Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

31 July 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:15:00 WinXP 60.249.37.106 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:00:45:00 WinXP 114.43.194.80 (-):
. n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:00:48:00 Win2K-f 88.156.45.81 (VECTRANET.PL):
VECTRA S.A,
OLSZTYN, WARMINSKO-MAZURSKIE, PL. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:00:51:00 Win2K-f 78.54.185.206 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 40 of 41 5ba3d03fb4
NEW 28efd36ea0 [0] none:none
none|none none trace

T:00:54:00 WinXP 91.67.41.248 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 38 of 41 380fb4a6c3
NEW dbb35f3393 [0] none:none
none|none none trace

T:00:56:00 WinXP 213.39.191.100 (HANSENET.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 38 of 41 ab0aea9e20
NEW 67b22a134e [0] none:none
none|none none trace

T:00:59:00 WinXP 24.100.19.1 (-):
. n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 38 of 41 8906c0b009
NEW 5c7db646fe [0] none:none
none|none none trace

T:01:15:00 Win2K-f 114.41.238.114 (-):
. n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

01:18:00 Win2K-f 202.51.195.165 (INFOASIAMEDIA.COM):
PT. SEJAHTERA GLOBALINDO,
ID. n/a US:www.maxmind.com
US:www.getmyip.org
US:getmyip.co.uk
:checkip.dyndns.org
ID:202.51.195.165:2825
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:01:23:00 Win2K-f 220.136.49.101 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:24:00 WinXP 116.125.31.180 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:218.93.205.24:65520
CN:221.5.74.39:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 4 of 41
29 of 32 372b880eb1
NEW
8a75955033
NEW 164314a8cc [0]
2bf3e548b9[0] none:none
ASM:Graph
Armadillo|
tElock| none
lines=126
embedded dns trace
trace

T:01:37:00 Win2K-f 78.8.40.249 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:42:00 Win2K-f 220.139.147.189 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

01:45:00 Win2K-f 219.84.60.228 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
US:getmyip.co.uk
:checkip.dyndns.org
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:47:00 WinXP 95.90.214.133 (-):
. n/a US:f.unicat.org
US:66.252.13.214:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
NEW none[0] none:none
ASProtect| lines=585
embedded dns trace

T:01:55:00 Win2K-f 219.84.60.228 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
US:getmyip.co.uk
US:checkip.dyndns.org
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:56:00 WinXP 125.230.155.2 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:08:00 WinXP 87.233.6.211 (SPIFFY.NL):
RANGE ASSIGNED TO XS NETWORKS BV,
NL. (100Mbps) 66.252.13.214:9890 US:f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
NEW none[0] none:none
ASProtect| lines=585
embedded dns trace

T:02:13:00 Win2K-f 196.205.110.68 (IASREO.COM):
LINK EGYPT,
CAIRO, AL QAHIRAH, EG. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:17:00 Win2K-f 91.67.223.241 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 38 of 41 145269ffd8
NEW 2f43eac0d3 [0] none:none
none|none none trace

02:29:00 WinXP 78.159.80.98 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 38 of 41 4ce3b4e76c
NEW 24892d9819 [0] none:none
FSG| none trace

T:02:37:00 Win2K-f 77.20.60.61 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:52:00 Win2K-f 189.33.92.248 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 66.252.13.214:9890 US:f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
NEW none[0] none:none
ASProtect| lines=585
embedded dns trace

T:03:13:00 Win2K-f 98.14.158.168 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:23:00 Win2K-f 110.11.220.177 (-):
. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:brenz.pl
CN:lometr.pl
RU:www.tontaspstonic.com
DK:pricers.info
:onuka.cn
DK:frankti.biz
CN:221.5.74.39:65520
US:69.162.108.98:80
US:69.162.65.170:80
US:74.53.240.82:80 135 pcap raw alerts
ruleset irc
http
625 lines Yeah : 1.8
profile none summary
tarball 19 of 41
26 of 41
12 of 40
29 of 32
28 of 32
14 of 41
7 of 41
0 of 36
0 of 36
25 of 41 176f4e0237
NEW
25ffad6dae
NEW
852eec7620
NEW
8a75955033
NEW
9276c8b36b
NEW
a036b3aec2
NEW
c85632dd43
NEW
cc2f861b1c
NEW
d9ac68f184
NEW
e66e21cf3e
NEW 971b66b4c6 [0]
f7dee51c7c[0]
af9f5e5446[0]
2bf3e548b9[0]
none [0]
none [4]
cc04264c03[0]
cc2f861b1c[1]
none [3]
c71932d83a[0] none:none
none:none
none:none
ASM:Graph
ASM:Graph
none:none
none:none
ASM:Graph
none:none
none:none
none|none
FSG|
none|none
tElock|
Armadillo|
none|none
FASM|
Armadillo|
none|none
FASM| none
none
none
lines=126
embedded dns
lines=81
none
none
lines=211
none
none trace
trace
trace
trace
trace
trace
trace
trace
trace
trace

T:04:34:00 Win2K-f 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

04:43:00 Win2K-f 114.41.238.114 (-):
. n/a US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:06:44:00 Win2K-f 123.111.125.198 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 218.93.205.24:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl
CN:brenz.pl 135 pcap raw alerts
ruleset irc
http
153 lines Yeah : 1.8
profile none summary
tarball 38 of 40
38 of 40 66863cfb13
NEW
e8dfca0741
NEW fca240f318 [0]
20dfd2147c[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

06:44:00 Win2K-f 201.231.160.170 (SRC.ORG):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
US:getmyip.co.uk
EU:checkip.dyndns.org
DE:131.220.6.26:80
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:06:45:00 WinXP 125.58.97.73 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:47:00 WinXP 114.207.40.33 (-):
. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:put.ghura.pl
IL:xt67ur.wwlax.com
CN:brenz.pl
IL:bugreport.waverevenue.com
IL:tidwhmep.s4upd.com
IL:rec.bestrevenue.net
US:b152.bundlext.com
CN:211.95.79.6:80 135 pcap raw alerts
ruleset irc
http
137 lines Yeah : 1.8
profile none summary
tarball 7 of 41
30 of 33
28 of 33
28 of 41
13 of 41
19 of 41 18dfbbc85b
NEW
533d15b5ce
NEW
58c343a8d8
NEW
6648e7022b
NEW
9857a367e2
NEW
cd88b89d5e
NEW 4f6fcecea3 [0]
c67adf46e2[0]
none [0]
0ad0f97bcc[0]
8d4e5ce4de[0]
150e365b1e[0] none:none
ASM:Graph
none:none
none:none
none:none
none:none
UPX|
tElock|
Armadillo|
UPX|
ASProtect|
UPX| none
lines=126
embedded dns
lines=91
none
none
none trace
trace
trace
trace
trace
trace

T:07:51:00 WinXP 115.165.81.201 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:08:10:00 Win2K-f 218.210.85.174 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:08:32:00 WinXP 216.176.88.7 (CONSOLIDATED.NET):
CONSOLIDATED COMMUNICATIONS INC,
BEECHER CITY, ILLINOIS, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:08:43:00 Win2K-f 210.79.180.35 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
93 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
NEW
79c01ec060
NEW none[0]
1bfd34056c[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=64
embedded dns trace
trace

T:09:13:00 Win2K-f 208.103.158.38 (CORETEL.NET):
CORETEL AMERICA INC,
ANNAPOLIS, MARYLAND, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
105 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:21:00 Win2K-f 74.214.179.74 (SPEAKEASY.NET):
TEXAS, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:36:00 WinXP 76.8.230.228 (TELAPEX.COM):
TELEPAK NETWORKS INC,
JACKSON, MISSISSIPPI, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:17:00 WinXP 24.64.205.47 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 40 of 41
13 of 41 3ddfc7d4ba
NEW
d6d77f2c4c
NEW 4545ccdc62 [0]
none [3] none:none
none:none
StarForce|
StarForce| none
none trace
trace

T:10:58:00 Win2K-f 66.53.121.131 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SACRAMENTO, CALIFORNIA, US. n/a 135 pcap raw alerts
ruleset other
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:36:00 Win2K-f 71.111.235.129 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1000 lines Yeah : 1.3
profile none summary
tarball 7 of 41 e93110b1ff
NEW none[3] none:none
none|none none trace

11:52:00 WinXP 69.85.115.201 (SPEAKEASY.NET):
US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:26:00 WinXP 79.163.117.217 (-):
IDEA,
PL. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 119ec42aa0
NEW fd3c61c261 [0] none:none
PolyEnE| none trace

T:12:57:00 Win2K-f 4.177.223.116 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:04:00 WinXP 66.97.109.63 (ISTHMUSGROUP.NET):
SPIRALIGHT NETWORK LLC,
MILWAUKEE, WISCONSIN, US. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 40 74b3d149e8
NEW cef0fa2981 [0] none:none
PolyEnE| none trace

T:13:10:00 WinXP 118.15.180.54 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
26 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

T:13:12:00 WinXP 70.64.215.181 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. 61.120.62.28:3305 GB:cx10man.weedns.com
JP:fx010413.whyI.org 135 pcap raw alerts
ruleset irc
615 lines Yeah : 1.8
profile none summary
tarball 39 of 41 1a80f07e35
NEW 48147ac266 [0] none:none
StarForce| none trace

13:27:00 WinXP 66.97.109.63 (ISTHMUSGROUP.NET):
SPIRALIGHT NETWORK LLC,
MILWAUKEE, WISCONSIN, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 74b3d149e8
NEW cef0fa2981 [0] none:none
PolyEnE| none trace

T:14:23:00 Win2K-f 208.105.110.232 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:40:00 WinXP 4.240.117.28 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ALBUQUERQUE, NEW MEXICO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:30:00 WinXP 84.47.203.64 (-):
PARSCYBERIAN CONSULTANTS,
AE. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:vit.ln.ua
RU:www.bbin.ru
:wpad
RU:195.200.213.54:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 0 of 41
0 of 41
39 of 41 35673382d9
NEW
38699582a6
NEW
9654ee8d3b
NEW none[4]
none [4]
a746fc417d[0] none:none
none:none
none:none
none|none
none|none
ASPack| none
none
none trace
trace
trace

T:17:15:00 WinXP 4.163.252.115 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOVELAND, COLORADO, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:17:20:00 WinXP 71.113.164.67 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BLOOMINGTON, ILLINOIS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:07:00 Win2K-f 76.208.161.1 (SBCGLOBAL.NET):
PPPOX POOL - BRAS5 LSANCA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:25:00 WinXP 98.30.118.30 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:42:00 Win2K-f 71.102.163.135 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 39
35 of 39 4cbbc9cdc3
NEW
86d4950962
NEW 9b1bced683 [0]
c78e30261c[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:19:04:00 Win2K-f 96.8.242.42 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:19:17:00 Win2K-f 68.146.8.234 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 61.120.62.28:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
695 lines Yeah : 1.8
profile none summary
tarball 28 of 41 b8076e37ae
NEW 52953fed05 [0] none:none
StarForce| none trace

T:19:43:00 WinXP 67.246.220.245 (-):
. n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:19:51:00 WinXP 123.195.200.84 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] none:none
PolyEnE| none trace

T:21:29:00 WinXP 114.148.32.248 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:22:11:00 WinXP 4.191.68.215 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SALEM, OREGON, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
37 of 41 5c39773b13
NEW
a1acc403a2
NEW c64405f2e9 [0]
54ef26c2f9[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:22:22:00 Win2K-f 216.79.245.237 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
NEW ORLEANS, LOUISIANA, US. n/a 135 pcap raw alerts
ruleset other
149 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
NEW none[0] none:none
Armadillo| lines=90 trace

T:22:31:00 WinXP 75.60.184.137 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:02:00 Win2K-f 71.102.154.67 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:14:00 Win2K-f 194.126.184.119 (XCLUSIV.RO):
SC EXCLUSIV NETWORK SRL,
RO. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:45:00 Win2K-f 172.191.10.102 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none