Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

PUBLIC PAGE

<Click here: to download BotHunter>

30 June 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:05:00 WinXP 213.228.108.4 (KRASNET.RU):
KRASNET KRASNOYARSK REGIONAL TELECOMMUNICATIONS NETWORK,
KRASNOYARSK, KRASNOYARSKIY KRAY, RU. (DIAL) 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:97 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
00:05:00 Win2K-f 125.193.42.82 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:125 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
T:00:16:00 WinXP 217.211.148.44 (TELIA.COM):
TELIA NETWORK SERVICES,
UMEå, VASTERBOTTEN, SE. 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 70e613ae4c
[Firefox: 2 hits: 06-28 to 06-28] 		none [none] none:none
 none|none none none
00:18:00 Win2K-f 202.70.241.145 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
TOKYO, TOKYO, JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:67 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
T:00:19:00 WinXP 61.203.196.192 (FCV.NE.JP):
THE FOUNDATION OF FUKUOKA CABLE VISION,
FUKUOKA, FUKUOKA, JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:67 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
00:20:00 WinXP 66.123.206.60 (PACBELL.NET):
AT&T INTERNET SERVICES,
SAN FRANCISCO, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:22 hits: 12-14 to 06-29] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:00:22:00 Win2K-f 118.7.126.186 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:125 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
T:00:23:00 Win2K-f 221.185.130.151 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:67 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
T:00:27:00 Win2K-f 213.91.172.241 (TVSKAT.NET):
SKAT TV LTD,
BURGAS, BURGAS, BG. 		n/a HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 477b191ba9
NEW 		none [none] none:none
 none|none none none
00:42:00 WinXP 221.184.227.21 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 33 a96d6f6d31
[Firefox: 2 hits: 06-28 to 06-29] 		none [none] none:none
 none|none none none
00:44:00 Win2K-f 61.231.128.23 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2770 hits: 12-31 to 06-29] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:00:50:00 WinXP 125.215.114.182 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 e3460d2a4a
NEW 		none [none] none:none
 none|none none none
00:58:00 WinXP 79.64.87.116 (AS9105.COM):
TELINCO,
UK. 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 33 0a35a43ec6
NEW 		none [none] none:none
 none|none none none
T:01:00:00 Win2K-f 4.233.124.74 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:04:00 Win2K-f 211.29.17.212 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
MELBOURNE, VICTORIA, AU. (DIAL) 		n/a US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:67 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
T:01:05:00 Win2K-f 118.169.176.138 (-):
. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2770 hits: 12-31 to 06-29] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:01:14:00 Win2K-f 60.43.10.247 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		69.247.147.113:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:67 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
01:16:00 WinXP 77.20.14.12 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 e7d78a305b
NEW 		none [none] none:none
 none|none none none
T:01:18:00 WinXP 88.114.173.132 (ELISA-LAAJAKAISTA.FI):
ELISA-ADSL,
FI. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 a46f0fbc16
NEW 		none [none] none:none
 none|none none none
T:01:23:00 WinXP 118.169.60.244 (-):
. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2770 hits: 12-31 to 06-29] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
01:23:00 Win2K-f 85.177.69.169 (ALICEDSL.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 70505b82df
NEW 		none [none] none:none
 none|none none none
T:01:23:00 Win2K-f 81.69.199.210 (WANADOO.NL):
WANADOO NEDERLAND BV,
ALMERE, FLEVOLAND, NL. (DSL) 		69.247.147.113:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 a06d7c7dd7
NEW 		none [none] none:none
 none|none none none
T:01:25:00 Win2K-f 92.11.96.176 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		ftp
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 eab50c3dea
[Firefox: 3 hits: 06-28 to 06-29] 		none [none] none:none
 none|none none none
01:27:00 Win2K-f 125.215.112.13 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:97 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
01:33:00 Win2K-f 222.147.165.71 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 33 a96d6f6d31
[Firefox: 2 hits: 06-28 to 06-29] 		none [none] none:none
 none|none none none
T:01:47:00 Win2K-f 91.67.116.192 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:97 hits: 06-27 to 06-29] 		none [none] none:none
 none|none none none
01:48:00 Win2K-f 118.1.41.97 (-):
. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:69.247.147.113:12351
US:69.247.147.113:13001 		445 pcap raw alerts
ruleset