{
	"id": "29b409ca-7921-41b0-baf5-44daffd7ac53",
	"created_at": "2026-04-06T00:22:08.12893Z",
	"updated_at": "2026-04-10T03:20:16.861205Z",
	"deleted_at": null,
	"sha1_hash": "8ca0874fc3f17bcde023b6fdb2398fc991ca28c5",
	"title": "GitHub - 0xThiebaut/PCAPeek: A proof-of-concept re-assembler for reverse VNC traffic.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43653,
	"plain_text": "GitHub - 0xThiebaut/PCAPeek: A proof-of-concept re-assembler\r\nfor reverse VNC traffic.\r\nBy 0xThiebaut\r\nArchived: 2026-04-05 23:13:05 UTC\r\nA proof-of-concept re-assembler for reverse VNC traffic such as IcedID \u0026 Qakbot's VNC Backdoors.\r\nDo note that as PoC, PCAPeek offers no guarantees on backwards compatibility and might be modified in the\r\nfuture for additional protocols.\r\nInstallation\r\nThis utility depends on Npcap for PCAP parsing, which you likely already have installed if you have WireShark.\r\nTo download and build this utility using the Go programming language, simply...\r\ngo install github.com/0xThiebaut/PCAPeek@latest\r\nUsage\r\nTo use PCAPeek, use the --help flag.\r\nPCAPeek --help\r\nPCAPeek is a tool to peek into PCAPs. It doesn't do much besides acting as a proof of concept to reconstruct re\r\nUsage:\r\n PCAPeek PCAP [PCAP ...] [flags]\r\nFlags:\r\n --files Output clipboard files\r\n --files-dir string The output directory for the clipboard files (default \"./\")\r\n --filter string A BPF filter to apply on the PCAPs\r\n -h, --help help for PCAPeek\r\n --jpeg Output JPEG frames\r\n --jpeg-dir string The output directory for the JPEG frames (default \"./\")\r\n --jpeg-fps int The number of JPEG frames to output per second (default 0, outputs all frames)\r\n --jpeg-quality int The JPEG frame quality percentage (default 100)\r\n --mjpeg Output MJPEG videos\r\n --mjpeg-dir string The output directory for the MJPEG videos (default \"./\")\r\nhttps://github.com/0xThiebaut/PCAPeek/\r\nPage 1 of 2\n\n--mjpeg-fps int The number of MJPEG frames to output per second (default 10)\r\n --mjpeg-quality int The MJPEG video quality percentage (default 100)\r\nThanks\r\nThanks to Brad Duncan (Malware-Traffic-Analysis.net) and Erik Hjelmvik (NETRESEC) for their extensive\r\nresearch on IcedID and its BackConnect protocol.\r\nSource: https://github.com/0xThiebaut/PCAPeek/\r\nhttps://github.com/0xThiebaut/PCAPeek/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/0xThiebaut/PCAPeek/"
	],
	"report_names": [
		"PCAPeek"
	],
	"threat_actors": [],
	"ts_created_at": 1775434928,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8ca0874fc3f17bcde023b6fdb2398fc991ca28c5.pdf",
		"text": "https://archive.orkl.eu/8ca0874fc3f17bcde023b6fdb2398fc991ca28c5.txt",
		"img": "https://archive.orkl.eu/8ca0874fc3f17bcde023b6fdb2398fc991ca28c5.jpg"
	}
}