About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Saturday, June 13, 2015

test apt


ADDED TYPE FAMILY METHOD URI SAMPLE PCAP UA + MORE INFO
2/8/2015 APT DarkKomet 8EA4AB05FA7E
D573BA5A4EFFC3FB629308will vary - encrypted keep alive or other data		 Sample pcap Library Ssheet
2/8/2015 APT PlugX / Korplug / Gulpix POST /update?id= Sample
Sample2		 pcap Library Ssheet
2/7/2015 APT Windata XYZ/WinData.DLL?HELO-STX-1*10.0.0.15*RemotePC*[MAC:00-55-28-11-21-23
XYZ/WinData.DLL?HELO-STX-1*1[IPAddress]*[ComputerName]*0605[MAC:[MacAddress]]$		 Sample
Library Ssheet
2/4/2015 APT Pingbed GET /default.htm
/default1.htm
/default2.htm		 Sample pcap Library Ssheet
2/4/2015 APT Minaps backdoor GET / POST /download/device_ad.asp?device_t=8054693706&key=ptvcrcqz&device_id=ad&cv=ptvcrcqzlyepaudko
/download/logo.png
/download/record.asp?device_t=2415079444&key=vgrnuebv&device_id=ad&cv=vgrnuebvhauzshyue&result=%0D%0ATime%3A%09Fri%20Apr%2025%2013%3A09%3A12%202014%0AAgent%3A%09Mozilla%2F4.0%20(compatible%3B%20MSIE%206.0%3B%20Win32%3B%20Microsoft%20Windows%20XP%20Professional%20Service%20Pack%203%20(build%202600))%0D%0Aid%20error%21%0D%0Ano%20command%0D%0Arun%20http%3A%2F%2FAdobeFlash.info.tm%2Fdownload%2Flogo.png%20setup.exe%09%0D%0ANext%3AFri%20Apr%2025%2014%3A09%3A14%202014%0Adelay%3A3600%20sec%0D%0A%0D%0A
POST/download/device_input.asp?device_t=2437266266&key=zqlameug&device_id=ad&cv=zqlameugaocrxjeqi		 Sample
Library Ssheet
2/3/2015 APT njRAT / Backdoor.LV lv|'|'|TndfQzQyNjRFQkI=|'|'|VICTIM|'|'|Examiner|'|'|2013-06-21|'|'|USA|'|'|WinXPProfessionalSP2...

171.ll|'|'|Li4uLi4uLk5FVy4uLi4uLi4uX0FFNTJDMzdE|'|'|SENTA|'|'|sentai55|'|'|15-01-29|'|'||'|'|Win8.1SP0x64|'|'|Yes|'|'|0.7d|'|'|..|'|'||'|'|b88ece4c04f706c9717bbe6fbda49ed2,132.inf|'|'|Li4uLi4uLk5FVy4uL[truncated]

251.ll|'|'|Li4uLi4uLk5FVy4uLi4uLi4uX0FFNTJDMzdE|'|'|SENTA|'|'|sentai55|'|'|15-01-29|'|'||'|'|Win8.1SP0x64|'|'|Yes|'|'|0.7d|'|'|..|'|'|QnVyd2VsbCB2LiBIb2JieSBMb2JieSBBYnJpZGdlZCBbQ29tcGF0aWJpbGl0eSBNb2RlXSAtIFdvcmQA|'|'|b88ece4c04f706c9717bbe6fbda49ed2,

lv|'|'|VHJvamFuX0M0NkY2RTk=|'|'|MARK|'|'|user|'|'|2013-11-22|'|'||'|'|WinXP|'|'|No|'|'|0.6.4|'|'|..|'|'||'|'|[endof]		 Sample
Library Ssheet
2/3/2015 APT Protux worm POST http://ruthless.hobby-site.com:80/PHqgHumeay5705.mp3
http://202.71.136.14:80/ggBwkFNqDu1869.avi
/newTroy.jpg
/http://Microsoft.dumb1.com:80/PHqgHumeay5705.mp3		 Sample
Sample2		 pcap Library Ssheet
2/3/2015 APT Wykcores GET 279843
/279859
/280015
/287171
/315171
/110937
/111968
/113000
/114031
/115062		 Sample
Library Ssheet
2/2/2015 APT TinyBaron / Miniduke / CosmicDuke GET modules/db/mgr.php?
/modules/db/mgr.php?F=3?		 Sample
Library Ssheet
2/1/2015 APT Cobra / Turla POST /%s/%s?
uid=%d&context=%s&mode=text&data=%s		 Sample
Library Ssheet
2/1/2015 APT Panda POST /forum/login.cgi Sample pcap Library Ssheet
2/1/2015 APT Panda POST /Photos/Query.cgi?loginid= Sample pcap Library Ssheet
2/1/2015 APT Aided Frame GET /img/js.php Sample pcap Library Ssheet
2/1/2015 APT Scanbox Watering hole framework POST /i/recv.php Sample pcap Library Ssheet
2/1/2015 APT Syria Twitter. apk POST /contacts Sample pcap Library Ssheet
1/22/2015 APT Gholee / Rocket Kitten GET / POST /index.php?c=Ud7atknq&r=17117d
/index.php?c=Ud7atknq&r=1710b2		 Sample pcap Library Ssheet
1/22/2015 APT Lagulon (Operation Cleaver) POST /contador/server.php
/i/server.php
/includes/server.php		 Sample pcap Library Ssheet
1/22/2015 APT / CRIME Scieron / Httneilc / HTClient packet data
0000 16 03 01 00 41 01 00 00 3d 03 01 54 c1 2a fa 82
0010 a5 0b 00 4c 7b 26 c9 33 81 bd 63 34 08 ab b3 38
0020 3a de 83 db b1 9c 95 02 3e c3 34 00 00 16 00 04
0030 00 05 00 0a 00 09 00 64 00 62 00 03 00 06 00 13
0040 00 12 00 63 01 00		 Sample pcap Library Ssheet
1/22/2015 APT? Medusa POST
%s/bbc_mirror/%s/search?id=%s
/CNN_Mirror/EN/%s/search?id=%s
|00|U|00|n|00|d|00|e|00|r|00 20 00|C|00|o|00|n|0 0|s|00|t|00|r|00|u|00|c|00|t|00|i|00|o|00|n|00		 Sample pcap Library Ssheet
9/9/2013 APT Vidgrab POST (172.16.253.130)|1067|WinXP|D|L|No| 0..0....1..52..|No|V2010-v24|2184|0|3111947|0|1|. Sample pcap Library Ssheet
9/8/2013 APT Page / stscout / Elise / lStudio / Wumins GET /29af9cdc/page_12082223.html Sample pcap Library Ssheet
9/8/2013 APT Darkcomet GET /a.php?id=c2ViYWxpQGxpYmVyby5pdA== Sample pcap Library Ssheet
8/9/2013 APT (IN) Hanove / Tourist POST /kamp.php Sample pcap Library Ssheet
8/7/2013 APT Surtr 2nd Stage DL 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Sample pcap Library Ssheet
8/7/2013 APT Surtr 2nd Stage DL 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Sample pcap Library Ssheet
8/7/2013 APT Surtr Initial GET 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Sample pcap Library Ssheet
7/15/2013 APT Taleret GET / Sample pcap Library Ssheet
7/15/2013 APT Taleret GET /jw!Dyz0_2mTExQ0xbBnlp.RZcXoHmU- Sample pcap Library Ssheet
5/23/2013 APT Hangover Smackdown Minapro GET /flaws/snwd.php?tp=1&tg=[ID]&tv=Error[]&ts=[PLATFORM]&mt=[account]&tr=[NoFiles]&Y1Y5F2 Sample pcap Library Ssheet
5/15/2013 APT Mediana Proxy GET /index.htm?n763t4OPmrs6fXq7fXp7uj16e-r&Length=0 Sample pcap Library Ssheet
5/14/2013 APT Hupigon / Graybird ........................................;...WindowsXP5.1(2600.ServicePack3)................................................................$...DELLXT...................................................................................................................4s.love.......HACK.. Sample pcap Library Ssheet
5/14/2013 APT Variant Letsgo / TabMsgSQL downloader (comment crew) GET /index.htm Sample pcap Library Ssheet
5/14/2013 APT Tapaoux GET /ol/yahoo/banner4.php?jpg=../yahoo Sample pcap Library Ssheet
5/12/2013 APT Gh0st Gh0st....d...x.Kc``....@....\..L@:8..,39U!1 Sample pcap Library Ssheet
5/12/2013 APT IXESHE GET /AWS96.jsp?baQMyZrdI5Rojs9Khs9fhnjwj/8mIOm9jOKyjnxKjQJAx_bigfix_client_string:baQMyZrdqDAA Sample pcap Library Ssheet
5/8/2013 APT2 KoreanBanker DL GET /web/down/kbs.exe Sample pcap Library Ssheet
5/5/2013 APT Plugx SSL - see http://4.bp.blogspot.com/-m2u0QTwirDk/UYO4 6Pm7OOI/AAAAAAAAAFw/SG_eKhd1-Nw/s640/Untitled.png Sample pcap Library Ssheet
5/5/2013 APT RssFeeder (moved from TBD tab, common name still unknown) 2nd stage POST /orange/news.php Sample pcap Library Ssheet
5/5/2013 APT RssFeeder (moved from TBD tab, common name still unknown) initialGET POST /data/rss Sample pcap Library Ssheet
5/5/2013 APT Swami GET /im/linux.php Sample pcap Library Ssheet
5/1/2013 APT Comfoo / Vinself / Mspub POST /BmYBcnhwJxwk/VTlaMWlnYEw12511/18688/12AzAONjkCYw/UD1aND43a0xiWQ161/ Sample pcap Library Ssheet
5/1/2013 APT Destory Rat / Sogu / Thoper POST /update?id=000f72b8 Sample pcap Library Ssheet
5/1/2013 APT2 Disttrack / Shamoon GET /ajax_modal/modal/data.asp?mydata=AA==&uid=aaa.bbb.ccc.ddd&state=3067203 Sample pcap Library Ssheet
4/30/2013 APT 9002 POST 9002..................wx....9002..................wx....9002....................... Sample pcap Library Ssheet
4/30/2013 APT MSWab /Yayih POST /bbs/info.asp Sample pcap Library Ssheet
4/30/2013 APT 9002 POST /2d Sample pcap Library Ssheet
4/30/2013 APT Favorites GET /download731106?h1=FIFEFDAHAPGDENCMFOFFFCAGAE Sample pcap Library Ssheet
4/30/2013 APT Favorites GET /search?qu= Sample pcap Library Ssheet
4/30/2013 APT Favorites GET /search59861?h1=51&h2=1&h3=BHI06233&h4=FIFEFDAHAPGDENCMFOFFFCAGAE Sample pcap Library Ssheet
4/30/2013 APT Favorites GET /search613522?h1=FIFEFDAHAPGDENCMFOFFFCAGAE Sample pcap Library Ssheet
4/30/2013 APT Favorites POST /search25548?h1=FIFEFDAHAPGDENCMFNFFFNAGAH Sample pcap Library Ssheet
4/30/2013 APT Favorites POST /upload8806?h1=FIFEFDAHAPGDENCMFOFMFGAEAE Sample pcap Library Ssheet
4/30/2013 APT Gh0st GET /cgi/online.asp?hostname=[COMPUTERNAME]&httptype=[1][not%20httptunnel] Sample pcap Library Ssheet
4/30/2013 APT Gh0st var GET /h.gif?pid=113&v=130586214568HTTP/1.1 Sample pcap Library Ssheet
4/29/2013 APT Glasses GET /ewpindex.htm Sample pcap Library Ssheet
4/29/2013 APT IEXPLORE Rat / C0D0S0 /Briba / Cimuz / SharkyRAT POST /index000000001.asp Sample pcap Library Ssheet
4/29/2013 APT LURK GET LURK0........x.kf.e.apgpbpa0c..#........ Sample pcap Library Ssheet
4/28/2013 APT DNSWatch / Protux GET /dns/dnslookup?la=en&host=picture.ucparlnet.com&type=A&submit=Resolve Sample pcap Library Ssheet
4/28/2013 APT DNSWatch / Protux GET /news.jpg Sample pcap Library Ssheet
4/28/2013 APT DNSWatch / Protux POST /PHqgHumeay5705.mp3 Sample pcap Library Ssheet
4/28/2013 APT APT1 WEBC2_RAVE GET /comp/sem/resources.htm Sample pcap Library Ssheet
4/28/2013 APT backdoor ? GET /18110123/page_32262308.html Sample pcap Library Ssheet
4/28/2013 APT Banechant 1 GET /IGKKT Sample pcap Library Ssheet
4/28/2013 APT Banechant payload dl 2 GET /adserv/logo.jpg HTTP /1.1 Sample pcap Library Ssheet
4/28/2013 APT Beebus GET /windosdate/v6/default.aspx?ln=en-us Sample pcap Library Ssheet
4/28/2013 APT Beebus C2 checkin GET /s/asp?XAAAAM4w5jmIa_kMZlr67o8jettxsYA8dZgeNAHes-Nn5p-6AFUD6yncpz5AL6wAAA==p=1 Sample pcap Library Ssheet
4/28/2013 APT Beebus C2 checkin GET /s/asp?XAAAAM4w5jmOS_kMZlr67o8jettxsYA8dZgeNAHes-Nn5p-6AFUD6yncpz5AL6wAAA==p=1 Sample pcap Library Ssheet
4/28/2013 APT Beebus data send POST /s/asp?__uLBwO1bAMKBgG2BQAAAAEAAAACAAAAAAAAAG9zYW11AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVwBJAE4ARABPAFcAUwBNAEEAQQBOAEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==p=2 Sample pcap Library Ssheet
4/28/2013 APT Cookies /Cookiebag / Dalbot GET /1799.asp Sample pcap Library Ssheet
4/28/2013 APT Cookies /Cookiebag / Dalbot GET /3961.html
Cookie:Y29tbWFuZD1HZXRDb21tYW5kO2NsaWVudGtleT0zOTU0O2hvc3RuYW1lPXZpY3RpbTs=		 Sample pcap Library Ssheet
4/28/2013 APT Cookies /Cookiebag / Dalbot GET /8223.asp (also can be like /2007.asp,/2013.asp etc Sample pcap Library Ssheet
4/28/2013 APT Cookies /Cookiebag / Dalbot GET /indexs.zip Sample pcap Library Ssheet
4/28/2013 APT Coswid GET /old/google.png Sample pcap Library Ssheet
4/28/2013 APT CVE-2012-0754 SWF in DOC GET /test.mp4 Sample pcap Library Ssheet
4/28/2013 APT CVE-2012-0779 GET /essais.swf?info=789c333230d13331d53337d633b3b432313106001afa0338&infosize=00FC0000 Sample pcap Library Ssheet
4/28/2013 APT Depyot GET /new/3d/d/pdf.php?id=2 Sample pcap Library Ssheet
4/28/2013 APT Destory Rat / Sogu / Thoper POST /update?id=000f6b50 Sample pcap Library Ssheet
4/28/2013 APT Destory Rat / Sogu / Thoper POST /update?id=3109c2a2 Sample pcap Library Ssheet
4/28/2013 APT Destory Rat / Sogu / Thoper POST /update?product=windows Sample pcap Library Ssheet
4/28/2013 APT Downloader BMP GET /images/evil.bmp Sample pcap Library Ssheet
4/28/2013 APT Einstein GET /gttfi.php?id=019451425260376469&ext=YmFkc3R1ZmYuZGxs Sample pcap Library Ssheet
4/28/2013 APT Einstein data send POST /gttfi.php?id=019451425260376469&ext=ixioJXXJFCRrrDatKHhK Sample pcap Library Ssheet
4/28/2013 APT Enfal / Lurid GET /oi2c/wlc3/ [reducted]:00-00-00-00-00-00/ij83d Sample pcap Library Ssheet
4/28/2013 APT Enfal / Lurid GET /trandocs/nm/.[reducted] :00-00-00-00-00-00lCrrrwhite Sample pcap Library Ssheet
4/28/2013 APT Enfal / Lurid POST /cgi-bin/CMS_SubitAll.cgi Sample pcap Library Ssheet
4/28/2013 APT Enfal / Lurid POST /cgl-bin/Owpq4.cgi Sample pcap Library Ssheet
4/28/2013 APT Enfal / Lurid POST /Sjwpc/odw3ux Sample pcap Library Ssheet
4/28/2013 APT Foxy POST /404error.asp Sample pcap Library Ssheet
4/28/2013 APT Foxy Checkin GET /images/leftnav_prog_bg.jpg Sample pcap Library Ssheet
4/28/2013 APT Gh0st ASP ver GET /1/v2/1oginv2.asp?hi2wsdf351&x.’..[xf)..<.3XqHr....)IL{..&y192.168.0.69 Sample pcap Library Ssheet
4/28/2013 APT Gh0st PHP ver GET /ld/queenfun/vl/login.php?cd2hpdGU&uU11TVEV&s&pMTkyLjE2OC4wljYS&hi2wsdf35l Sample pcap Library Ssheet
4/28/2013 APT Gh0st v2000 var n v2010........f...............(......ServicePack2..?..|...|...|0.@.. Sample pcap Library Ssheet
4/28/2013 APT GoogleAdC2 GET /html/lost.html Sample pcap Library Ssheet
4/28/2013 APT GoogleAdC2 2nd stage GET /Trojan2.jpg Sample pcap Library Ssheet
4/28/2013 APT Googles GET /sll/monica.jpg Sample pcap Library Ssheet
4/28/2013 APT Greencat GET /<HOSTNAME>/ Sample pcap Library Ssheet
4/28/2013 APT Gtalk GET /facebook.png Sample pcap Library Ssheet
4/28/2013 APT IXESHE GET /AWS26329.jsp?UrFvwIJIOKTRyfxR9KNRqhg8lcPr/CGjUwP8yJUs7RjH7OinJ/85cgrqiP8jKGjpqgb/wTrO7OIjhxoHcGaFaURqK/aHophHLd23K=NHk=a9oQhvDQaLky8qo/RnJz42A Sample pcap Library Ssheet
4/28/2013 APT IXESHE AES GET /AES210001129016878.jsp?UrFwUIO3h7ofgwQInYPRbkQaHVM9Bih7kZ9rO+pKUrbklllsgfOk=+LLQhpkZ9LOhGbgqvJghHci7M Sample pcap Library Ssheet
4/28/2013 APT Letsgo / TabMsgSQL GET /indexbak.asp?rands=IXLCGIXELZ&acc=&str=select%20id%20from%20tab_online%20where%20regcode%20=%20'IXLCGIXELZ' Sample pcap Library Ssheet
4/28/2013 APT Letsgo / TabMsgSQL GET /safe/1.asp?rands=DWLLOXLGLH&acc=vy&str=select%20top%201%20%20from%20tab_message%20where%20toid%20=%20'198'%20order%20by%20id%20asc Sample pcap Library Ssheet
4/28/2013 APT Letsgo / TabMsgSQL GET /safe/1.asp?rands=XJOTLVALQF&acc=vy&str=insert%20into%20tab_online%20(mode,clientname,clientip,accessip,onlinetime,lasttime,regcode)%20values%20('0','victim','192.168.1.12','145.42.112.19','2011-06-08%2013:45:54','2011-06-08%2013:45:54','NMQVPTXFBH') Sample pcap Library Ssheet
4/28/2013 APT Letsgo / TabMsgSQL downloader GET /new/iistart.html Sample pcap Library Ssheet
4/28/2013 APT Likseput GET /index.html Sample pcap Library Ssheet
4/28/2013 APT Lingbo (?) POST /windowsupdatev7/search%3Fhl%3cWABQAFMAUAAzACOAUgA5ADMALQBPAEYAQwAyADAA%26q%3DMQA3ADIALgAyADkALgAwAC4AM>QAxADYA%26meta%3DMDAwMGhIÆÑuMDk%3D%26id%3Dlfdxfircvscxggb Sample pcap Library Ssheet
4/28/2013 APT Luckycat - WIMMIE POST /count/count.php?m=c&n=[HOSTNAME]_ Sample pcap Library Ssheet
4/28/2013 APT MiniASP GET /device_<decoded ID string>asp?device_t=<random 10 digits>&key=<random 8 lowercaseletters>&device_id=<decoded ID string>&cv=<random 17 lowercase letters> Sample pcap Library Ssheet
4/28/2013 APT MiniASP GET /record.asp?device_t=<random10digits>&key=<random8lowercaseletters>&device_id=<decodedIDstring>&cv=<random17lowercaseletters>&result=<URLencodedresultdata> Sample pcap Library Ssheet
4/28/2013 APT Miniduke POST /index.php Sample pcap Library Ssheet
4/28/2013 APT Mirage POST /resuIt?hl=en&meta=mdlyorvkildpiicqqownoatgvow Sample pcap Library Ssheet
4/28/2013 APT Mirage - later var GET /search?hl=en&q=(RemovedBase64string)&meta=acbazuxmhecthlegrepunkkdmpweqtg Sample pcap Library Ssheet
4/28/2013 APT Mongal GET /3010850A0000F0FD0F00323137443744324536313634333833380044454C4C58540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000007014C61757261000000000000000000000000000000000000000000000000000000000000000000000000 Sample pcap Library Ssheet
4/28/2013 APT Murcy GET /150828 Sample pcap Library Ssheet
4/28/2013 APT Netravler GET /fly/2013/2011/nettraveler.asp?action=getcmd&hostid=E81B9088&hostname=DellXT Sample pcap Library Ssheet
4/28/2013 APT Netravler GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname= DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQa CuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIX <very long string> UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt Sample pcap Library Ssheet
4/28/2013 APT Netravler GET
/nt2011/zy/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=FileList-1006-233757.ini&filestart=0&filetext=begin::OgA1AC2QzebTgdToZTkXQaCicYTaZR6RDKbDYWCpKKBhM88YjIajKXLfKOEmQ0nIxm86m46D0YVg::end
/nt2012/asp/nettraveler.asp?hostid=411CD510&amp;hostname=mikepc&amp;hostip=10.12.0.23&amp;filename=travlerbackinfo-2012-1-		 Sample pcap Library Ssheet
4/28/2013 APT NfLog GET /IElog/TestURL.aspHTTP/1.0 Sample pcap Library Ssheet
4/28/2013 APT NfLog POST /NfLog/Nfile.asp Sample pcap Library Ssheet
4/28/2013 APT NTESSESS GET /6K8gL8.html Sample pcap Library Ssheet
4/28/2013 APT PNG trojan GET /index.htm Sample pcap Library Ssheet
4/28/2013 APT Poison Ivy GET 256 bytes of seemingly random data after a successful TCP handshake, then 48 byte “keep-alive” requests Sample pcap Library Ssheet
4/28/2013 APT RedOctober AuthInfo POST http://%s:%s%s Sample pcap Library Ssheet
4/28/2013 APT RedOctober Sysinfo POST /cgi-bin/nt/sk Sample pcap Library Ssheet
4/28/2013 APT RegSubDat POST /5501000000/log Sample pcap Library Ssheet
4/28/2013 APT Sanny / Win32.Daws POST /write.php Sample pcap Library Ssheet
4/28/2013 APT Seasalt GET /postinfo.html Sample pcap Library Ssheet
4/28/2013 APT Sofacy POST /~wong/cgi-bin/brvc.cgi?DELLXT88901be8-05_01 Sample pcap Library Ssheet
4/28/2013 APT Sofacy POST /~bars/cgi-bin/qfa.cgi?20120311_06:44:06.bin.FFFFFFFFFS Sample pcap Library Ssheet
4/28/2013 APT Sykipot / Wyksol GET /kys_allowget.asp?namegetkys.kys Sample pcap Library Ssheet
4/28/2013 APT Taidoor GET /apzsr.php?id=021793111D309GE67E Sample pcap Library Ssheet
4/28/2013 APT Tarsip Eclipse GET /blg7_8newtpl/image/7/7_12/images/redir?di=130b51e7dc7&prd=bEFU&pver=131&j=1&ck=0 Sample pcap Library Ssheet
4/28/2013 APT Tarsip Moon GET /images/icons/2055?meth=gc&tid=2011506&cqe=3878658&inif=qKero9uLh4iCj4eIksvQ1ILS0IfAp6itNvX0dTI19DI19HWyNfU38Crp7St26ClvsiFiYvAqbW229PI18CuorWo29SF0d8=&syun=230 Sample pcap Library Ssheet
4/28/2013 APT Vinself POST /w880/T19R17Q16/12010L11014 Sample pcap Library Ssheet
4/28/2013 APT WEBC2-Bolid GET /firefox.html Sample pcap Library Ssheet
4/28/2013 APT WEBC2-Clover GET /Default.asp Sample pcap Library Ssheet
4/28/2013 APT WEBC2-CSON GET /Default.aspx?INDEX=<10_random_characters> Sample pcap Library Ssheet
4/28/2013 APT WEBC2-CSON Response to commands POST /Default.aspx?ID=IMNQRSSRXK Sample pcap Library Ssheet
4/28/2013 APT WEBC2-HEAD GET / Sample pcap Library Ssheet
4/28/2013 APT WEBC2-Table GET /order.htm Sample pcap Library Ssheet
4/28/2013 APT Xtreme Rat GET /1234567890.functions Sample pcap Library Ssheet
Subscribe to: Posts (Atom)