|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:10:00 | Win2K-f | 4.161.192.252 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HUDSON, COLORADO, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 171 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:00:43:00 | WinXP | 79.163.200.130 (-): IDEA, PL. |
114.80.101.21:65520 69.64.67.194:80 | CN:proxim.ircgalaxy.pl CN:brenz.pl CN:lometr.pl :onuka.cn US:signup.live.com 208.115.112.138:3954 US:65.55.16.123:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc http 57 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 7 of 40 24 of 40 19 of 40 |
7bc8d57d8c NEW a6afa659ba NEW f1bb8174e3 NEW f37b5a8f0c NEW |
be025ab204 [0] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
trace none none none |
| T:00:55:00 | WinXP | 71.113.74.61 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:39:00 | Win2K-f | 99.164.39.208 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:48:00 | WinXP | 99.33.233.90 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| 02:05:00 | Win2K-f | 140.113.21.143 (NTU.EDU.TW): TAIWAN ACADEMIC NETWORK, TAIPEI, T'AI-PEI, TW. |
n/a | US:www.maxmind.com US:www.getmyip.org US:checkip.dyndns.org :getmyip.co.uk US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:02:53:00 | WinXP | 24.76.58.136 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BRITISH COLUMBIA, CA. (DSL) |
n/a | CN:teek.ihshsd8.com :iliridas.com |
135 | pcap | raw alerts ruleset |
irc http 592 lines |
Yeah : 1.3 profile |
none | summary tarball |
7 of 39 38 of 40 |
0616ff8c4f NEW fcab6c9d17 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:15:00 | Win2K-f | 217.112.24.195 (-): NETWORK FOR GRANDSOFTCITY, MOSCOW, MOSKVA, RU. |
n/a | US:www.maxmind.com US:www.getmyip.org EU:checkip.dyndns.org :getmyip.co.uk US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 03:22:00 | Win2K-f | 122.116.26.150 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:www.maxmind.com :getmyip.co.uk :checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:03:24:00 | Win2K-f | 217.112.24.195 (-): NETWORK FOR GRANDSOFTCITY, MOSCOW, MOSKVA, RU. |
n/a | US:www.maxmind.com :checkip.dyndns.org US:www.getmyip.org :getmyip.co.uk 208.78.68.70:80 US:64.246.48.99:666 US:67.15.94.80:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:03:31:00 | Win2K-f | 122.116.26.150 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:www.maxmind.com :getmyip.co.uk US:checkip.dyndns.org US:64.246.48.99:666 US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 04:21:00 | Win2K-f | 190.14.237.247 (-): . |
n/a | US:www.maxmind.com :getmyip.co.uk EU:checkip.dyndns.org US:www.getmyip.org US:67.15.94.80:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:04:33:00 | WinXP | 79.163.203.154 (-): IDEA, PL. |
121.12.116.142:65520 | CN:proxim.ircgalaxy.pl CN:goasi.cn CN:cock.8866.org DE:dl2.guarddog2009.com :www.google.com CN:lometr.pl CN:brenz.pl :upr15may.com 114.80.101.21:65520 CN:210.51.51.150:88 CN:211.95.79.6:80 74.125.19.99:80 92.38.0.69:80 |
445 | pcap | raw alerts ruleset |
shell ftp irc http http http 55 lines |
Yeah : 1.8 profile |
none | summary tarball |
36 of 39 7 of 40 7 of 40 28 of 40 19 of 40 |
13de1511d8 NEW abf828b2d5 NEW b45dafd9d4 NEW ca511203c8 NEW f37b5a8f0c NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:04:58:00 | WinXP | 93.146.104.93 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 NEW |
none[0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:05:37:00 | Win2K-f | 58.236.190.114 (-): THRUNET-INFRA-INCHEON10, SEOUL, KYONGGI-DO, KR. |
121.12.116.142:65520 | CN:proxima.ircgalaxy.pl US:microsoft.com CN:goasi.cn CN:211.95.79.6:80 |
135 | pcap | raw alerts ruleset |
irc 100 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 38 of 40 |
6a4845ca11 NEW ffafd341d9 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:04:00 | WinXP | 221.127.25.147 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
121.12.116.142:65520 | :upr15may.com RO:evidek.ro CN:goasi.cn CN:cock.8866.org DE:dl2.guarddog2009.com CN:myppc.8866.org CN:converter.8866.org CN:ji-u.cn EU:193.33.187.240:3954 206.212.243.122:3954 US:66.96.224.85:3954 |
445 | pcap | raw alerts ruleset |
http http http shell irc http http 207 lines |
Yeah : 1.3 profile |
none | summary tarball |
9 of 39 17 of 40 7 of 40 18 of 40 26 of 40 28 of 40 19 of 40 |
389ae4d70c NEW b1f9fdb760 NEW b45dafd9d4 NEW be90cab8c9 NEW c5de315e29 NEW ca511203c8 NEW f37b5a8f0c NEW |
none[none] none [none] none [none] 92805da31b[0] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none MEW| none|none none|none none|none |
none none none none none none none |
none none none trace none none none |
| T:06:11:00 | WinXP | 78.168.182.46 (TTNET.NET.TR): TELEKOM, TR. |
121.12.116.142:65520 | CN:goasi.cn CN:lometr.pl CN:brenz.pl CN:cock.8866.org :onuka.cn CN:myppc.8866.org CN:converter.8866.org CN:ji-u.cn :xz.ub9.net CN:6oxy.com CN:vcy2.com :pk.ub9.net :s1.xiaopohai.com :www.google.com :upr15may.com RO:evidek.ro CN:proxim.ircgalaxy.pl CN:ask.ipk8888.cn CN:221.12.89.137:80 |
445 | pcap | raw alerts ruleset |
irc http http http 43 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 40 9 of 39 7 of 40 7 of 40 18 of 40 26 of 40 10 of 40 24 of 40 19 of 40 |
0e850a894e NEW 389ae4d70c NEW abf828b2d5 NEW b45dafd9d4 NEW be90cab8c9 NEW c5de315e29 NEW e0d9f6d426 NEW f1bb8174e3 NEW f37b5a8f0c NEW |
none[none] none [none] none [none] none [none] 92805da31b[0] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none MEW| none|none none|none none|none none|none |
none none none none none none none none none |
none none none none trace none none none none |
| 06:23:00 | Win2K-f | 81.28.116.189 (NS2.SAMA.JO): INTERNET USERS (DSL DIALUP), JO. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org :getmyip.co.uk US:www.getmyip.org US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:06:40:00 | WinXP | 89.111.226.243 (TEOL.NET): TELEKOMSRPSKE, BA. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | f54691063f NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:00:00 | Win2K-f | 69.12.235.190 (BEIGECOUGAR.COM): SONIC.NET INC, TRACY, CALIFORNIA, US. |
61.120.62.28:3305 | GB:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 573 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 40 | 70ec5c4b3f NEW |
none[none] | none:none |
none|none | none | none |
| T:07:55:00 | Win2K-f | 130.13.147.91 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| T:08:28:00 | WinXP | 75.119.5.64 (LDMI.COM): TALK AMERICA, DETROIT, MICHIGAN, US. |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb NEW |
473c6454ce [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:07:00 | Win2K-f | 173.45.77.245 (-): . |
n/a | US:www.maxmind.com US:www.getmyip.org :getmyip.co.uk :checkip.dyndns.org US:67.15.94.80:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:09:52:00 | WinXP | 88.130.165.124 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DORTMUND, NORDRHEIN-WESTFALEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:09:55:00 | Win2K-f | 96.50.136.204 (-): . |
203.146.251.62:3305 | JP:cx10man.weedns.com JP:fx010413.whyI.org TH:gynoman.weedns.com PL:g.0x20.biz :telephone.dd.blueline.be :phonewire.dd.blueline.be :phonelogin.dd.blueline.be TH:ufospace.etowns.net JP:61.120.62.28:3305 |
135 | pcap | raw alerts ruleset |
irc 607 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 39 | 9d37cbc40a NEW |
none[none] | none:none |
none|none | none | none |
| T:09:59:00 | WinXP | 203.118.245.130 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 164 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 39 37 of 40 |
3dec4723ce NEW 4356ddf196 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:03:00 | Win2K-f | 24.227.62.42 (RR.COM): ROAD RUNNER HOLDCO LLC, CASSELBERRY, FLORIDA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:10:35:00 | WinXP | 117.96.160.90 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:42:00 | WinXP | 4.154.37.242 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NORTH CAROLINA, US. (DIAL) |
82.98.86.170:80 | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http http 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a12cab51ef NEW |
none[0] | none:none |
ASPack| | lines=281 embedded dns |
trace |
| T:11:04:00 | Win2K-f | 130.13.210.117 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| 11:19:00 | Win2K-f | 190.3.101.111 (TECHTELNET.NET): TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A, AR. |
n/a | US:www.maxmind.com US:checkip.dyndns.org US:www.getmyip.org US:64.246.48.99:666 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| 11:21:00 | Win2K-f | 173.45.83.54 (-): . |
n/a | US:www.maxmind.com :getmyip.co.uk US:www.getmyip.org EU:checkip.dyndns.org 208.78.69.70:80 US:67.15.94.80:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:11:23:00 | Win2K-f | 130.13.2.69 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| 11:36:00 | Win2K-f | 89.204.36.234 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | US:www.maxmind.com :getmyip.co.uk US:www.getmyip.org :checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:12:00:00 | WinXP | 12.75.78.120 (ATT.NET): AT&T WORLDNET SERVICES, ST. LOUIS, MISSOURI, US. (DIAL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:12:17:00 | Win2K-f | 96.13.205.247 (-): . |
n/a | US:qtas.net CZ:t32.marund.net US:64.38.1.235:80 |
445 | pcap | raw alerts ruleset |
http irc 53 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 40 | 5a915db549 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:26:00 | WinXP | 130.13.17.48 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| T:12:32:00 | Win2K-f | 130.13.17.119 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| 12:41:00 | Win2K-f | 203.113.164.42 (ADSL.VIETTEL.VN): VIETEL CORPORATION, VN. |
n/a | US:www.maxmind.com US:www.getmyip.org :getmyip.co.uk :checkip.dyndns.org US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
5 of 37 | 741c93f3c1 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:13:49:00 | Win2K-f | 76.215.109.48 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 39 37 of 40 |
265a4ee61b NEW 4e5c8605d3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:08:00 | WinXP | 79.163.149.211 (-): IDEA, PL. |
n/a | CN:proxim.ircgalaxy.pl RU:citi-bank.ru CN:121.12.116.142:65520 RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd NEW |
c2d5ac2315 [0] | ASM:Graph |
PolyEnE| | lines=73 embedded dns |
trace |
| T:14:24:00 | Win2K-f | 130.13.153.160 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| 14:37:00 | Win2K-f | 206.116.62.112 (TELUS.NET): TELUS COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. |
n/a | US:www.maxmind.com US:checkip.dyndns.org :getmyip.co.uk US:www.getmyip.org US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:14:38:00 | Win2K-f | 207.5.209.117 (GWI.NET): GREAT WORKS INTERNET, ROCHESTER, NEW HAMPSHIRE, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 15:09:00 | Win2K-f | 190.14.235.18 (-): . |
n/a | US:www.maxmind.com :getmyip.co.uk EU:checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:15:18:00 | Win2K-f | 190.14.235.18 (-): . |
n/a | US:www.maxmind.com :checkip.dyndns.org US:64.246.48.99:666 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:15:55:00 | WinXP | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:16:50:00 | WinXP | 118.8.43.144 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:54:00 | Win2K-f | 115.81.54.181 (-): . |
n/a | US:www.maxmind.com :checkip.dyndns.org :getmyip.co.uk US:www.getmyip.org US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
7 of 37 | 7587773eea NEW |
none[3] | none:none |
StarForce| | none | trace |
| T:17:29:00 | Win2K-f | 130.13.26.162 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| T:17:55:00 | WinXP | 189.24.85.140 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:16:00 | WinXP | 210.182.22.250 (-): SAEWON4007543D, PUSAN, PUSAN-GWANGYOKSI, KR. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 40 37 of 40 |
5ae3dc41cb NEW 7f54047a31 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:22:00 | Win2K-f | 72.227.93.166 (RR.COM): ROAD RUNNER HOLDCO LLC, SOUTH PORTLAND, MAINE, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:50:00 | WinXP | 130.13.32.93 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 40 | 59830c1a23 NEW |
none[3] | none:none |
PeCompact| | none | trace | |
| T:19:14:00 | WinXP | 189.99.94.112 (-): . |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 NEW |
none[0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 19:25:00 | Win2K-f | 190.197.160.215 (-): . |
n/a | US:www.maxmind.com :getmyip.co.uk US:checkip.dyndns.org US:www.getmyip.org US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | 917c085aca NEW |
none[3] | none:none |
Armadillo| | none | trace |
| T:19:28:00 | Win2K-f | 70.71.226.84 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 39 | ce28648035 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:29:00 | Win2K-f | 200.71.101.177 (TELESAT.COM.CO): COLDECON, CALI, VALLE DEL CAUCA, CO. |
n/a | US:www.maxmind.com :getmyip.co.uk US:www.getmyip.org EU:checkip.dyndns.org 208.78.69.70:80 US:67.15.94.80:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 19:48:00 | Win2K-f | 189.147.45.26 (PROD-INFINITUM.COM.MX): UNINET S.A. DE C.V, ZIHUATANEJO, GUERRERO, MX. (DSL) |
n/a | US:www.maxmind.com :getmyip.co.uk US:www.getmyip.org :checkip.dyndns.org 208.78.68.70:80 US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:19:55:00 | Win2K-f | 99.172.15.100 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 NEW 53bfe15e91 NEW |
4ca3056804 [1] 1473091351[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=81 lines=75 embedded dns |
trace trace |
| T:19:58:00 | Win2K-f | 4.255.50.143 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VANCOUVER, WASHINGTON, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 945 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 40 | 15f31f84db NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:08:00 | WinXP | 200.164.249.217 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 | 91b00ba67b NEW |
none[none] | none:none |
none|none | none | none |
| T:20:10:00 | Win2K-f | 4.141.71.3 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITEHALL, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 40 37 of 40 |
16b4707df9 NEW b8607fc9ba NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:21:00 | Win2K-f | 218.234.181.228 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
114.80.101.21:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:goasi.cn CN:lometr.pl CN:cock.8866.org CN:brenz.pl :onuka.cn CN:myppc.8866.org CN:converter.8866.org DE:dl2.guarddog2009.com CN:ji-u.cn :bfkq.com :xz.ub9.net CN:6oxy.com CN:vcy2.com :pk.ub9.net :s1.xiaopohai.com US:jsactivity.com US:mississippihousesales.com CN:ask.ipk8888.cn 74.54.201.210:8392 |
135 | pcap | raw alerts ruleset |
irc http 300 lines |
Yeah : 1.8 profile |
none | summary tarball |
11 of 39 9 of 39 29 of 32 28 of 32 7 of 40 17 of 40 7 of 40 1 of 40 28 of 40 10 of 40 24 of 40 19 of 40 |
31a7f4355c NEW 389ae4d70c NEW 8a75955033 NEW 9276c8b36b NEW abf828b2d5 NEW b1f9fdb760 NEW b45dafd9d4 NEW b8819946fd NEW ca511203c8 NEW e0d9f6d426 NEW f1bb8174e3 NEW f37b5a8f0c NEW |
none[none] none [none] none [4] 9276c8b36b[1] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none ASM:Graph none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none tElock| Armadillo| none|none none|none none|none none|none none|none none|none none|none none|none |
none none none lines=81 none none none none none none none none |
none none trace trace none none none none none none none none |
| 21:25:00 | Win2K-f | 124.8.129.197 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:www.maxmind.com US:www.getmyip.org :checkip.dyndns.org :getmyip.co.uk US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 23:57:00 | Win2K-f | 74.222.2.229 (VRTSERVERS.NET): VRTSERVERS INC, LOS ANGELES, CALIFORNIA, US. |
n/a | US:www.maxmind.com :getmyip.co.uk US:www.getmyip.org US:checkip.dyndns.org US:67.15.94.80:80 US:75.126.138.202:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |