2022-08-30 (TUESDAY) - FOLLOW-UP TRAFFIC FROM BUMBLEBEE INFECTION (SLIVER)

NOTES:

ASSOCIATED FILES:

 

INDICATORS

FILE USED TO GENERATE THIS INFECTION:

TRAFFIC:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 

 


Shown above:  TCP stream of the unidentified TLSv1.3 traffic over TCP port 8557.

 

 


Shown above:  TCP stream of the unidentified TLSv1.3 traffic over TCP port 8557 kept alive while victim host was active.

 

 

Click here to return to the main page.