Trend Micro management exploit payload perhaps?
No sooner than I post a call for packets but I catch an event that surely looks suspect. I'm unable to confirm the destination target was in fact running a Trend management service or if the result of the following attempt. Let's see what our shellcode analysts can determine before we post complete packet payload.
Attacking Client Trend Management Service???
222.xxx.xxx.83:3418 => xx.xx.xxx.65:5168
Suspicious payload perhaps?
00000000 0500 0083 1000 0000 0808 0000 0100 0000 ................
00000010 e007 0000 0000 0000 8888 2825 5bbd d111 ..........(%[...
00000020 9d53 0080 c83a 5c2c 0400 0300 d007 0000 .S...:\,........
00000030 fc6a eb4d e8f9 ffff ff60 8b6c 2424 8b45 .j.M.....`.l$$.E
.
. (Sorry, intentionally removed to prevent kiddie replay)
.
00000130 6aff ff37 ffd0 68e7 79c6 79ff 7504 ffd6 j..7..h.y.y.u...
00000140 ff77 fcff d068 f08a 045f 53ff d6ff d041 .w...h..._S....A
00000150 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
00000160 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
.
.
.
00000480 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
00000490 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
000004a0 4141 4141 4141 4141 4141 4141 4141 1c13 AAAAAAAAAAAAAA..
000004b0 7465 4141 4141 4141 4141 4141 4141 4141 teAAAAAAAAAAAAAA
000004c0 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
.
.
.
000007e0 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
000007f0 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
00000800 d007 0000 d007 0000 ........
W
Incapable of shell code kung-fu, regardless of his desire.
Keywords:
0 comment(s)
×
Diary Archives
Comments