|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 01:18:00 | WinXP | 193.204.50.221 (PTBA-50.POLIBA.IT): POLITECNICO DI BARI, BARI, PUGLIA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | fd57febe23 [Firefox: 4 hits: 05-19 to 06-01] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:01:18:00 | WinXP | 193.204.50.221 (PTBA-50.POLIBA.IT): POLITECNICO DI BARI, BARI, PUGLIA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | fd57febe23 [Firefox: 4 hits: 05-19 to 06-01] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:01:46:00 | WinXP | 210.237.9.34 (ENJOY.NE.JP): DEODEO CORPORATION, TOKYO, TOKYO, JP. (DSL) |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 07177edf82 [Firefox: 3 hits: 05-17 to 05-30] |
ca4413b3c2 [0] | none:none |
PolyEnE| | none | trace |
| T:04:02:00 | WinXP | 77.30.218.105 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | d9903c0088 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:04:15:00 | Win2K-f | 130.228.96.66 (TELE2.NET): TELE GREENLAND INTERNATIONAL A/S, COPENHAGEN, COPENHAGEN, DK. (100Mbps) |
222.51.25.90:18067 | CN:bbjj.househot.com | 445 | pcap | raw alerts ruleset |
other 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 996c9c3a01 [Firefox: 7 hits: 04-03 to 05-30] |
4b6453fcf3 [0] | none:none |
MEW| | none | trace |
| 04:20:00 | Win2K-f | 122.169.10.152 (122.AIRTELBROADBAND.IN): ABTS-WEST-DSL-9376-MUM, MUMBAI, MAHARASHTRA, IN. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:05:33:00 | WinXP | 222.251.175.197 (-): KOREA CABLE TELEVISION SUWON BROADCATING CORPORATI, SUWON, KYONGGI-DO, KR. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 3f5ec58a6b [Firefox:26 hits: 04-24 to 06-02] |
4a77430a59 [0] | ASM:Graph |
PolyEnE| | lines=70 | trace |
| T:05:50:00 | Win2K-f | 117.198.164.90 (-): . |
209.250.232.240:7000 | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 31 | 8eeb4f73ba NEW |
551c3f8505 [0] | none:none |
none|none | none | trace |
| T:06:04:00 | Win2K-f | 212.83.105.35 (-): WINDY DAY OY, FI. (100Mbps) |
84.244.5.183:2345 | US:wow.blackirc.us SE:scl.jullope.com |
445 | pcap | raw alerts ruleset |
http irc 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
4 of 31 | 9a52679900 NEW |
9a52679900 [1] | ASM:Graph |
StarForce| | lines=95 | trace |
| 06:04:00 | Win2K-f | 118.100.163.43 (-): . |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 06:06:00 | Win2K-f | 85.107.145.6 (TTNET.NET.TR): PROVIDER LOCAL REGISTRY, ISTANBUL, ISTANBUL, TR. (DSL) |
64.85.160.111:5001 | US:cookie.roltf.ws | 135 | pcap | raw alerts ruleset |
irc 361 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | none:none |
Armadillo| | none | trace |
| T:06:55:00 | WinXP | 172.190.120.99 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:09:00 | WinXP | 118.7.1.247 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:216 hits: 05-02 to 05-30] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| 07:22:00 | WinXP | 87.205.249.123 (INETIA.PL): NETIA, VIENNA, WIEN, AT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:29:00 | Win2K-f | 59.112.193.26 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CN:hail2.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:07:37:00 | WinXP | 70.60.4.172 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:49:00 | Win2K-f | 190.172.214.181 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 07:53:00 | WinXP | 58.90.237.227 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:616 hits: 07-11 to 06-01] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:58:00 | Win2K-f | 130.94.243.120 (VERIO.NET): NTT AMERICA INC, ENGLEWOOD, COLORADO, US. |
72.10.172.218:9928 | :nagoo.nagitiriheiwu.net CA:tai.ihshsd8.com |
135 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:08:10:00 | WinXP | 88.210.67.44 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
85.114.137.60:65520 209.250.232.240:7000 | DE:proxim.ircgalaxy.pl US:hail.dns2go.com DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | a050cd54ff [Firefox: 3 hits: 05-14 to 05-30] |
4f7ceeede0 [0] | none:none |
none|none | none | trace |
| T:08:22:00 | WinXP | 85.240.106.175 (DSL.TELEPAC.PT): TELEPAC - COMUNICACOES INTERACTIVAS SA, POMBAL, COIMBRA, PT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:28:00 | Win2K-f | 71.112.120.7 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SNOHOMISH, WASHINGTON, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:59:00 | Win2K-f | 85.96.201.158 (TTNET.NET.TR): ADSL-ALC-GAYRETTEPE-STATIC POOL, KONYA, NIGDE, TR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 31 | cd05c2e205 [Firefox: 3 hits: 05-01 to 05-30] |
2a2b48cd59 [0] | none:none |
none|none | none | trace | |
| T:09:05:00 | Win2K-f | 124.43.45.186 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, LK. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1495 hits: 04-27 to 06-01] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 09:15:00 | WinXP | 200.228.92.172 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 32 | b4ad631671 [Firefox:14 hits: 04-29 to 05-30] |
5890f017cc [0] | ASM:Graph |
StarForce| | lines=28 | trace | |
| 09:16:00 | Win2K-f | 92.112.45.24 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 31 | f0e02bee5f [Firefox: 8 hits: 04-27 to 05-30] |
79dc713bfc [0] | none:none |
none|none | none | trace |
| 09:21:00 | Win2K-f | 193.126.167.229 (NET.KPNQWEST.PT): KPNQWEST PORTUGAL / IOL ISP, LISBON, LISBOA, PT. |
n/a | US:scorti1.dns2go.com US:209.63.232.19:7000 |
445 | pcap | raw alerts ruleset |
ftp 958 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 31 | c41adb0708 NEW |
7f05b8e623 [0] | none:none |
ASProtect| | none | trace |
| T:09:31:00 | Win2K-f | 91.124.224.227 (UKRTEL.NET): UKRTELECOM, BROVARY, KYYIVS'KA OBLAST', UA. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 31 | f9452d6a63 NEW |
76fba0327d [0] | none:none |
none|none | none | trace |
| T:09:42:00 | Win2K-f | 85.138.133.158 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl US:hail.dns2go.com DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:scorti1.dns2go.com IL:wr.mcboo.com IL:dl.mcboo.com US:b152.mcboo.com US:209.63.232.19:7000 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 141 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 31 25 of 31 12 of 31 |
0befa50d95 NEW c644a6e74d [Firefox: 2 hits: 05-11 to 05-30] fd1b0fb7f8 NEW |
0befa50d95 [1] none [4] none [4] |
ASM:Graph none:none none:none |
StarForce| none|none tElock| |
lines=6 none none |
trace trace trace |
| 09:57:00 | Win2K-f | 85.26.69.89 (217-117-34-10.TELEDISNET.BE): TELEDISNET ISP, BE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 18b909f0ea [Firefox: 2 hits: 05-01 to 05-30] |
none[4] | none:none |
none|none | none | trace | |
| 10:03:00 | WinXP | 89.251.70.98 (-): NET-1-UGMK-TELECOM, RU. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.63.232.19:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 31 | 75fcd4fc07 NEW |
73a7fa699a [0] | none:none |
none|none | none | trace |
| T:10:12:00 | WinXP | 77.127.164.144 (INTER.NET.IL): EURONET DIGITAL COMMUNICATIONS, IL. |
n/a | CN:hail2.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:10:13:00 | WinXP | 87.6.6.127 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 96ee6e8255 [Firefox: 2 hits: 04-04 to 05-30] |
301f2b7bf3 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:19:00 | WinXP | 85.139.85.16 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.63.232.19:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1495 hits: 04-27 to 06-01] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 10:41:00 | Win2K-f | 189.171.133.136 (PROD-INFINITUM.COM.MX): UNINET S.A. DE C.V, JUAREZ, CHIHUAHUA, MX. (DSL) |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.63.232.19:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1495 hits: 04-27 to 06-01] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 11:03:00 | Win2K-f | 87.1.85.1 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, CAGLIARI, SARDEGNA, IT. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 11:05:00 | Win2K-f | 89.251.242.172 (WAMBO.CH): FIRST ASSIGNEMENT FOR AMBNET, CH. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 11:16:00 | Win2K-f | 89.137.137.206 (ASTRAL.RO): ASTRAL GALATI DOCSIS NETWORK, GALATI, GALATI, RO. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:11:25:00 | Win2K-f | 62.150.165.243 (QUALITYNET.NET): QUALITYNET GENERAL TRADING & CONTRACTING CO, KUWAIT, AL KUWAYT, KW. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 CN:222.177.11.165:8885 US:63.149.6.91:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:11:56:00 | WinXP | 69.216.115.59 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 62 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:57:00 | WinXP | 203.180.16.177 (BMOBILE.NE.JP): JAPAN COMMUNICATION INC, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:712 hits: 05-01 to 05-30] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:11:58:00 | Win2K-f | 77.28.35.229 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:12:11:00 | WinXP | 75.84.222.176 (RR.COM): ROAD RUNNER HOLDCO LLC, ANAHEIM, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:47:00 | Win2K-f | 62.217.146.187 (AZERONLINE.COM): AZERONLINE INFORMATION SERVICES, BAKU, ABSERON, AZ. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:12:52:00 | WinXP | 201.19.105.77 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | CN:hail2.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:12:58:00 | WinXP | 92.40.49.108 (IKBCC.COM): EU-ZZ, UK. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http irc 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 | 7d6690b46b [Firefox: 3 hits: 04-10 to 05-30] |
55e17adce4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:27:00 | Win2K-f | 189.36.163.44 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 13:30:00 | WinXP | 86.57.184.192 (PPPOE.MGTS.BY): REPUBLICAN UNITARY ENTERPRISE BELTELECOM, MINSK, MINSK, BY. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:58:00 | WinXP | 66.50.89.34 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:31:00 | WinXP | 210.79.163.187 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 31 | cc545e1c99 NEW |
97a4355156 [0] | none:none |
none|none | none | trace | |
| T:16:14:00 | WinXP | 85.210.74.170 (PIPEX.COM): ADSL DYNAMIC IP ADDRESS POOL, CHICHESTER, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:33:00 | WinXP | 41.210.199.173 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1311 hits: 12-31 to 06-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:29:00 | WinXP | 85.152.160.60 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | a92e3f8fc8 [Firefox:114 hits: 05-03 to 05-30] |
dfe02a1e52 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:17:54:00 | WinXP | 72.187.128.7 (RR.COM): ROAD RUNNER HOLDCO LLC, LAND O LAKES, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1311 hits: 12-31 to 06-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 17:59:00 | WinXP | 170.51.152.210 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | CN:hail2.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 18:18:00 | WinXP | 221.190.27.198 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 31 | a56ca31c9c NEW |
54161f9b6a [0] | none:none |
PEQuake| | none | trace | |
| T:18:41:00 | Win2K-f | 189.12.181.87 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 18:51:00 | WinXP | 124.163.87.21 (-): CNCGROUP SHAN1XI PROVINCE NETWORK, TAIYUAN, BEIJING, CN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:31:00 | WinXP | 66.38.55.235 (DUO-COUNTY.COM): BRANDENBURG TELEPHONE COMPANY, RUSSELL SPRINGS, KENTUCKY, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:438 hits: 05-02 to 06-01] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:06:00 | Win2K-f | 71.103.130.164 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DOWNEY, CALIFORNIA, US. (DSL) |
84.244.5.183:2345 66.29.25.194:80 | US:qtas.net SE:dzuc.net |
445 | pcap | raw alerts ruleset |
http irc 103 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 31 14 of 32 |
859e6786f0 [Firefox: 2 hits: 05-30 to 05-31] 8a20bd6e7b NEW |
859e6786f0 [1] none [4] |
ASM:Graph none:none |
StarForce| FSG| |
lines=95 none |
trace trace |
| 20:11:00 | WinXP | 83.25.98.212 (TPNET.PL): NEOSTRADA PLUS, GDANSK, POMORSKIE, PL. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:11:00 | WinXP | 83.25.98.212 (TPNET.PL): NEOSTRADA PLUS, GDANSK, POMORSKIE, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:14:00 | Win2K-f | 190.174.136.128 (-): . |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:20:23:00 | WinXP | 200.114.31.44 (INTERCABLE.NET.CO): TV CABLE PROMISION S.A, BUCARAMANGA, SANTANDER, CO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3018 hits: 12-31 to 06-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:11:00 | WinXP | 60.53.26.171 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, MALACCA, MELAKA, MY. (DIAL) |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| 21:12:00 | Win2K-f | 60.54.70.188 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:21:27:00 | WinXP | 66.51.184.46 (-): ILLINOIS RURAL TELECOMMUNICATION CO, WINCHESTER, ILLINOIS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:56:00 | Win2K-f | 78.57.191.127 (ZEBRA.LT): LIETUVOS, LT. |
n/a | CN:hail2.dns2go.com US:209.63.232.19:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:51 hits: 05-29 to 06-02] |
51c1525417 [0] | none:none |
Obsidium| | none | trace |
| T:22:12:00 | Win2K-f | 41.248.244.17 (IAM.NET.MA): AFRINIC, MA. |
84.244.6.253:2345 66.29.25.194:80 | US:www.blackirc.us SE:tap.tronko.net |
445 | pcap | raw alerts ruleset |
http irc 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 32 3 of 31 |
05ec072edf [Firefox: 4 hits: 05-30 to 06-01] 7287487211 [Firefox: 3 hits: 05-30 to 05-31] |
05ec072edf [1] 7287487211[1] |
ASM:Graph ASM:Graph |
StarForce| StarForce| |
lines=86 lines=86 |
trace trace |
| 22:15:00 | Win2K-f | 41.248.244.17 (IAM.NET.MA): AFRINIC, MA. |
84.244.6.253:2345 66.29.25.194:80 | US:www.blackirc.us SE:tap.tronko.net |
445 | pcap | raw alerts ruleset |
http irc 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 32 3 of 31 |
05ec072edf [Firefox: 4 hits: 05-30 to 06-01] 7287487211 [Firefox: 3 hits: 05-30 to 05-31] |
05ec072edf [1] 7287487211[1] |
ASM:Graph ASM:Graph |
StarForce| StarForce| |
lines=86 lines=86 |
trace trace |
| T:22:36:00 | WinXP | 208.105.159.136 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:57:00 | WinXP | 98.148.132.224 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:399 hits: 12-31 to 06-01] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace |