Category: PCAPs
-
Analyzing QBot/QakBot Malware With Zeek
In this short article I’ll outline some analysis I performed on the QBot/QakBot malware family with Zeek. I took a look at the following PCAPs from this family of malware, hoping to…
-
A Gozi Banking Malware Detector – Zeek Roulette #3
I had talked about Gozi malware in our eCrimeBytes podcast here: Last Man From Gozi Banking Malware Group Sentenced To Three Years – eCrimeBytes Nibble #51 In my technical real life job…
-
Detecting Amadey Malware With Zeek – Zeek Roulette #2
For my Zeek Roulette #2 I picked a recently submitted sample off of ANY.Run that ended up being Amadey: https://app.any.run/tasks/31ba58da-30d1-4a08-940d-2412fc629221/ You can download the PCAP from the link above if you navigate…
-
Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1
Welcome to the first edition of Zeek Roulette, where I pick a random Zeek topic and try to solve it! For this article I picked njRAT malware from Any.Run and tried to…
-
Zeek’s suspend_processing Quirk With PCAPs
In the comments of an earlier blog: … we found an interesting situation. Even when you call “suspend_processing” in zeek_init, like this: … Zeek will still process the first packet. The “new_connection”…
-
Industrial Control Systems (ICS) PCAP Resources For Zeek And Wireshark
In this video I walk through several resources to download ICS protocol PCAPs: