Category: Zeek Roulette
-
Detect STRRAT Malware With Zeek And Suricata
Join me in learning how to detect the STRRAT malware family with Zeek and Suricata. Corelight Blog: https://corelight.com/blog/newsroom/news/strrat-malware Source Code: https://github.com/corelight/zeek-strrat-detector 00:00:10:18 – 00:00:37:17Dr. Keith JonesHey, welcome. We’re going to talk about…
-
Analyzing QBot/QakBot Malware With Zeek
In this short article I’ll outline some analysis I performed on the QBot/QakBot malware family with Zeek. I took a look at the following PCAPs from this family of malware, hoping to…
-
A Gozi Banking Malware Detector – Zeek Roulette #3
I had talked about Gozi malware in our eCrimeBytes podcast here: Last Man From Gozi Banking Malware Group Sentenced To Three Years – eCrimeBytes Nibble #51 In my technical real life job…
-
Detecting Amadey Malware With Zeek – Zeek Roulette #2
For my Zeek Roulette #2 I picked a recently submitted sample off of ANY.Run that ended up being Amadey: https://app.any.run/tasks/31ba58da-30d1-4a08-940d-2412fc629221/ You can download the PCAP from the link above if you navigate…
-
njRAT/Bladabindi Zeek Detector Update – Zeek Roulette #1 Part 2
This is an update to: Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1 I have been running this detector on a live network for a while and I’ve seen 2 (rare)…
-
Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1
Welcome to the first edition of Zeek Roulette, where I pick a random Zeek topic and try to solve it! For this article I picked njRAT malware from Any.Run and tried to…