@@ -54,7 +54,7 @@ To run all available simulators, call:
5454
5555Available modules:
5656
57- c2, dga, scan, sink, spambot, tunnel
57+ c2, dga, miner, scan, sink, spambot, tunnel-dns, tunnel-icmp
5858
5959Available flags:
6060 -dry
@@ -70,24 +70,25 @@ $ flightsim run dga
7070
7171AlphaSOC Network Flight Simulator™ (https://github.com/alphasoc/flightsim)
7272The IP address of the network interface is 172.20.10.2
73- The current time is 17-Sep-19 11:59:38
74-
75- 11:59:38 [dga] Generating list of DGA domains
76- 11:59:38 [dga] Resolving slvoody.top
77- 11:59:39 [dga] Resolving zwpajbp.com
78- 11:59:40 [dga] Resolving moijbvx.top
79- 11:59:41 [dga] Resolving yxxatfi.info
80- 11:59:42 [dga] Resolving sbyzqpo.xyz
81- 11:59:43 [dga] Resolving polmhgd.space
82- 11:59:44 [dga] Resolving aqfarux.space
83- 11:59:46 [dga] Resolving zxfkbzr.net
84- 11:59:47 [dga] Resolving bbctlvx.net
85- 11:59:48 [dga] Resolving fwzklyf.biz
86- 11:59:49 [dga] Resolving gwtysmm.com
87- 11:59:50 [dga] Resolving hnrqmuy.biz
88- 11:59:51 [dga] Resolving glaxjlc.net
89- 11:59:52 [dga] Resolving pwdbdgb.biz
90- 11:59:53 [dga] Resolving kutvpxo.top
73+ The current time is 23-Jan-20 11:33:21
74+
75+ 11:33:21 [dga] Generating a list of DGA domains
76+ 11:33:21 [dga] Resolving nurqatp.space
77+ 11:33:22 [dga] Resolving uahscqe.top
78+ 11:33:23 [dga] Resolving asimazf.biz
79+ 11:33:24 [dga] Resolving phxeohj.biz
80+ 11:33:25 [dga] Resolving crgwsoe.biz
81+ 11:33:26 [dga] Resolving sazafls.biz
82+ 11:33:27 [dga] Resolving gljyxdv.space
83+ 11:33:28 [dga] Resolving eiontgl.top
84+ 11:33:29 [dga] Resolving pqjseqc.top
85+ 11:33:30 [dga] Resolving mamsnmu.biz
86+ 11:33:31 [dga] Resolving ntettqn.top
87+ 11:33:32 [dga] Resolving niyvbvg.top
88+ 11:33:33 [dga] Resolving bxgqonb.biz
89+ 11:33:34 [dga] Resolving encggla.top
90+ 11:33:35 [dga] Resolving qphfoxn.biz
91+ 11:33:35 [dga] Done (15/15)
9192
9293All done! Check your SIEM for alerts using the timestamps and details above.
9394```
@@ -96,11 +97,13 @@ All done! Check your SIEM for alerts using the timestamps and details above.
9697
9798The modules packaged with the utility are listed in the table below.
9899
99- | Module | Description |
100- | --------- | ----------------------------------------------------------------------------- |
101- | ` c2 ` | Generates a list of C2 destinations and generates DNS and IP traffic to each |
102- | ` dga ` | Simulates DGA traffic using random labels and top-level domains |
103- | ` scan ` | Performs a port scan to random RFC 5737 addresses using common ports |
104- | ` sink ` | Connects to random sinkholed destinations run by security providers |
105- | ` spambot ` | Resolves and connects to random Internet SMTP servers to simulate a spam bot |
106- | ` tunnel ` | Generates DNS tunneling requests to \* .sandbox.alphasoc.xyz |
100+ | Module | Description |
101+ | ------------- | ----------------------------------------------------------------------------- |
102+ | ` c2 ` | Generates both DNS and IP traffic to a random list of known C2 destinations |
103+ | ` dga ` | Simulates DGA traffic using random labels and top-level domains |
104+ | ` miner ` | Generates Stratum mining protocol traffic to known cryptomining pools |
105+ | ` scan ` | Performs a port scan of random RFC 5737 addresses using common TCP ports |
106+ | ` sink ` | Connects to known sinkholed destinations run by security researchers |
107+ | ` spambot ` | Resolves and connects to random Internet SMTP servers to simulate a spam bot |
108+ | ` tunnel-dns ` | Generates DNS tunneling requests to \* .sandbox.alphasoc.xyz |
109+ | ` tunnel-icmp ` | Generates ICMP tunneling traffic to an Internet service operated by AlphaSOC |
0 commit comments