|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | WinXP | 89.214.67.204 (-): GPRS COSTUMERS, LISBON, LISBOA, PT. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 50ec88befe NEW |
6654523fa4 [0] | none:none |
PolyEnE| | none | trace |
| 00:17:00 | WinXP | 72.35.46.1 (BTC-BCI.COM): BLOOMINGDALE COMMUNICATIONS INC, DUNDEE, MICHIGAN, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:00:33:00 | WinXP | 188.192.60.146 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.125:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee NEW |
none[0] | none:none |
ASPack| | lines=298 embedded dns |
trace |
| T:00:48:00 | WinXP | 61.218.193.250 (HINET.NET): CHUNGHWA TELECOM CO. LTD. DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:21:00 | WinXP | 203.76.82.138 (KCT.AD.JP): KURASHIKI CABLE TV CORPORATION, KURASHIKI, OKAYAMA, JP. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | none:none |
PolyEnE| | none | trace |
| T:02:10:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. (100Mbps) |
218.93.205.30:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:dl.guarddog2009.com :komojoke.cn :bfkq.com :jsactivity.com EU:sleepatnight.cn US:search.articleswave.co.uk CN:www.petdoso.com CN:202.97.184.196:81 204.27.57.154:8392 US:208.43.250.167:80 CN:218.93.205.30:65520 US:64.191.44.5:80 US:66.96.221.101:8392 |
135 | pcap | raw alerts ruleset |
irc http 247 lines |
Yeah : 1.8 profile |
none | summary tarball |
17 of 41 5 of 41 15 of 41 11 of 41 0 of 41 32 of 36 13 of 41 35 of 36 |
1c5e79f5f4 NEW 7cb40af9a6 NEW 83192a6119 NEW 9c632cd017 NEW a6821480ec NEW bea8cb1865 NEW f725e57065 NEW fac78fde16 NEW |
none[4] 0ea1eb1053[0] fdc95e1fab[0] 0ca67a940f[0] none [4] 154de51a66[0] 3f11911aa9[0] 882896ab05[0] |
none:none none:none none:none none:none none:none ASM:Graph none:none none:none |
FSG| StarForce| none|none Neolite| none|none Armadillo| tElock| tElock| |
none none none none none lines=91 none none |
trace trace trace trace trace trace trace trace |
| T:02:20:00 | WinXP | 217.203.133.144 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | f2a8dafb30 NEW |
1d0f660523 [0] | none:none |
PolyEnE| | none | trace |
| T:02:23:00 | Win2K-f | 77.254.151.51 (INETIA.PL): INTERNETIA, KRAKOW, MALOPOLSKIE, PL. (DSL) |
n/a | US:search.musicforher.com US:diacoordination.com US:zoo.parkingspa.com US:inahurry.info US:valuefindtrue.info US:www.hophealth.com US:groundarrangements.info :parkingbattery.com 174.36.138.71:80 |
445 | pcap | raw alerts ruleset |
http irc 90 lines |
Argh : 0.3 profile |
none | summary tarball |
10 of 41 | 6a95151e5b NEW |
58058ac4a0 [0] | none:none |
Neolite| | none | trace |
| T:02:45:00 | Win2K-f | 89.148.44.206 (BATELCO.COM.BH): BATELCO ADSL SERVICE, MANAMA, AL MANAMAH, BH. (DSL) |
218.93.205.30:65520 | :ectap.com EU:sleepatnight.cn CN:www.petdoso.com :jsactivity.com :parkingbill.com CN:proxim.ircgalaxy.pl CN:www.brans.pl CN:202.97.184.196:81 |
445 | pcap | raw alerts ruleset |
irc http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 41 19 of 41 9 of 41 13 of 41 |
1c5e79f5f4 NEW 5c2fdf5768 NEW 965c9d9cd0 NEW f725e57065 NEW |
none[4] f29783df8c[0] 1075d80341[0] 3f11911aa9[0] |
none:none none:none none:none none:none |
FSG| none|none FSG| tElock| |
none none none none |
trace trace trace trace |
| T:04:56:00 | Win2K-f | 65.191.64.185 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=81 lines=75 embedded dns |
trace trace |
| T:05:35:00 | Win2K-f | 218.32.99.1 (SDTV.NET.TW): SAN DA CATV CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 217 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 37 of 41 |
a205366bef NEW efaef2451a NEW |
82bbbe4789 [0] 5382f9a037[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:05:40:00 | WinXP | 98.141.161.39 (CAVTEL.NET): CAVALIER TELEPHONE, PHILADELPHIA, PENNSYLVANIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:23:00 | WinXP | 219.114.244.182 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 39 of 41 |
676ab5e987 NEW 983e7469c3 NEW |
b96815f961 [0] ebc346b04f[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:06:44:00 | WinXP | 12.204.1.77 (-): NEXBAND, FULTON, MISSISSIPPI, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.125:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http http 35 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef NEW |
none[0] | none:none |
ASPack| | lines=281 embedded dns |
trace |
| 06:58:00 | Win2K-f | 83.91.154.177 (DSL.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, LYNGBY, KOBENHAVN, DK. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:07:32:00 | WinXP | 79.162.185.3 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
213.219.245.212:80 | CN:proxim.ircgalaxy.pl RU:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 9bb68450cd NEW |
c2d5ac2315 [0] | ASM:Graph |
PolyEnE| | lines=73 embedded dns |
trace |
| T:09:00:00 | WinXP | 69.132.23.29 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. (100Mbps) |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.125:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee NEW |
none[0] | none:none |
ASPack| | lines=298 embedded dns |
trace |
| T:09:19:00 | Win2K-f | 173.169.208.117 (RR.COM): ROAD RUNNER HOLDCO LLC, CAPE CORAL, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:45:00 | Win2K-f | 4.231.157.157 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HUMBLE, TEXAS, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 91 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:10:10:00 | Win2K-f | 98.30.117.179 (RR.COM): ROAD RUNNER HOLDCO LLC, UPPER SANDUSKY, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:10:47:00 | WinXP | 79.163.106.108 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 708f64b1b7 NEW |
a18ef8ac1f [0] | none:none |
PolyEnE| | none | trace |
| T:11:02:00 | WinXP | 196.219.191.229 (TEDATA.NET): GIZA-ZONE-DSL, CAIRO, AL QAHIRAH, EG. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:11:34:00 | WinXP | 70.168.117.182 (COX.NET): COX COMMUNICATIONS, WICHITA, KANSAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:12:21:00 | Win2K-f | 188.193.206.159 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | a1947c032c NEW |
b4bbfb8759 [0] | none:none |
Armadillo| | none | trace | |
| T:12:23:00 | WinXP | 87.122.25.196 (VERSANET.DE): VERSATEL DEUTSCHLAND, FLENSBURG, SCHLESWIG-HOLSTEIN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | f3998fb9cf NEW |
375c9c1688 [0] | none:none |
Armadillo| | none | trace | |
| T:12:30:00 | WinXP | 93.102.205.58 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ec8ab501b3 NEW |
bac4cc6eec [0] | none:none |
Armadillo| | none | trace | |
| T:12:33:00 | Win2K-f | 201.68.181.7 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
66.252.13.212:16667 | US:bbs.moiservice.com US:66.252.13.212:16667 |
445 | pcap | raw alerts ruleset |
ftp irc 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | abbb0e3bad NEW |
e7124c9b61 [0] | none:none |
Stranik| | none | trace |
| T:12:52:00 | Win2K-f | 188.193.236.60 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | e0363ea7bb NEW |
33e5e8fe2a [0] | none:none |
Armadillo| | none | trace | |
| T:12:54:00 | WinXP | 119.243.182.94 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. (DSL) |
203.146.251.62:3305 | FI:cx10man.weedns.com AR:fx010413.whyI.org FI:gynoman.weedns.com JP:g.0x20.biz FI:telephone.dd.blueline.be AR:phonewire.dd.blueline.be :phonelogin.dd.blueline.be TH:ufospace.etowns.net AR:200.49.145.197:3305 FI:212.54.2.171:3305 92.240.234.164:3305 |
135 | pcap | raw alerts ruleset |
irc 286 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 41 | a0e262b14d NEW |
4ae21c0514 [0] | none:none |
StarForce| | none | trace |
| T:12:54:00 | Win2K-f | 82.139.71.177 (LIJBRANDT.NET): LIJBRANDT-NETBLOCK, HAARLEM, NOORD-HOLLAND, NL. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 37054fc56a NEW |
b0f959baa4 [0] | none:none |
none|none | none | trace |
| T:13:07:00 | Win2K-f | 201.83.83.232 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
66.252.13.214:9890 | US:f.unicat.org US:66.252.13.214:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:13:20:00 | WinXP | 88.134.142.146 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. (DSL) |
66.252.13.214:9890 | US:f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:13:21:00 | Win2K-f | 89.123.134.245 (ROMTELECOM.NET): ROMTELECOM DATA NETWORK, BUCHAREST, BUCURESTI, RO. (DSL) |
n/a | JP:cx10man.weedns.com :fx010413.whyI.org 92.240.234.164:3305 |
135 | pcap | raw alerts ruleset |
irc 285 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 41 | 75af48afe4 NEW |
7a25f9e3cf [0] | none:none |
StarForce| | none | trace |
| T:13:22:00 | WinXP | 201.22.100.79 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
66.252.13.212:16667 | US:bbs.moiservice.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 | 9f5b49bb41 NEW |
e7124c9b61 [0] | none:none |
Stranik| | none | trace |
| T:13:27:00 | Win2K-f | 89.155.219.83 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:30:00 | Win2K-f | 118.161.249.54 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 41 | de37f2fc47 NEW |
bac4cc6eec [0] | none:none |
Armadillo| | none | trace | |
| T:13:32:00 | WinXP | 77.20.23.236 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, WILHELMSHAVEN, NIEDERSACHSEN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 2ba090d997 NEW |
c49c54e7c8 [0] | none:none |
Armadillo| | none | trace | |
| T:13:48:00 | Win2K-f | 78.227.57.191 (PROXAD.NET): PROXAD / FREE SAS, BREST, BRETAGNE, FR. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d165f865c1 NEW |
e007e14266 [0] | none:none |
none|none | none | trace |
| T:13:50:00 | WinXP | 78.8.197.196 (NET.PL): DYNAMIC BROADBAND SERVICES, WROCLAW, DOLNOSLASKIE, PL. (DIAL) |
66.252.13.214:9890 | US:f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp lanman shell shell irc 233 lines |
Yeah : 1.8 profile |
none | summary tarball |
37 of 41 | 526ab46732 NEW |
0aaad19886 [0] | none:none |
Armadillo| | none | trace |
| T:13:58:00 | WinXP | 189.100.237.51 (VIRTUA.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
66.252.13.214:9890 | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | f869540f72 NEW |
19b1a84a32 [0] | none:none |
Armadillo| | none | trace | |
| T:14:05:00 | Win2K-f | 189.83.109.122 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BELO HORIZONTE, MINAS GERAIS, BR. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | b43b5fbcd4 NEW |
a8bd73e921 [0] | none:none |
none|none | none | trace |
| T:14:09:00 | Win2K-f | 92.230.93.212 (ALICEDSL.DE): HANSENET-ADSL, MUNICH, BAYERN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ec8ab501b3 NEW |
bac4cc6eec [0] | none:none |
Armadillo| | none | trace | |
| T:14:14:00 | WinXP | 190.50.213.155 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
66.252.13.214:9890 | US:f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:14:14:00 | WinXP | 77.23.24.2 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BEXBACH, SAARLAND, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | f80db6b4c1 NEW |
0dc71ae7e4 [0] | none:none |
Armadillo| | none | trace | |
| T:14:26:00 | Win2K-f | 76.241.140.186 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, CLEVELAND, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:14:31:00 | WinXP | 88.134.44.247 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, LANDAU, RHEINLAND-PFALZ, DE. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 43 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | bb335ce40d NEW |
b3bb06faab [0] | none:none |
none|none | none | trace |
| T:14:35:00 | Win2K-f | 218.220.165.223 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOYONAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:37:00 | WinXP | 87.11.53.55 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:47:00 | Win2K-f | 118.169.129.79 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
66.252.13.214:2081 | US:s.unicat.org US:attacke.100free.com US:205.134.160.58:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 1012 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 41 37 of 41 5 of 41 |
637620f48b NEW 67a66839f7 NEW b7b8c9175a NEW |
1c077515c8 [0] 7b1fc808a3[0] 1c077515c8[0] |
none:none none:none none:none |
FSG| none|none FSG| |
none none none |
trace trace trace |
| T:15:02:00 | Win2K-f | 118.169.35.252 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
66.252.13.214:2081 | US:s.unicat.org US:attacke.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc http 57 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | a75f610a2c NEW |
1acfb72109 [0] | none:none |
none|none | none | trace |
| T:15:07:00 | WinXP | 173.28.207.184 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
66.252.13.214:9890 | US:f.unicat.org US:66.252.13.214:9890 |
445 | pcap | raw alerts ruleset |
ftp lanman shell irc 248 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | bc75e26362 NEW |
5f81ece7e6 [0] | none:none |
Armadillo| | none | trace |
| T:15:50:00 | Win2K-f | 94.251.206.22 (-): SERVERS STREAM COMMUNICATIONS, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:51:00 | Win2K-f | 89.152.177.115 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, MAIA, PORTO, PT. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 9ddde78524 NEW |
7655048fd6 [0] | none:none |
none|none | none | trace |
| T:15:51:00 | WinXP | 173.29.68.57 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CRESTWOOD, KENTUCKY, US. (DSL) |
66.252.13.214:9890 | US:f.unicat.org US:66.252.13.214:9890 |
445 | pcap | raw alerts ruleset |
ftp lanman shell irc 249 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | 13de042416 NEW |
f6630e402b [0] | none:none |
Armadillo| | none | trace |
| T:15:58:00 | WinXP | 77.23.76.75 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BRAUNSCHWEIG, NIEDERSACHSEN, DE. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:16:01:00 | WinXP | 4.229.144.100 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FOWLERVILLE, MICHIGAN, US. (DIAL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 9c4727d74f NEW |
1487a0b371 [0] | none:none |
none|none | none | trace |
| T:16:06:00 | Win2K-f | 78.57.143.250 (ZEBRA.LT): LIETUVOS, KAUNAS, KAUNO APSKRITIS, LT. (DSL) |
66.252.13.214:9890 | US:f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:16:18:00 | Win2K-f | 78.237.148.84 (PROXAD.NET): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, FR. (DSL) |
66.252.13.214:2081 | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 49a6c9c194 NEW |
23254be803 [0] | none:none |
none|none | none | trace |
| T:16:20:00 | WinXP | 61.229.49.141 (PRESTONAUTO.COM): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 6aae51c10a NEW |
e5bc758bd5 [0] | none:none |
none|none | none | trace |
| T:16:28:00 | WinXP | 78.226.132.7 (PROXAD.NET): PROXAD / FREE SAS, DIJON, BOURGOGNE, FR. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | bf4beae362 NEW |
45d573d4b5 [0] | none:none |
none|none | none | trace |
| T:16:55:00 | Win2K-f | 118.168.82.149 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:16:55:00 | WinXP | 209.42.184.207 (WISPNET.NET): WISPNET LLC, KENTUCKY, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 38 | 5865b09945 NEW |
4d99f4784a [0] | none:none |
PolyEnE| | none | trace |
| T:17:08:00 | Win2K-f | 116.82.228.124 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp lanman shell 242 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 011bbba2e3 NEW |
53f201af2f [0] | none:none |
Armadillo| | none | trace | |
| T:19:00:00 | Win2K-f | 118.221.10.199 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
218.93.205.30:65520 | US:microsoft.com CN:proxim.ircgalaxy.pl :komojoke.cn :bfkq.com EU:sleepatnight.cn :jsactivity.com CN:www.petdoso.com US:search.toptravellingtips.com CN:202.97.184.196:81 US:66.96.221.101:8392 |
135 | pcap | raw alerts ruleset |
irc http 289 lines |
Yeah : 1.8 profile |
none | summary tarball |
17 of 41 40 of 41 0 of 41 4 of 41 11 of 41 39 of 41 13 of 41 |
1c5e79f5f4 NEW 1eafd24c64 NEW 26b5c3598c NEW 389c414a1e NEW 9c632cd017 NEW b5edcbfd2a NEW f725e57065 NEW |
none[4] 91efa90c65[0] none [4] d71ee5f7ac[0] 0ca67a940f[0] c30d825691[0] 3f11911aa9[0] |
none:none none:none none:none none:none none:none none:none none:none |
FSG| StarForce| none|none StarForce| Neolite| Armadillo| tElock| |
none none none none none none none |
trace trace trace trace trace trace trace |
| T:19:13:00 | WinXP | 77.23.118.146 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BERLIN, BERLIN, DE. (DSL) |
66.252.13.214:9890 | US:f.unicat.org US:66.252.13.214:9890 |
445 | pcap | raw alerts ruleset |
ftp lanman shell irc 261 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 27b20f06b4 NEW |
dba2cd61d9 [0] | none:none |
Armadillo| | none | trace |
| T:20:28:00 | WinXP | 98.191.203.215 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:20:34:00 | Win2K-f | 4.227.195.75 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DENVER, COLORADO, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:31:00 | Win2K-f | 203.118.238.245 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, T'AI-WAN, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:41:00 | WinXP | 218.210.68.93 (SPARQNET.NET): THEFAREASTERNGROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:08:00 | WinXP | 110.15.219.89 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
218.93.205.30:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com EU:sleepatnight.cn CN:www.petdoso.com CN:202.97.184.196:81 |
135 | pcap | raw alerts ruleset |
irc http 145 lines |
Yeah : 1.8 profile |
none | summary tarball |
17 of 41 29 of 32 28 of 32 13 of 41 |
1c5e79f5f4 NEW 8a75955033 NEW 9276c8b36b NEW f725e57065 NEW |
none[4] 2bf3e548b9[0] none [0] 3f11911aa9[0] |
none:none ASM:Graph ASM:Graph none:none |
FSG| tElock| Armadillo| tElock| |
none lines=126 embedded dns lines=81 none |
trace trace trace trace |
| T:23:21:00 | Win2K-f | 95.220.137.188 (-): FAIRLIE HOLDING & FINANCE LIMITED, RU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |