#CapLoader

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

1 month ago

Decoding malware C2 with CyberChef This video tutorial demonstrates how malware C2 traffic can be decoded with CyberChef. The PCAP files with the analyzed network traffic can be downloaded from malware-traffic-analysis.net. CyberChef recipe to decode the reverse shell traffic to 103.27.157.146:4444: From_Hex('Auto') XOR({'option':'He[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a command-and-control (C2) transport protocol based on KCP. It has been used by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to take a closer look at the protocol, so I downloade[...]

1 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

@netresec.com.web.brid.gy

5 months ago

Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]

0 0 0 0

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.com

9 months ago

Detecting PureLogs traffic with CapLoader CapLoader includes a feature for Port Independent Protocol Identification (PIPI), which can detect which protocol is being used inside of TCP and UDP sessions without relying on the port number. In th...

Video: Detecting #PureLogs C2 traffic with #CapLoader
netresec.com?b=256a8c4

5 3 0 0

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.infosec.exchange.ap.brid.gy

9 months ago

@netresec

Video: Detecting #PureLogs traffic with #CapLoader
https://netresec.com/?b=256a8c4

0 1 0 0

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.com

1 year ago

CapLoader alerts on Socks5Systemz backconnect traffic: Malicious protocol Socks5Systemz backconnect 31.214.157.206 2024

Downloaded a fresh pcap from any.run to verify that #CapLoader identifies this traffic as Socks5Systemz backconnect ✅
app.any.run/tasks/c1b2dc...

2 0 1 0

Posts tagged #CapLoader