Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

01 November 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:05:00 WinXP 211.211.72.110 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 3 of 41
33 of 33 8b41cb7a41
NEW
97fef473b9
NEW ef18d720f3 [0]
ff4e7d6992[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:00:35:00 WinXP 114.48.236.218 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:00:49:00 WinXP 116.58.146.2 (CCNET-AI.NE.JP):
COMMUNITY NETWORK CENTER INC,
TOYOKAWA, AICHI, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:01:16:00 WinXP 155.239.59.68 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ROODEPOORT, GAUTENG, ZA. (DSL) n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:01:16:00 Win2K-f 71.116.24.204 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ERIE, PENNSYLVANIA, US. (DSL) 92.240.234.164:3305 JP:cx10man.weedns.com
:fx010413.whyI.org
92.240.234.164:3305 135 pcap raw alerts
ruleset irc
610 lines Yeah : 1.8
profile none summary
tarball 39 of 40 b578280b18
NEW b69a6b100c [0] none:none
StarForce| none trace

T:01:43:00 WinXP 24.103.196.250 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROCHESTER, NEW YORK, US. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:57:00 Win2K-f 76.210.230.155 (PACBELL.NET):
AT&T INTERNET SERVICES,
BEAUMONT, TEXAS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:02:00 WinXP 119.230.96.15 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 38 of 41 7b313206a2
NEW 0c866c8cce [0] none:none
none|none none trace

T:01:10:00 WinXP 114.37.153.32 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:02:03:00 Win2K-f 67.8.56.42 (RR.COM):
ROAD RUNNER HOLDCO LLC,
APOPKA, FLORIDA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:03:00 WinXP 95.74.161.239 (-):
TELECOM ITALIA MOBILE,
ROME, LAZIO, IT. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

T:02:31:00 Win2K-f 4.225.19.111 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:01:00 WinXP 114.48.207.196 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 40 of 41 4512a2e99b
NEW b89876c3b9 [0] none:none
none|none none trace

T:03:03:00 WinXP 114.48.66.61 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:03:09:00 Win2K-f 125.4.253.237 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 07f6a0160b
NEW
105267869b
NEW ce3cb771cc [0]
9ed962793a[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:03:53:00 WinXP 211.187.169.122 (SONICANT.CO.KR):
THRUNET CO. LTD,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 218.93.205.30:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:www.brans.pl
CN:dl.guarddog2009.com
:komojoke.cn
:bfkq.com
:jsactivity.com
EU:sleepatnight.cn
US:search.toptravellingtips.com
CN:www.petdoso.com
US:208.43.250.167:80 135 pcap raw alerts
ruleset irc
http
209 lines Yeah : 1.8
profile none summary
tarball 0 of 41
17 of 41
34 of 36
7 of 41
15 of 41
2 of 41
15 of 41
14 of 41
16 of 41
13 of 41
30 of 33 05e29fd1f0
NEW
1c5e79f5f4
NEW
24e59ab043
NEW
5abc9b8012
NEW
83192a6119
NEW
96efa8fdf5
NEW
a0e59e4658
NEW
b715292e04
NEW
e1cdc5a168
NEW
f725e57065
NEW
ff2150aa95
NEW none[4]
none [4]
778da26bf3[0]
376edb026c[0]
fdc95e1fab[0]
acab6295e1[0]
none [4]
569c05a15f[0]
none [4]
3f11911aa9[0]
6e55004755[0] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
FSG|
Armadillo|
Neolite|
none|none
StarForce|
Obsidium|
PE-PACK|
ASProtect|
tElock|
tElock| none
none
none
none
none
none
none
none
none
none
none trace
trace
trace
trace
trace
trace
trace
trace
trace
trace
trace

T:04:43:00 WinXP 89.194.198.160 (-):
ORANGE HIGH SPEED INTERNET,
LONDON, ENGLAND, UK. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 ed386522c7
NEW d7cdf28efd [0] none:none
PolyEnE| none trace

T:05:19:00 WinXP 89.152.219.58 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
ALMADA, SETUBAL, PT. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 a1f992a08e
NEW 75ca0b4a8f [0] none:none
PolyEnE| none trace

T:06:01:00 WinXP 69.109.220.137 (PACBELL.NET):
PLTNCA INTERNAL,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:02:00 WinXP 118.221.32.138 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 218.93.205.30:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:dl.guarddog2009.com
EU:sleepatnight.cn
CN:www.petdoso.com
CN:202.97.184.196:81 135 pcap raw alerts
ruleset irc
http
128 lines Yeah : 1.8
profile none summary
tarball 17 of 41
none
15 of 41
7 of 41
13 of 41
38 of 40 1c5e79f5f4
NEW
6a4845ca11
NEW
83192a6119
NEW
9e4a539611
NEW
f725e57065
NEW
ffafd341d9
NEW none[4]
c23d00870b[0]
fdc95e1fab[0]
405940d276[0]
3f11911aa9[0]
294fb27545[0] none:none
none:none
none:none
none:none
none:none
ASM:Graph
FSG|
tElock|
none|none
none|none
tElock|
Armadillo| none
none
none
none
none
lines=91 trace
trace
trace
trace
trace
trace

T:07:18:00 Win2K-f 71.109.150.175 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMARILLO, CALIFORNIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
929 lines Yeah : 1.3
profile none summary
tarball 39 of 40 10980f4df2
NEW 1fd3385a95 [0] ASM:Graph
none|none lines=556 trace

T:08:08:00 WinXP 77.23.71.48 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BAYREUTH, BAYERN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:10:41:00 Win2K-f 202.45.170.4 (CCNET-AI.NE.JP):
COMMUNITY NETWORK CENTER INC,
TOYOKAWA, AICHI, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:10:45:00 WinXP 24.48.129.139 (USA2NET.NET):
FLORIDA CABLE INC,
US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:51:00 WinXP 189.24.71.64 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
PETRóPOLIS, RIO DE JANEIRO, BR. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:11:42:00 Win2K-f 60.249.198.98 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 41 4640a4ccd3
NEW
518025c884
NEW 9d9f2a02f5 [0]
e811756e2b[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:11:47:00 WinXP 83.29.222.24 (TPNET.PL):
NEOSTRADA PLUS,
LODZ, LODZKIE, PL. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
NEW none[0] none:none
none|none lines=64 trace

T:12:37:00 WinXP 208.101.212.196 (MNCABLE.NET):
SJOBERG CABLE,
BAUDETTE, MINNESOTA, US. (DSL) 92.240.234.164:3305 TH:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
597 lines Yeah : 1.8
profile none summary
tarball 22 of 41 75af48afe4
NEW 7a25f9e3cf [0] none:none
StarForce| none trace

T:12:39:00 WinXP 93.110.2.254 (-):
LASER COMPANY LTD,
TEHRAN, ESFAHAN, IR. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
NEW b9dd25bdfb [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:12:56:00 Win2K-f 69.109.220.137 (PACBELL.NET):
PLTNCA INTERNAL,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:19:00 WinXP 24.84.40.29 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:25:00 WinXP 64.203.49.110 (MINDSPRING.COM):
EARTHLINK INC,
SAN DIEGO, CALIFORNIA, US. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
RU:www.bbin.ru
US:208.73.210.125:80 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
NEW none[0] none:none
ASPack| lines=298
embedded dns trace

T:14:33:00 WinXP 200.39.29.48 (TELEFONICA-DATA.COM.MX):
TELEFNICA MXICO,
MEXICO, DISTRITO FEDERAL, MX. (DSL) n/a US:www.yahoo.com
:www.google.com.au
:jbeegvia.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 bb7681eca8
NEW none[3] none:none
tElock| none trace

T:14:43:00 WinXP 60.249.37.106 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:14:59:00 WinXP 114.166.232.110 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:15:29:00 WinXP 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:58:00 WinXP 75.181.175.107 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SALISBURY, NORTH CAROLINA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:16:33:00 WinXP 64.144.35.70 (MEGAPATH.NET):
MEGAPATH NETWORKS INC,
JERSEY CITY, NEW JERSEY, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:17:44:00 WinXP 125.4.0.80 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:18:03:00 WinXP 189.48.189.181 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
RIO DE JANEIRO, RIO DE JANEIRO, BR. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 eb07c59faa
NEW e7d4027969 [0] none:none
PolyEnE| none trace

T:19:58:00 WinXP 68.144.74.118 (HUB.SYSTEM.IO):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 92.240.234.164:3305 AR:cx10man.weedns.com
TH:fx010413.whyI.org
92.240.234.164:3305 135 pcap raw alerts
ruleset irc
608 lines Yeah : 1.8
profile none summary
tarball 39 of 41 7e809b1bc9
NEW 14a46167a5 [0] none:none
StarForce| none trace

T:20:34:00 WinXP 70.61.157.34 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:21:53:00 Win2K-f 4.184.88.25 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CARTERET, NEW JERSEY, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:12:00 WinXP 114.32.140.186 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 218.93.205.30:65520 CN:proxim.ircgalaxy.pl
CN:dl.guarddog2009.com
:komojoke.cn
:bfkq.com
:jsactivity.com
EU:sleepatnight.cn
US:search.toptravellingtips.com
CN:www.petdoso.com
US:66.96.221.101:8392 445 pcap raw alerts
ruleset shell
ftp
irc
http
116 lines Yeah : 1.8
profile none summary
tarball 17 of 41
3 of 41
38 of 40
15 of 41
7 of 41
0 of 41
5 of 41
16 of 41
13 of 41 1c5e79f5f4
NEW
420513a6be
NEW
7bc8d57d8c
NEW
83192a6119
NEW
a3e18e89b8
NEW
b480c6365e
NEW
b64d7999db
NEW
e1cdc5a168
NEW
f725e57065
NEW none[4]
1a4b1b325f[0]
be025ab204[0]
fdc95e1fab[0]
a3e18e89b8[1]
none [4]
584147788c[0]
none [4]
3f11911aa9[0] none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
FSG|
StarForce|
none|none
none|none
StarForce|
none|none
Neolite|
ASProtect|
tElock| none
none
none
none
lines=5
none
none
none
none trace
trace
trace
trace
trace
trace
trace
trace
trace

T:22:38:00 Win2K-f 98.141.163.84 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:02:00 WinXP 114.48.15.210 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:23:16:00 Win2K-f 61.218.193.250 (HINET.NET):
CHUNGHWA TELECOM CO. LTD. DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:29:00 WinXP 24.213.224.238 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:44:00 WinXP 77.253.124.53 (INETIA.PL):
INTERNETIA,
WARSAW, WARSZAWA, PL. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 ed96c03ca8
NEW c0028e9e98 [0] none:none
PolyEnE| none trace