This network forensics video tutorial covers how to analyze SPAM email traffic from the Kelihos botnet.
The analyzed PCAP file comes from the Stratosphere IPS project,
where Sebastian Garcia and his colleagues execute malware samples in sandboxes.
The particular malware sample execution we are looking at this time is from the CTU-Malware-Capture-Botnet-149-2
- Stratosphere IPS dataset: CTU-Malware-Capture-Botnet-149-2
- Alexa’s Top 1 Milion Domain List
- Cisco Ubrella Popularity List
- Emerging Threats’ TROJAN Win32/Kelihos.F Checkin Signature
6c55 5545 0310 4840
Check out our series of network forensic video tutorials for more tips and tricks on how to analyze captured network traffic.
*** This is a Security Bloggers Network syndicated blog from NETRESEC Network Security Blog authored by Erik Hjelmvik. Read the original post at: http://www.netresec.com/?page=Blog&month=2018-02&post=Analyzing-Kelihos-SPAM-in-CapLoader-and-NetworkMiner