Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 January 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
01:26:00 Win2K-f 94.50.226.165 (PERMONLINE.RU):
DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a US:cnn.com
US:msn.com
US:204.152.184.139:80
GB:212.117.177.140:80 		445 pcap raw alerts
ruleset 		http
20 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
05:02:00 Win2K-f 211.24.138.17 (TIME.NET.MY):
TIME TELECOMMUNICATIONS SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a US:microsoft.com
US:cnn.com
:www.google.com
:nsjnyyl.biz
:swiquhd.com
:jmdota.com
:ynwornru.biz
:hplbdapvix.info
:uoiofmejz.org
:upwzfr.net
:kbshpq.biz
:iwieqfspbp.biz
:bosmu.info
:xrhthoort.com
:isgyk.biz
:caixrlwhh.info
:yherdthz.org
:nxbbmae.org
:jxunuk.com
:mzyahtopup.net
:fwgotfzxb.net
:mhytfw.info
:utrpb.org
:kzzyvkif.biz
:atxgglpoas.biz
:cycvwclw.biz
:bjwyqs.biz
:ltaqvovm.net
:iwkbcmodp.net
:faxbf.biz
:npujmrz.org
:eeioigyz.net
:wqdczdfl.info
GB:www.businesstomb.com
US:trafficconverter.biz
:qrnzispyo.info
:lrkjpmupm.info
:fbuskdkt.com
:zghdk.com
:psaaghqi.net
:mukfb.net
:moxqhqrh.com
:taftsihcwbc.org
:ohvvovae.org
:hzpglckcj.biz
:dzcakjjcej.biz
:jasxkd.info
:inyfkczx.com
:oqkftngjqxg.info
:xdqrysbowc.com
:btefoioyp.com
:xhjehupm.info
:lcdjp.biz
:cyfau.info
:zbuvbosqe.biz
:ssrnoud.biz
:omritjussu.org
:rswmestqpf.com
:bwbupadt.biz
:jzqpgask.info
:jocmnc.org
:fecckjhatyi.biz
:qmhjlmaprs.info
:umxtylg.com
:pvjhdsvlx.org
US:204.152.184.139:80
GB:212.117.177.140:80 		445 pcap raw alerts
ruleset 		http
26 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
09:37:00 Win2K-f 85.250.161.18 (NETVISION.NET.IL):
BROADBAND-PT,
RAMAT HASHARON, TEL AVIV, IL. (DSL) 		n/a US:microsoft.com
US:204.152.184.139:80
GB:212.117.177.140:80 		445 pcap raw alerts
ruleset 		http
17 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
11:13:00 Win2K-f 95.25.189.225 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a US:microsoft.com
US:msn.com
US:www.w3.org
US:128.30.52.38:80
US:204.152.184.139:80
GB:212.117.177.140:80 		445 pcap raw alerts
ruleset 		http
18 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
18:55:00 Win2K-f 173.45.113.187 (XLHOST.COM):
ENET INC,
COLUMBUS, OHIO, US. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
GB:80.82.119.191:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:19:10:00 Win2K-f 173.45.113.187 (XLHOST.COM):
ENET INC,
COLUMBUS, OHIO, US. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
8 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
19:41:00 Win2K-f 95.29.100.184 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (100Mbps) 		n/a US:cnn.com
US:204.152.184.139:80
GB:212.117.177.140:80 		445 pcap raw alerts
ruleset 		http
21 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:19:47:00 Win2K-f 98.175.154.96 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. (DSL) 		n/a US:microsoft.com
:pictureor.com
:parkadvance.com
:bfkq.com
:setprogram.com
:searchdaybed.com
:gardenlens.com 		445 pcap raw alerts
ruleset 		http
irc
203 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:20:04:00 Win2K-f 118.219.14.160 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		122.195.190.197:65520 FR:proxim.ircgalaxy.pl
US:microsoft.com
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:bfkq.com
:jsactivity.com
:wws.mobiec.net
US:search.toptravellingtips.com
CN:russia.2288.org
173.45.105.218:8392 		135 pcap raw alerts
ruleset 		irc
http
223 lines 		Yeah : 1.8
profile 		none summary
tarball 		2 of 40
22 of 40
8 of 40
29 of 32
28 of 32
0 of 40
15 of 40
26 of 41		 006094b6be
NEW
21b77bdfb8
NEW
61468dae2c
NEW
8a75955033
NEW
9276c8b36b
NEW
93b07ac044
NEW
b0b40e7540
NEW
dd96e88e03
NEW 		none[none]
none [none]
none [none]
2bf3e548b9[0]
none [0]
none [none]
none [none]
6f87541765[0] 		none:none
none:none
none:none
ASM:Graph
ASM:Graph
none:none
none:none
none:none
 none|none
none|none
none|none
tElock|
Armadillo|
none|none
none|none
StarForce| 		none
none
none
lines=126
embedded dns
lines=81
none
none
none 		none
none
none
trace
trace
none
none
trace
T:20:05:00 WinXP 96.8.147.169 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
96 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40
3 of 40		 cd456ac095
NEW
fcda948226
NEW 		d75caee680 [none]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:20:09:00 WinXP 67.40.32.226 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
DENVER, COLORADO, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 7dd92cbd4b
NEW 		f1a5b08be2 [none] none:none
 none|none none trace
T:20:21:00 Win2K-f 66.209.53.82 (ATRIANETWORKS.NET):
ATRIA NETWORKS LP,
BARRIE, ONTARIO, CA. (100Mbps) 		n/a :bfkq.com
:datingasap.net
US:searchportal.information.com
US:spi.domainsponsor.com
:parkingbattery.com
:searchchocolates.com
US:autonlines.com
:search.youblogged.com
US:microsoft.com
:www.youblogged.com
:jsactivity.com
US:besthotelsrooms.com
US:search.thepremiumdirectory.co.uk
:pictureper.com
:search.financejungle.co.uk 		445 pcap raw alerts
ruleset 		http
irc
243 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:20:36:00 Win2K-f 198.146.33.151 (CHATTANOOGASTATE.EDU):
TENNESSEE BOARD OF REGENTS,
PORTLAND, OREGON, US. (100Mbps) 		n/a US:search.smarturl.co.uk
US:hophealth.com
:search.homecinemasoftware.com
:ectap.com
:parkingbill.com
174.36.138.69:80 		445 pcap raw alerts
ruleset 		http
irc
233 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:20:46:00 Win2K-f 91.148.89.249 (TEHNICOM.NET):
BEOTELNET-ISP D.O.O,
CS. (DSL) 		193.104.94.11:65520 :setprogram.com
CN:proxim.ircgalaxy.pl
CN:www.liagand.cn
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:wws.mobiec.net
:xz.ub9.net
CN:russia.2288.org
:in.7cy.net
:in1.7cy.net
:www.axinbr.com
US:familyroomlighting.com
US:as.casalemedia.com
:images.ddc.com
:s7.addthis.com
US:domdex.com
:ad.yieldmanager.com
US:ad.adtegrity.net
66.114.48.40:80 		445 pcap raw alerts
ruleset 		http
irc
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 39
22 of 40
15 of 40
26 of 41		 1cc6c71f33
NEW
21b77bdfb8
NEW
b0b40e7540
NEW
dd96e88e03
NEW 		none[none]
none [none]
none [none]
6f87541765[0] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
StarForce| 		none
none
none
none 		none
none
none
trace
T:20:47:00 Win2K-f 98.141.30.67 (CAVTEL.NET):
CAVALIER TELEPHONE,
NORFOLK, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:21:59:00 WinXP 172.164.201.220 (AOL.COM):
AMERICA ONLINE,
US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:23:19:00 Win2K-f 211.177.112.91 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
55 lines 		Yeah : 1.3
profile 		none summary
tarball 		5 of 39 040b47868d
NEW 		none[none] none:none
 none|none none none
T:23:25:00 WinXP 203.91.177.84 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
23:33:00 Win2K-f 222.218.92.153 (163DATA.COM.CN):
CHINANET GUANGXI PROVINCE NETWORK,
NANNING, GUANGXI, CN. (DSL) 		n/a US:msn.com
:www.google.com
:jxeuqanch.info
DE:kohas.com
:tkhffljddwv.net
:djcztqgx.biz
:zqnyojoich.info
:zjklzxuk.info
:xgejqtc.org
:ayhidl.com
:diyfe.info
:dhadjq.info
:dbbazsyx.info
:ewauiel.net
:kdhnfdytjt.biz
:xwpawbgc.com
:rjzep.info
:plicxiym.org
:prrdrurs.biz
:lbjynebriq.org
:dmabufkcxt.biz
:gtntqcxuuom.info
US:204.152.184.139:80
GB:212.117.177.140:80 		445 pcap raw alerts
ruleset 		http
25 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none