Update README

alphasoc · Jan 24, 2020 · c551390 · c551390
1 parent f7a95f0
commit c551390
Showing 1 changed file with 30 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -54,7 +54,7 @@ To run all available simulators, call:
 
 Available modules:
 
-	c2, dga, scan, sink, spambot, tunnel
+	c2, dga, miner, scan, sink, spambot, tunnel-dns, tunnel-icmp
 
 Available flags:
   -dry
@@ -70,24 +70,25 @@ $ flightsim run dga
 
 AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
 The IP address of the network interface is 172.20.10.2
-The current time is 17-Sep-19 11:59:38
-
-11:59:38 [dga] Generating list of DGA domains
-11:59:38 [dga] Resolving slvoody.top
-11:59:39 [dga] Resolving zwpajbp.com
-11:59:40 [dga] Resolving moijbvx.top
-11:59:41 [dga] Resolving yxxatfi.info
-11:59:42 [dga] Resolving sbyzqpo.xyz
-11:59:43 [dga] Resolving polmhgd.space
-11:59:44 [dga] Resolving aqfarux.space
-11:59:46 [dga] Resolving zxfkbzr.net
-11:59:47 [dga] Resolving bbctlvx.net
-11:59:48 [dga] Resolving fwzklyf.biz
-11:59:49 [dga] Resolving gwtysmm.com
-11:59:50 [dga] Resolving hnrqmuy.biz
-11:59:51 [dga] Resolving glaxjlc.net
-11:59:52 [dga] Resolving pwdbdgb.biz
-11:59:53 [dga] Resolving kutvpxo.top
+The current time is 23-Jan-20 11:33:21
+
+11:33:21 [dga] Generating a list of DGA domains
+11:33:21 [dga] Resolving nurqatp.space
+11:33:22 [dga] Resolving uahscqe.top
+11:33:23 [dga] Resolving asimazf.biz
+11:33:24 [dga] Resolving phxeohj.biz
+11:33:25 [dga] Resolving crgwsoe.biz
+11:33:26 [dga] Resolving sazafls.biz
+11:33:27 [dga] Resolving gljyxdv.space
+11:33:28 [dga] Resolving eiontgl.top
+11:33:29 [dga] Resolving pqjseqc.top
+11:33:30 [dga] Resolving mamsnmu.biz
+11:33:31 [dga] Resolving ntettqn.top
+11:33:32 [dga] Resolving niyvbvg.top
+11:33:33 [dga] Resolving bxgqonb.biz
+11:33:34 [dga] Resolving encggla.top
+11:33:35 [dga] Resolving qphfoxn.biz
+11:33:35 [dga] Done (15/15)
 
 All done! Check your SIEM for alerts using the timestamps and details above.
 ```
@@ -96,11 +97,13 @@ All done! Check your SIEM for alerts using the timestamps and details above.
 
 The modules packaged with the utility are listed in the table below.
 
-| Module    | Description                                                                   |
-| --------- | ----------------------------------------------------------------------------- |
-| `c2`      | Generates a list of C2 destinations and generates DNS and IP traffic to each  |
-| `dga`     | Simulates DGA traffic using random labels and top-level domains               |
-| `scan`    | Performs a port scan to random RFC 5737 addresses using common ports          |
-| `sink`    | Connects to random sinkholed destinations run by security providers           |
-| `spambot` | Resolves and connects to random Internet SMTP servers to simulate a spam bot  |
-| `tunnel`  | Generates DNS tunneling requests to \*.sandbox.alphasoc.xyz                   |
+| Module        | Description                                                                   |
+| ------------- | ----------------------------------------------------------------------------- |
+| `c2`          | Generates both DNS and IP traffic to a random list of known C2 destinations   |
+| `dga`         | Simulates DGA traffic using random labels and top-level domains               |
+| `miner`       | Generates Stratum mining protocol traffic to known cryptomining pools         |
+| `scan`        | Performs a port scan of random RFC 5737 addresses using common TCP ports      |
+| `sink`        | Connects to known sinkholed destinations run by security researchers          |
+| `spambot`     | Resolves and connects to random Internet SMTP servers to simulate a spam bot  |
+| `tunnel-dns`  | Generates DNS tunneling requests to \*.sandbox.alphasoc.xyz                   |
+| `tunnel-icmp` | Generates ICMP tunneling traffic to an Internet service operated by AlphaSOC  |