Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

13 June 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:17:00 Win2K-f 222.13.84.102 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:64.246.48.99:666 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
01:57:00 Win2K-f 94.102.6.146 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
02:11:00 Win2K-f 59.105.81.231 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
US:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
02:24:00 Win2K-f 212.59.11.78 (ZEBRA.LT):
LIETUVOS,
VILNIUS, VILNIAUS APSKRITIS, LT. (100Mbps) 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
05:22:00 Win2K-f 119.5.202.187 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		8 of 38 4f6b51ea3b
NEW 		none[3] none:none
 MEW| none trace
05:26:00 Win2K-f 190.220.110.238 (-):
. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
07:24:00 Win2K-f 85.27.139.5 (-):
NETWORK FOR CONNECTED CUSTOMERS,
DK. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
07:41:00 Win2K-f 201.73.73.45 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
12:57:00 Win2K-f 190.0.78.128 (ASTER.COM.DO):
ASTER,
SANTO DOMINGO, DISTRITO NACIONAL, DO. 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
14:10:00 Win2K-f 190.197.138.108 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
14:31:00 Win2K-f 190.84.189.151 (CABLE.NET.CO):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
16:21:00 Win2K-f 190.55.208.155 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
18:00:00 Win2K-f 190.26.209.13 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:64.246.48.99:666
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
19:35:00 Win2K-f 94.102.14.192 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
19:51:00 Win2K-f 200.49.19.152 (BSR1000.PAPNET.CL):
PLUG AND PLAY NET S.A,
CL. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 bd35d4d98f
NEW 		none[3] none:none
 Armadillo| none trace
20:15:00 Win2K-f 89.19.15.106 (CIZGIBILGISAYAR.COM):
CIZGI BILGISAYAR SISTEMLERI SAN. TIC. LTD. STI,
TR. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
21:18:00 Win2K-f 122.121.157.233 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
23:16:00 Win2K-f 59.104.61.93 (SEED.NET.TW):
DIGITAL UNITED I,
TAINAN, KAO-HSIUNG, TW. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 223d8089f8
NEW 		none[3] none:none
 StarForce| none trace