From c551390a284376814d91c7e794574326ad2a2f95 Mon Sep 17 00:00:00 2001 From: Tomasz Grodzki Date: Fri, 24 Jan 2020 11:18:22 +0100 Subject: [PATCH] Update README --- README.md | 57 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 25046af..23d7f4f 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ To run all available simulators, call: Available modules: - c2, dga, scan, sink, spambot, tunnel + c2, dga, miner, scan, sink, spambot, tunnel-dns, tunnel-icmp Available flags: -dry @@ -70,24 +70,25 @@ $ flightsim run dga AlphaSOC Network Flight Simulatorâ„¢ (https://github.com/alphasoc/flightsim) The IP address of the network interface is 172.20.10.2 -The current time is 17-Sep-19 11:59:38 - -11:59:38 [dga] Generating list of DGA domains -11:59:38 [dga] Resolving slvoody.top -11:59:39 [dga] Resolving zwpajbp.com -11:59:40 [dga] Resolving moijbvx.top -11:59:41 [dga] Resolving yxxatfi.info -11:59:42 [dga] Resolving sbyzqpo.xyz -11:59:43 [dga] Resolving polmhgd.space -11:59:44 [dga] Resolving aqfarux.space -11:59:46 [dga] Resolving zxfkbzr.net -11:59:47 [dga] Resolving bbctlvx.net -11:59:48 [dga] Resolving fwzklyf.biz -11:59:49 [dga] Resolving gwtysmm.com -11:59:50 [dga] Resolving hnrqmuy.biz -11:59:51 [dga] Resolving glaxjlc.net -11:59:52 [dga] Resolving pwdbdgb.biz -11:59:53 [dga] Resolving kutvpxo.top +The current time is 23-Jan-20 11:33:21 + +11:33:21 [dga] Generating a list of DGA domains +11:33:21 [dga] Resolving nurqatp.space +11:33:22 [dga] Resolving uahscqe.top +11:33:23 [dga] Resolving asimazf.biz +11:33:24 [dga] Resolving phxeohj.biz +11:33:25 [dga] Resolving crgwsoe.biz +11:33:26 [dga] Resolving sazafls.biz +11:33:27 [dga] Resolving gljyxdv.space +11:33:28 [dga] Resolving eiontgl.top +11:33:29 [dga] Resolving pqjseqc.top +11:33:30 [dga] Resolving mamsnmu.biz +11:33:31 [dga] Resolving ntettqn.top +11:33:32 [dga] Resolving niyvbvg.top +11:33:33 [dga] Resolving bxgqonb.biz +11:33:34 [dga] Resolving encggla.top +11:33:35 [dga] Resolving qphfoxn.biz +11:33:35 [dga] Done (15/15) All done! Check your SIEM for alerts using the timestamps and details above. ``` @@ -96,11 +97,13 @@ All done! Check your SIEM for alerts using the timestamps and details above. The modules packaged with the utility are listed in the table below. -| Module | Description | -| --------- | ----------------------------------------------------------------------------- | -| `c2` | Generates a list of C2 destinations and generates DNS and IP traffic to each | -| `dga` | Simulates DGA traffic using random labels and top-level domains | -| `scan` | Performs a port scan to random RFC 5737 addresses using common ports | -| `sink` | Connects to random sinkholed destinations run by security providers | -| `spambot` | Resolves and connects to random Internet SMTP servers to simulate a spam bot | -| `tunnel` | Generates DNS tunneling requests to \*.sandbox.alphasoc.xyz | +| Module | Description | +| ------------- | ----------------------------------------------------------------------------- | +| `c2` | Generates both DNS and IP traffic to a random list of known C2 destinations | +| `dga` | Simulates DGA traffic using random labels and top-level domains | +| `miner` | Generates Stratum mining protocol traffic to known cryptomining pools | +| `scan` | Performs a port scan of random RFC 5737 addresses using common TCP ports | +| `sink` | Connects to known sinkholed destinations run by security researchers | +| `spambot` | Resolves and connects to random Internet SMTP servers to simulate a spam bot | +| `tunnel-dns` | Generates DNS tunneling requests to \*.sandbox.alphasoc.xyz | +| `tunnel-icmp` | Generates ICMP tunneling traffic to an Internet service operated by AlphaSOC |