Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

14 August 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:37:00 WinXP 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

02:01:00 Win2K-f 89.178.109.162 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. n/a NL:www.ask.com
:lkfrxwsvqu.biz
:bkvsg.com
NL:eiywzjxihuw.org
:hcfggrcdrt.com
US:srdzggpl.info
:nemcylxmsc.net
US:wtxgjhbxn.info
:fhsqkifxahv.com
:zdkve.org
:avabq.net
:vasipxyyqp.com
:xjwdeyu.net
:tlulznvtq.biz
:giqbghyd.net
US:qdqgeizh.info
:uteyj.biz
:lkdcw.com
:mloupgxrxdb.info
:ynramvvg.net
US:quclms.info
:fvwnmx.com
:ekwluyyyj.com
US:ytbjiirn.org
US:ishilawf.info
:putpi.biz
:dvaympzfuzv.com
:ymcbrqealz.com
US:vdidrgklmec.info
:wtfzlrrqiog.net
US:jxnlazczq.org
US:204.152.184.92:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:02:12:00 WinXP 99.164.23.178 (-):
. n/a 135 pcap raw alerts
ruleset other
402 lines Yeah : 1.3
profile none summary
tarball 11 of 36 c4c5a56ffe
NEW 8bef2f9170 [0] none:none
StarForce| none trace

T:02:13:00 Win2K-f 96.8.219.143 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:28:00 Win2K-f 124.241.172.79 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 61.120.62.28:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
579 lines Yeah : 1.8
profile none summary
tarball 28 of 41 1bb4b25c0e
NEW 9293a2c3db [0] none:none
StarForce| none trace

T:03:18:00 WinXP 89.242.214.125 (-):
OPAL TELECOM DSL,
UK. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
NEW none[0] ASM:Graph
PolyEnE| lines=54 trace

04:52:00 Win2K-f 218.170.140.160 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
US:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:58:00 Win2K-f 60.249.37.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

05:06:00 Win2K-f 60.162.57.13 (CNDATA.COM):
CHINANET-ZJ TAIZHOU NODE NETWORK,
CN. n/a CN:www.baidu.com
US:tkqgsyhe.org
:evcilciz.biz
:qewvm.com
US:dytekkzc.info
:hzcpyiwdp.com
:xtndb.biz
:nbeis.biz
:sceztdsuxae.com
US:eavutoxq.info
:eqtoch.com
NL:bwfsomjwzh.org
US:btjxayq.info
US:qhhsulpis.info
:qppdmuazbvz.org
:pnsrqjukan.biz
US:kujjz.org
:pmyuugsy.org
NL:znpfxamu.org
:oqnodjevrv.net
US:wtxgjhbxn.info
US:iusmgqm.org
:zglkiwwiz.biz
US:gnilbecb.org
:hsned.biz
US:ujihadz.info
:tvkjjappom.biz
:aonopgky.biz
:wjohpxqsj.info
:avabq.net
NL:ghqvs.org
:ymcbrqealz.com
:ptmibterqv.com
:ssytjtr.com
:dvaympzfuzv.com
:qjlsawjwtz.com
:jxnlazczq.org
:xdrhqlk.com
US:uzrtkdvkint.org
:nemcylxmsc.net
:gwroiarhcbd.info
NL:ttwsctvge.org
:ggofyawj.com
US:aivfleuq.org
:xvkesyttj.com
:qfndkd.com
:oikcxainhlu.com
US:quclms.info
:oejekvaz.net
:uggjeanjc.net
:sxqteay.com
US:204.152.184.92:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
5 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:05:12:00 WinXP 118.87.19.36 (-):
. 61.120.62.28:3305 NL:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
603 lines Yeah : 1.8
profile none summary
tarball 36 of 39 f5114d3371
NEW 330af0d74b [0] none:none
StarForce| none trace

T:05:16:00 Win2K-f 24.80.42.5 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 36 of 41
38 of 41 34cbe7a593
NEW
3e83a2d4d7
NEW d38cb78003 [0]
b97fd63d29[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:05:23:00 WinXP 75.82.152.13 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:05:31:00 WinXP 207.144.103.24 (CSTEL.NET):
COM-SOUTH,
MYRTLE BEACH, SOUTH CAROLINA, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 119ec42aa0
NEW fd3c61c261 [0] none:none
PolyEnE| none trace

06:03:00 Win2K-f 130.13.37.3 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a US:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:204.152.184.92:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
3 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:06:19:00 WinXP 91.66.213.250 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:07:56:00 WinXP 208.103.158.220 (CORETEL.NET):
CORETEL AMERICA INC,
ANNAPOLIS, MARYLAND, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:01:00 Win2K-f 173.19.82.144 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
38 of 41 2d5fe9850a
NEW
63b64adf8b
NEW 2233a191b2 [0]
b4e67ccf8a[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:08:44:00 WinXP 70.183.161.253 (COX.NET):
COX COMMUNICATIONS,
WOONSOCKET, RHODE ISLAND, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
89 lines Yeah : 1.3
profile none summary
tarball 38 of 41
33 of 33 36d16c0a7b
NEW
53bfe15e91
NEW 5438f81d23 [0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| none
lines=75
embedded dns trace
trace

T:09:21:00 WinXP 70.251.151.13 (SWBELL.NET):
PPPOX POOL - BRAS17 RCSNTX,
FT. WORTH, TEXAS, US. (DIAL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:35:00 WinXP 211.201.195.183 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 221.5.74.39:65520 :proxima.ircgalaxy.pl
US:microsoft.com
CN:dretis.cn
CN:kritq.cn
:onuka.cn
:put.ghura.pl
IL:xt67ur.wwlax.com
119.82.77.217:3128
119.95.119.81:3128
119.99.129.81:3128
KR:121.134.105.153:3128
124.153.169.119:3128
KR:125.182.169.199:3128
189.102.245.46:3128
190.153.3.157:3128
BR:201.29.244.222:3128
CA:204.112.150.218:3128
CN:222.133.211.152:3128
KR:58.180.19.36:3128
MY:60.51.30.252:3128
US:68.56.236.173:3128 135 pcap raw alerts
ruleset irc
http
166 lines Yeah : 1.8
profile none summary
tarball 33 of 35
26 of 41
7 of 41
28 of 41
24 of 40
36 of 41 09d6505627
NEW
4a4f3a228a
NEW
5354e986cd
NEW
6648e7022b
NEW
b5a49fc00d
NEW
cd4818c3e5
NEW 5c860f7b2f [0]
c4a8e6eee5[0]
55eb7e6494[0]
0ad0f97bcc[0]
1fa7b0ae52[0]
669739c02a[0] none:none
none:none
none:none
none:none
none:none
none:none
tElock|
Armadillo|
PENinja|
UPX|
Armadillo|
Armadillo| none
none
none
none
none
none trace
trace
trace
trace
trace
trace

09:38:00 Win2K-f 70.105.9.188 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
RICHMOND, VIRGINIA, US. n/a NL:www.ask.com
:oejekvaz.net
NL:bwfsomjwzh.org
US:gnilbecb.org
:uanzaimh.biz
US:jiddfuubfsp.org
:xlqbk.biz
:dsbyb.com
:xjnawofpuis.net
:htvramp.net
US:ozrewdvro.info
:ddcpjyfonh.net
NL:aivfleuq.org
:jbwxzw.biz
:hjnbxirj.net
:ddssoetg.biz
:javieru.com
:qewvm.com
:bkvsg.com
:nakhzddt.biz
:fvwnmx.com
US:hqeftrpbpu.info
US:knmmmkogy.info
:khxxlxuead.net
:dknzcglecrj.biz
:xywkvux.biz
:pqboada.net
US:rscgp.info
:scbuffar.com
US:ohlotadscq.org
:btjxayq.info
:giqbghyd.net
:fhsqkifxahv.com
NL:quclms.info
:xkginnjyci.biz
US:shpahylnbkv.org
:hadedg.biz
:gwroiarhcbd.info
:eqtoch.com
:kcurxsvm.biz
US:doitwf.org
:ggofyawj.com
US:qhhsulpis.info
:yibgxas.com
:qgzjfnz.com
:pkbcbbyjec.net
:nyrgwciz.net
US:qjflmtamf.info
US:bbrrjnvj.info
:oqnodjevrv.net
:vsmxizsmdz.org
:sfxfokp.com
:tlulznvtq.biz
:rxnlcj.com
:dvaympzfuzv.com
:gcxlgdflx.biz
US:tfnru.org
:hsned.biz
:rqforsmow.biz
:tkqgsyhe.org
:aurmw.net
NL:srdzggpl.info
:oaqgvs.com
:uajrfu.net
US:kujjz.org
:nyyxypd.biz
US:vnjzypwrp.info
:kzgmrqwy.net
US:zzrqsjuueb.org
:dakjaf.biz
US:zdvkext.info
US:204.152.184.92:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
3 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:09:42:00 WinXP 74.138.53.123 (INSIGHTBB.COM):
INSIGHT COMMUNICATIONS COMPANY L.P,
LOUISVILLE, KENTUCKY, US. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 eda3b7766c
NEW 7556343561 [0] none:none
PolyEnE| none trace

T:09:54:00 WinXP 12.64.54.254 (PRSERV.NET):
AT&T GLOBAL SERVICES,
CHICAGO, ILLINOIS, US. n/a US:www.yahoo.com
US:www.altavista.com
:jbeegvia.ru 135 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none[3] none:none
tElock| none trace

T:11:15:00 WinXP 82.200.255.143 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM AKTOBE AFFILIATE,
KZ. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 0393e25f86
NEW 51aaf10e18 [0] none:none
PolyEnE| none trace

12:43:00 Win2K-f 84.19.112.144 (WIGHTCABLENORTH.NET):
OMNE COMMUNICATIONS,
UK. n/a US:www.msn.com
:dknzcglecrj.biz
US:uzrtkdvkint.org
:xlqbk.biz
:okafcqxdqg.com
:omxjn.biz
US:qhancntq.org
:oejekvaz.net
:xbbwefwlwkt.biz
:mmqjsyb.biz
:kaoagf.biz
US:ihyccxzquw.info
:iyxqtozh.com
:qewvm.com
:aeuodh.com
:hadedg.biz
US:ttwsctvge.org
:nfocpdlwv.com
:dkfwhsyxkba.net
:xywkvux.biz
:xdrhqlk.com
:uanzaimh.biz
:gzttiglz.biz
:pkfufjzavu.biz
NL:btjxayq.info
US:eiywzjxihuw.org
US:hxjnnrb.org
:uanlbgnj.com
US:euujutsz.info
US:znpfxamu.org
:dlvoyqd.biz
:rxnlcj.com
:ivkgkooh.net
:hzcpyiwdp.com
:xkginnjyci.biz
:vovlnlt.net
US:plrvlfuf.info
:xvmasrkxf.com
US:nlwuthezv.info
US:quclms.info
:tapymv.biz
NL:jxnlazczq.org
US:zfmdna.info
:ssytjtr.com
US:wcdipytt.info
US:kjbjsxwr.org
US:lcpvrklkvwf.info
US:lauwvpot.org
:rxjojrky.com
:qdqgeizh.info
:hcfggrcdrt.com
:oikcxainhlu.com
NL:jfplqeq.info
US:aepypa.org
:nemcylxmsc.net
:ddcpjyfonh.net
US:knmmmkogy.info
US:wjtkaubt.org
:giqbghyd.net
:pkbcbbyjec.net
:qfndkd.com
NL:vjopqumo.info
US:osxdoloqgu.org
:temgs.com
:pnsrqjukan.biz
:xhsbu.com
:txcahdyqzuc.info
NL:vtmffgso.info
US:pmyuugsy.org
US:hqeftrpbpu.info
:ofafjmkpa.biz
US:204.152.184.92:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
19 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:13:10:00 WinXP 74.75.248.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SARATOGA SPRINGS, NEW YORK, US. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:13:25:00 WinXP 64.214.82.245 (DIVERSILINK.COM):
GLOBAL CROSSING,
LONG BEACH, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:31:00 Win2K-f 222.234.215.213 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 218.93.205.24:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:dretis.cn
CN:kritq.cn
:onuka.cn
119.204.12.58:3128
CN:124.115.37.201:3128
124.123.132.88:3128
124.153.165.229:3128
124.153.169.119:3128
CN:124.165.110.229:3128
187.44.31.42:3128
EU:188.225.130.163:3128
189.61.14.29:3128
BR:200.207.69.117:3128
BR:201.17.127.156:3128
KR:203.212.105.104:3128
KR:211.246.248.228:3128
HK:219.79.16.222:3128
CN:220.243.117.246:3128 135 pcap raw alerts
ruleset irc
http
129 lines Yeah : 1.8
profile none summary
tarball 26 of 41
7 of 41
29 of 32
28 of 32
26 of 41 20152b563f
NEW
5354e986cd
NEW
8a75955033
NEW
9276c8b36b
NEW
b921102e9c
NEW 57c9f8b23f [0]
55eb7e6494[0]
2bf3e548b9[0]
none [0]
c4a8e6eee5[0] none:none
none:none
ASM:Graph
ASM:Graph
none:none
Armadillo|
PENinja|
tElock|
Armadillo|
Armadillo| none
none
lines=126
embedded dns
lines=81
none trace
trace
trace
trace
trace

T:13:44:00 WinXP 24.209.186.196 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MILWAUKEE, WISCONSIN, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:50:00 Win2K-f 172.168.47.198 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
153 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:59:00 WinXP 4.177.18.240 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
244 lines Yeah : 1.3
profile none summary
tarball 37 of 41
36 of 40 47d3548e36
NEW
d8722af110
NEW ab13346633 [0]
ab30a55931[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:14:39:00 WinXP 96.10.43.73 (-):
. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 41 119ec42aa0
NEW fd3c61c261 [0] none:none
PolyEnE| none trace

T:15:12:00 WinXP 122.29.110.67 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

15:51:00 WinXP 74.138.53.123 (INSIGHTBB.COM):
INSIGHT COMMUNICATIONS COMPANY L.P,
LOUISVILLE, KENTUCKY, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 eda3b7766c
NEW 7556343561 [0] none:none
PolyEnE| none trace

T:16:10:00 WinXP 24.29.30.239 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:16:35:00 WinXP 24.79.164.207 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SPRUCE GROVE, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1014 lines Yeah : 1.3
profile none summary
tarball 32 of 41 43b8f21924
NEW none[3] none:none
none|none none trace

T:16:45:00 WinXP 130.13.213.139 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] none:none
PolyEnE| none trace

T:17:21:00 Win2K-f 173.171.242.179 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:17:39:00 WinXP 114.48.188.166 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:18:09:00 WinXP 4.176.117.106 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ALBUQUERQUE, NEW MEXICO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
139 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:19:22:00 Win2K-f 219.112.171.106 (THN.NE.JP):
TOKAI CO.LTD,
JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 41 5799ab6538
NEW
f38e8d97da
NEW 2713679411 [0]
83f1400243[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:21:09:00 Win2K-f 219.254.99.224 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:dretis.cn
CN:kritq.cn
:onuka.cn
112.153.76.163:3128
116.72.176.230:3128
119.136.103.152:3128
124.123.132.88:3128
CN:124.165.110.229:3128
189.63.166.182:3128
BR:200.99.241.137:3128
BR:201.82.12.80:3128
KR:203.249.119.62:3128
KR:211.246.249.22:3128
CN:218.93.205.24:65520
CN:59.51.235.95:3128
HK:61.92.228.138:3128 135 pcap raw alerts
ruleset irc
http
http
132 lines Yeah : 1.8
profile none summary
tarball 7 of 41
24 of 40
29 of 32
28 of 32
34 of 41 5354e986cd
NEW
85ea6d3345
NEW
8a75955033
NEW
9276c8b36b
NEW
92d5918f69
NEW 55eb7e6494 [0]
dc3e68b034[0]
2bf3e548b9[0]
none [0]
8cfa5407d6[0] none:none
none:none
ASM:Graph
ASM:Graph
none:none
PENinja|
Armadillo|
tElock|
Armadillo|
Armadillo| none
none
lines=126
embedded dns
lines=81
none trace
trace
trace
trace
trace

T:21:46:00 WinXP 172.163.88.116 (AOL.COM):
AMERICA ONLINE,
US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
99 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:21:49:00 Win2K-f 87.185.231.35 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
CN:dailybucks.vipinstall.cn
US:microsoft.com
123.236.137.51:6667
123.236.146.104:6667
124.123.228.58:6667
124.123.26.244:6667
KR:124.49.62.227:6667
KR:125.182.169.199:6667
IN:125.99.91.221:6667
BR:189.5.45.211:6667
BR:201.75.93.148:6667
CN:202.194.19.223:6667
CN:202.96.114.24:6667
IN:219.64.202.196:6667
CN:221.5.74.39:65520
TH:58.8.196.124:6667
TH:58.9.248.133:6667
CN:59.51.235.95:6667
IN:60.243.161.112:6667
CN:61.189.103.34:6667
HK:61.239.140.92:6667
PL:85.255.181.33:6667 445 pcap raw alerts
ruleset irc
http
17 lines Yeah : 1.3
profile none summary
tarball 7 of 41
13 of 41 5354e986cd
NEW
d7fed61ba4
NEW 55eb7e6494 [0]
dc61698982[0] none:none
none:none
PENinja|
tElock| none
none trace
trace

21:50:00 Win2K-f 186.9.141.52 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:21:51:00 WinXP 63.17.198.204 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:02:00 Win2K-f 219.255.39.35 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 221.5.74.39:65520 :proxim.ircgalaxy.pl
US:microsoft.com
CN:dretis.cn
CN:kritq.cn
:onuka.cn
112.66.33.148:3128
113.254.150.97:3128
115.96.0.218:3128
115.96.40.57:3128
116.111.184.245:3128
119.118.122.255:3128
KR:121.138.93.12:3128
CN:123.6.125.186:3128
124.122.201.59:3128
CN:125.62.48.47:3128
IN:58.68.90.106:3128
MY:60.51.30.252:3128
TH:61.90.103.151:3128
PL:77.253.136.14:3128
UA:81.95.178.67:3128 135 pcap raw alerts
ruleset irc
http
151 lines Yeah : 1.8
profile none summary
tarball 7 of 41
24 of 40
38 of 40
34 of 41
38 of 40 5354e986cd
NEW
64f03d5b3e
NEW
66863cfb13
NEW
681e224c47
NEW
e8dfca0741
NEW 55eb7e6494 [0]
53d5d57130[0]
fca240f318[0]
8cfa5407d6[0]
20dfd2147c[0] none:none
none:none
none:none
none:none
none:none
PENinja|
Armadillo|
Armadillo|
Armadillo|
tElock| none
none
none
none
none trace
trace
trace
trace
trace

T:23:23:00 WinXP 203.73.84.19 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:23:00 Win2K-f 220.219.99.244 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a US:microsoft.com
114.199.98.67:3128
115.126.196.117:3128
115.126.196.194:3128
115.187.54.183:3128
118.32.40.198:3128
119.136.103.152:3128
KR:122.100.54.159:3128
123.237.210.154:3128
124.153.218.176:3128
124.153.227.181:3128
KR:125.185.88.68:3128
IN:125.99.91.221:3128
189.106.96.64:3128
EC:200.107.25.13:3128
BR:201.51.192.175:3128
CN:202.96.114.24:3128
KR:211.246.215.29:3128
CN:211.95.79.170:80
CN:221.5.74.39:65520
CN:58.30.188.181:3128
KR:58.65.79.101:3128
US:68.56.236.173:3128
US:69.118.132.127:3128
DE:85.181.11.151:3128
RO:86.124.109.166:3128
93.174.92.197:80 445 pcap raw alerts
ruleset http
irc
13 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:29:00 Win2K-f 99.16.54.184 (-):
. n/a
112.202.63.24:3128
114.108.5.31:3128
116.111.190.31:3128
AU:117.255.8.9:3128
119.11.31.116:3128
119.145.141.158:3128
119.15.217.21:3128
119.64.234.88:3128
KR:121.136.221.77:3128
123.237.215.162:3128
123.237.99.93:3128
124.122.201.59:3128
124.153.160.192:3128
124.153.169.119:3128
124.153.224.40:3128
KR:124.51.142.123:3128
KR:124.56.201.202:3128
EU:188.225.130.163:3128
190.249.49.215:3128
ZA:196.2.119.128:3128
KR:203.212.105.104:3128
KR:211.192.246.42:3128
KR:211.246.233.144:3128
CN:61.48.166.207:3128
US:68.56.236.173:3128 135 pcap raw alerts
ruleset http
http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:40:00 WinXP 218.172.76.151 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 ad9dd7baa3
NEW cf391299d5 [0] none:none
PolyEnE| none trace