grs. O..L……… :…Q.
2011-07-29 23:09:56.498373 IP 172.29.0.116.1492 > 68.87.73.246.53: 35434+ A? bunxomdqokknkkllvkr.com.hsd1.va.comcast.net. (61)
E..Y*……….tDWI….5.E.G.j………..bunxomdqokknkkllvkr.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.543946 IP 68.87.73.246.53 > 172.29.0.116.1492: 35434 NXDomain 0/1/0 (141)
E@…[email protected]..&DWI….t.5…….j………..bunxomdqokknkkllvkr.com.hsd1.va.comcast.net……$…….X.D.dns1.inflow.pa.bo.,.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.546108 IP 172.29.0.116.1492 > 68.87.73.246.53: 26125+ A? elieidkolpc.com. (33)
E..=*…… …tDWI….5.).bf…………elieidkolpc.com…..
2011-07-29 23:09:56.546572 IP 172.29.0.116.1026 > 68.87.73.246.53: 42911+ A? wbjatshumpre.com. (34)
E..>*……….tDWI….5.*……………wbjatshumpre.com…..
2011-07-29 23:09:56.556174 IP 172.29.0.116.1497 > 68.87.73.246.53: 58918+ A? oluddrbaeb.com. (32)
E..<*……….tDWI….5.(…&……….
oluddrbaeb.com…..
2011-07-29 23:09:56.562079 IP 176.31.62.76.443 > 172.29.0.116.1499: Flags [.], ack 7, win 5840, options [nop,nop,sack 1 {82:83}], length 0
E [email protected]..>L…t……r…5……0…..
..6G..6H
2011-07-29 23:09:56.562103 IP 172.29.0.116.1499 > 176.31.62.76.443: Flags [P.], seq 7:82, ack 2, win 64240, length 75
E..s*.@…4….t..>L……5…r.P……… …..07F……\…….bP..c.H…..r. …..57……._……Vb[..7.G…..%
2011-07-29 23:09:56.562188 IP 176.31.62.76.443 > 172.29.0.116.1499: Flags [.], ack 83, win 5840, options [nop,nop,sack 1 {82:83}], length 0
E [email protected]..>L…t……r…6H………..
..6G..6H
2011-07-29 23:09:56.565084 IP 68.87.73.246.53 > 172.29.0.116.1491: 64968 NXDomain 0/1/0 (110)
E@…[email protected]….t.5…v……………xioyjfiguiuluff.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:56.565252 IP 172.29.0.116.1491 > 68.87.73.246.53: 13105+ A? xioyjfiguiuluff.com.hsd1.va.comcast.net. (57)
E..U*……….tDWI….5.ACH31………..xioyjfiguiuluff.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.565455 IP 68.87.73.246.53 > 172.29.0.116.1492: 26125 NXDomain 0/1/0 (106)
E@…[email protected]….t.5…r1.f…………elieidkolpc.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:56.565619 IP 172.29.0.116.1492 > 68.87.73.246.53: 39642+ A? elieidkolpc.com.hsd1.va.comcast.net. (53)
E..Q*……….tDWI….5.=……………elieidkolpc.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.566126 IP 172.29.0.116.1498 > 68.87.73.246.53: 52532+ A? idseneqmupdijjklvtm.com. (41)
E..E*……….tDWI….5.1.H.4………..idseneqmupdijjklvtm.com…..
2011-07-29 23:09:56.575141 IP 68.87.73.246.53 > 172.29.0.116.1497: 58918 NXDomain 0/1/0 (105)
E@…[email protected]….t.5…q…&……….
oluddrbaeb.com…………….=.a.gtld-servers.net..nstld.verisign-grs..O..L……… :…Q.
2011-07-29 23:09:56.575306 IP 172.29.0.116.1497 > 68.87.73.246.53: 22213+ A? oluddrbaeb.com.hsd1.va.comcast.net. (52)
E..P*……….tDWI….5.<.gV………..
oluddrbaeb.com.hsd1.va.comcast.net…..
2011-07-29 23:09:56.586310 IP 68.87.73.246.53 > 172.29.0.116.1492: 39642 NXDomain 0/1/0 (133)
E@…[email protected]…DWI….t.5…../………….elieidkolpc.com.hsd1.va.comcast.net…………..X.D.dns1.inflow.pa.bo.$.dnsadmin.cable.comcast.com..<i…*0….. :….X
2011-07-29 23:09:56.586481 IP 172.29.0.116.137 > 172.29.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
E..N*……!…t………:l..w………. EFEMEJEFEJEEELEPEMFAEDCOEDEPENAA.. ..
2011-07-29 23:09:56.587847 IP 176.31.62.76.443 > 172.29.0.116.1500: Flags [.], ack 7, win 5840, options [nop,nop,sack 1 {82:83}], length 0
E [email protected]..>L…t……O….Y….%t…..
……..
2011-07-29 23:09:56.587915 IP 172.29.0.116.1500 > 176.31.62.76.443: Flags [P.], seq 7:82, ack 2, win 64240, length 75
E..s*.@…4….t..>L…….Y..O.P……… …..07F……\…….bP..c.H…..r. …..57……._……Vb[..7.G…..%
2011-07-29 23:09:56.588116 IP 176.31.62.76.443 > 172.29.0.116.1500: Flags [.], ack 83, win 5840, options [nop,nop,sack 1 {82:83}], length 0
E [email protected]..>L…t……O………%(…..



This post first appeared on Computer Security.org - CyberSecurity News, Inform, please read the originial post: here

Share the post

RAMNIT Malware RAT Remote Access Trojan Backdoor Traffic Sample Download PCAP

×

Subscribe to Computer Security.org - Cybersecurity News, Inform

Get updates delivered right to your inbox!

Thank you for your subscription

×