« Back to Threat Assessment « Previous Threat | Next Threat »

W32/Chthonic CnC Activity detected in 2017-10-21-traffic-analysis-exercise.pcap

Time Packet Protocol Source Destination Additional Threats Follow
2017/10/21 04:54:59 +0000 1521 TCP 10.0.1.95:55225 35.198.166.240:80 source | dest | ip pair stream

Payload (304 bytes) show as: hex | ascii

00000000 00000010 00000020 00000030 00000040 00000050 00000060 00000070 00000080 00000090 000000A0 000000B0 000000C0 000000D0 000000E0 000000F0 00000100 00000110 00000120 00000130
50 4f 53 54 20 2f 68 74 6d 6c 2f 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 61 6d 65 6c 6c 65 74 2e 62 69 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 34 30 0d 0a 0d 0a 97 cc 0d b8 86 5a b6 e4 be 06 ed 5d 93 29 77 1f 96 9a 59 18 50 9b cd 28 55 b1 6f 70 41 cc f0 1f e1 c9 4f a0 9a ff ba 9f 14 fd d1 f8 20 3f 01 94 ad c5 1e a5 23 48 59 d5 51 aa 67 99 70 ed ce d6 73 af d6 30 8f ce 19 08 c3 05 a5 71 2c 2a 34 a2 47 4a ad 07 fa 02 71 40 a4 7d ca 10 c2 db d4 36 d8 94 29 7c 56 26 04 d0 8f 5f 60 26 65 67 58 1e 87 91 2f e9 d5 5e 41 04 be be 1e 99 8d 8f 84 b5 df b6 52 c0 74 d1 81 a4 db 6d 85 89 b7 c8 76 2e c4 fc 0b 7f 62 7c 1d 13 4f 52 bd 99 4c 60 b9 d7 cb a0 84 03 2d 9c 62 7f ed d0 2a 30 78 d6 bd 78 2d f6 ca 3f 64 27 14 58 f5 cd ac 77 81 77 92 b5 b7 d1 a8 93 d7 d5 e9 df 84 5a 3a 4a ac 42 f3 41 7c f0 ec cf 7a 0d e5 12 09 40 17 d4 48 e7 e3 0a a0 16 6c 35 06 97 1c 4f cc df 3e 8f de 9a fc 9e
POST /html/ HTTP /1.0..Host: amel let.bit..Content -Length: 240.... .....Z.....].)w. ..Y.P..(U.opA... ..O......... ?.. ....#HY.Q.g.p... s..0.......q,*4. GJ....q@.}.....6 ..)|V&..._`&egX. ../..^A......... ..R.t....m....v. ....b|..OR..L`.. ....-.b...*0x..x -..?d'.X...w.w.. .........Z:J.B.A |...z....@..H... ..l5...O..>.....

3 Alerts

Alerts provided by Emerging Threats 2020-05-29
Signature SID.rev RuleSet
1 W32/Chthonic CnC Activity 2830613.2 ETPRO TROJAN
1 Chthonic CnC Beacon Generic M1 2829620.4 ETPRO TROJAN
1 Chthonic CnC Beacon 8 2811901.3 ETPRO TROJAN

External References

There are no references available for these alerts.