TL;DR Basically this is one of Brad’s typical spot the malware within the PCAP from a drive-by infection. Nothing exciting like the previous one, but still good practice. Unfortunately I did get some of this one wrong (stupid me for not updating Snort rules in Security Onion). Also, one thing…
Prologue about this and future “Malware Excercise” posts I have been wanting to blog about my experiences playing with malware and trying to figure out how they work, techniques that helped me dissect them, tools that I used, etc… but never really had the chance/time to sit down and do…
So last night while playing around with my router trying to get it running as an OpenVPN Server (which was nothing but an all-day, bang-your-head-against-the-wall kind of experience since, from what I can tell reading multiple sites about Mikrotik, does not have a solid OpenVPN server package) I noticed this…
So while at work the other day I came across an interesting alert that, thankfully, was not successful. The following is what I got once I got home and was able to run this on my test VM. So let the party begin! The start of the infection chain starts…
This is my last post about this particular malicious email that I got in the mail sometime last week. If you have not read the other posts about this email (looks to be in the Dyre malware family), please see part one here and part two here.
As the title suggest, this is the continuation of my investigation into a malicious Dyre email that I received a while back. If you did not see my initial post (and mind you, first blog about malware analysis), then you can find that here. The other thing that I am…
So I figured that it is time that I start putting SO (Security Onion) to good use and start trying to find malware to dissect. So I started going through the SPAM/JUNK mail folders in the different email accounts that I have. After checking several emails, I came across the…