|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | Win2K-f | 196.211.157.92 (MWEB.CO.ZA): AFRINIC, JOHANNESBURG, GAUTENG, ZA. (DSL) |
n/a | :parklens.com :search.easyaupair.com GB:www.easyaupair.com :parkgas.com US:microsoft.com US:search.bigwebguide.co.uk :parkgrowth.com :picturemin.com CN:proxim.ircgalaxy.pl :in1.7cy.net CN:122.195.190.197:65520 174.133.57.140:80 174.36.138.69:80 174.36.138.71:80 174.36.138.72:80 174.36.138.74:80 204.27.57.154:8392 US:208.43.250.167:80 US:66.96.221.101:8392 |
135 | pcap | raw alerts ruleset |
http irc 73 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:00:08:00 | Win2K-f | 65.34.30.26 (RR.COM): ROAD RUNNER HOLDCO LLC, CLERMONT, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 00:18:00 | Win2K-f | 190.0.83.32 (ASTER.COM.DO): ASTER, SANTO DOMINGO, DISTRITO NACIONAL, DO. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org EU:getmyip.co.uk :checkip.dyndns.org US:67.15.94.80:80 US:75.126.138.202:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:00:21:00 | Win2K-f | 81.36.250.131 (RIMA-TDE.NET): TELEFONICA DE ESPANA, GIRONA, CATALONIA, ES. (DSL) |
88.198.228.238:65520 | :www.setinternet.com US:7911.1036.discover-facts.com US:www.abcsearch.com :xz.ub9.net CN:proxim.ircgalaxy.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :in.7cy.net :in1.7cy.net :bfkq.com :jsactivity.com :wws.mobiec.net US:search.toptravellingtips.com US:search.articleswave.co.uk 174.133.57.140:80 |
445 | pcap | raw alerts ruleset |
http http http http irc 131 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 40 0 of 41 10 of 40 15 of 40 15 of 39 |
0e40a3de68 NEW 27f8b59b8b NEW 74d4f2df38 NEW a07face99b NEW d4e6c8e430 NEW |
none[none] none [none] b5e8bef68d[none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:00:27:00 | Win2K-f | 190.0.83.32 (ASTER.COM.DO): ASTER, SANTO DOMINGO, DISTRITO NACIONAL, DO. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:02:21:00 | Win2K-f | 60.250.246.160 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:02:33:00 | WinXP | 58.157.86.73 (UCOM.NE.JP): G-TK0101N, TOKYO, TOKYO, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | d0f48a922b NEW |
none[none] | none:none |
none|none | none | none | |
| T:02:35:00 | Win2K-f | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:37:00 | WinXP | 112.110.187.91 (-): GPRS VAS SERVICES, IN. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | f45285574e NEW |
none[none] | none:none |
none|none | none | none |
| T:03:49:00 | Win2K-f | 172.129.72.122 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:31:00 | Win2K-f | 113.255.24.155 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1002 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 41 | 76b84a1bf1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:43:00 | Win2K-f | 122.52.35.75 (PLDT.NET): IPG, MANILA, MANILA, PH. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:17:00 | WinXP | 216.240.250.243 (GROUPTELECOM.NET): CA. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 4cb693b222 NEW |
c8f8204def [none] | none:none |
none|none | none | none |
| T:06:51:00 | Win2K-f | 4.240.24.226 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHOENIX, ARIZONA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:17:00 | Win2K-f | 24.83.84.7 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | TW:m.DRD3H.COM TW:122.117.146.70:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 57e84beea6 NEW |
9399e2ac48 [none] | none:none |
none|none | none | none |
| T:08:12:00 | Win2K-f | 99.164.23.178 (SBCGLOBAL.NET): RANI PAL LLC, PLANO, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 402 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | c4c5a56ffe NEW |
8bef2f9170 [0] | none:none |
StarForce| | none | trace | |
| 09:51:00 | Win2K-f | 64.79.71.26 (-): . |
n/a | US:www.maxmind.com :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:09:58:00 | WinXP | 74.210.228.190 (CGOCABLE.CA): COGECO CABLE CANADA INC, RIMOUSKI, QUEBEC, CA. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | a25dfda335 NEW |
29d2ef505b [0] | none:none |
PolyEnE| | none | trace |
| T:10:00:00 | Win2K-f | 64.79.71.26 (-): . |
n/a | US:www.maxmind.com EU:getmyip.co.uk :checkip.dyndns.org DE:131.220.6.26:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:10:13:00 | WinXP | 95.239.163.72 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA WIRELINE SERVICES, ROME, LAZIO, IT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
none[0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:36:00 | WinXP | 97.66.82.28 (-): CROWNE OFFICE SUITES, MARIETTA, GEORGIA, US. (100Mbps) |
n/a | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 NEW |
none[0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:12:20:00 | WinXP | 186.10.32.220 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, CL. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:01:00 | WinXP | 98.141.30.67 (CAVTEL.NET): CAVALIER TELEPHONE, NORFOLK, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:27:00 | Win2K-f | 70.183.3.169 (COX.NET): COX COMMUNICATIONS, SPRINGFIELD, VIRGINIA, US. (DSL) |
193.104.94.11:65520 | US:microsoft.com CN:proxim.ircgalaxy.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :bfkq.com :jsactivity.com :wws.mobiec.net US:search.toptravellingtips.com CN:russia.2288.org US:search.articleswave.co.uk :sendfan.com :www.sendfan.com US:208.43.250.167:80 CN:218.10.18.119:44 US:64.191.44.5:80 |
135 | pcap | raw alerts ruleset |
irc http 230 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 15 of 40 29 of 33 5 of 41 15 of 39 0 of 39 26 of 41 |
87e1117f2a NEW a07face99b NEW b4fe4581c3 NEW b901f78f6b NEW d4e6c8e430 NEW d82dd54038 NEW dd96e88e03 NEW |
3ff643aae6 [0] none [none] 599b835896[0] none [none] none [none] none [none] 6f87541765[0] |
none:none none:none none:none none:none none:none none:none none:none |
tElock| none|none Armadillo| none|none none|none none|none StarForce| |
none none none none none none none |
trace none trace none none none trace |
| T:13:39:00 | Win2K-f | 80.218.50.7 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
122.195.190.197:65520 | US:search.musicforher.com US:microsoft.com CN:proxim.ircgalaxy.pl CN:av.lometr.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :wws.mobiec.net 204.27.57.154:8392 US:208.43.250.167:80 |
445 | pcap | raw alerts ruleset |
irc http 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 41 15 of 40 15 of 39 |
357486dae7 NEW a07face99b NEW d4e6c8e430 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:14:05:00 | Win2K-f | 70.183.160.46 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. (DSL) |
88.198.228.238:65520 | US:microsoft.com CN:proxim.ircgalaxy.pl CN:av.lometr.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :bfkq.com :jsactivity.com :wws.mobiec.net CN:russia.2288.org US:search.toptravellingtips.com US:search.articleswave.co.uk :sendfan.com 173.45.105.218:8392 204.27.57.154:8392 US:208.43.250.167:80 CN:218.10.18.119:44 US:66.96.221.101:8392 98.126.9.218:80 |
135 | pcap | raw alerts ruleset |
irc http 200 lines |
Yeah : 1.8 profile |
none | summary tarball |
5 of 41 23 of 41 15 of 40 15 of 41 32 of 36 15 of 39 0 of 41 35 of 36 |
27c708ae0d NEW 357486dae7 NEW a07face99b NEW b100c62d8a NEW bea8cb1865 NEW d4e6c8e430 NEW fa9da160a1 NEW fac78fde16 NEW |
e66e798482 [none] none [none] none [none] none [none] 154de51a66[0] none [none] none [none] 882896ab05[0] |
none:none none:none none:none none:none ASM:Graph none:none none:none none:none |
none|none none|none none|none none|none Armadillo| none|none none|none tElock| |
none none none none lines=91 none none none |
none none none none trace none none trace |
| T:14:24:00 | Win2K-f | 74.214.13.114 (SETEL.COM): SOUTHEAST TELEPHONE INCORPORATED, CYNTHIANA, KENTUCKY, US. (DSL) |
88.198.228.238:65520 193.104.94.11:65520 | :ebizshows.com US:searchportal.information.com US:spi.domainsponsor.com CN:www.liagand.cn :statepricing.com US:i.nuseek.com CN:proxim.ircgalaxy.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :wws.mobiec.net CN:russia.2288.org 98.126.9.218:80 |
445 | pcap | raw alerts ruleset |
http irc 42 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 40 10 of 40 15 of 39 |
a07face99b NEW b61a890b52 NEW d4e6c8e430 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:15:04:00 | WinXP | 190.108.187.105 (E-CORPNET.ORG): TELEFONICA MOVIL DE CHILE S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | b773ceb02c NEW |
none[none] | none:none |
none|none | none | none |
| T:15:09:00 | Win2K-f | 75.60.218.152 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:45:00 | Win2K-f | 98.175.167.93 (COX.NET): COX COMMUNICATIONS, FREDERICKSBURG, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:06:00 | Win2K-f | 174.3.79.4 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, TORONTO, ONTARIO, CA. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 38 of 41 |
9850931e93 NEW e770121662 NEW |
443d54cb48 [0] ac4b533671[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:20:27:00 | WinXP | 122.146.80.68 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:20:34:00 | Win2K-f | 75.37.173.251 (SBCGLOBAL.NET): JASON LEE, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:20:48:00 | Win2K-f | 66.65.73.163 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:34:00 | Win2K-f | 71.103.35.24 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DOWNEY, CALIFORNIA, US. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 9e1a6ffb60 NEW |
none[none] | none:none |
none|none | none | none | |
| T:21:35:00 | WinXP | 70.79.83.175 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:36:00 | WinXP | 24.79.198.98 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 41 | e55a71a1ec NEW |
none[none] | none:none |
none|none | none | none |
| T:21:38:00 | Win2K-f | 118.233.246.6 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8887d42f5c NEW |
afaf06d6cd [0] | none:none |
pex| | none | trace | |
| T:21:40:00 | Win2K-f | 78.61.210.191 (ZEBRA.LT): LIETUVOS-TELEKOMAS, VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:01:00 | Win2K-f | 24.83.83.188 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 3116621445 NEW |
9399e2ac48 [none] | none:none |
none|none | none | none | |
| T:22:02:00 | Win2K-f | 82.160.230.67 (TKTELEKOM.PL): TELEKOMUNIKACJA KOLEJOWA SP. Z O.O, WARSAW, WARSZAWA, PL. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 40 | 4674bf9f84 NEW |
1d04d6dc84 [none] | ASM:Graph |
none|none | lines=3292 embedded dns |
none |
| T:22:07:00 | Win2K-f | 70.72.218.5 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 41 | 7847c0e748 NEW |
4a2a0738d1 [none] | none:none |
none|none | none | none | |
| T:22:11:00 | WinXP | 66.81.213.57 (O1.COM): O1 DIALUP SERVICES, CLOVIS, CALIFORNIA, US. (DIAL) |
n/a | :moscow-advokat.ru :flanders.be.eu.undernet.org AT:graz.at.eu.undernet.org NL:diemen.nl.eu.undernet.org :los-angeles.ca.us.undernet.org SE:ozbytes.dal.net SE:broadway.ny.us.dal.net :lia.zanet.net :brussels.be.eu.undernet.org :gaspode.zanet.org.za SE:ced.dal.net SE:london.uk.eu.undernet.org :washington.dc.us.undernet.org :lulea.se.eu.undernet.org :caen.fr.eu.undernet.org SE:coins.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:15:00 | Win2K-f | 218.175.32.137 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ffbb6cbe61 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:23:00 | Win2K-f | 122.3.209.190 (PLDT.NET): IPG, MANILA, MANILA, PH. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 8128405d8c NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:22:31:00 | WinXP | 67.55.176.51 (NETINS.NET): WESTERN IOWA TELEPHONE, MOVILLE, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:33:00 | Win2K-f | 95.180.67.150 (IKOMLINE.NET): IKOMLINE, RS. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:37:00 | Win2K-f | 113.254.200.177 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | 013a5ba10e NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:22:43:00 | Win2K-f | 97.77.94.147 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | bedf29b824 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:44:00 | Win2K-f | 113.252.126.137 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | f14fd68756 NEW |
f14fd68756 [1] | ASM:Graph |
pex| | lines=19 | trace | |
| T:22:55:00 | Win2K-f | 96.48.226.152 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | c13a6c3da5 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:22:56:00 | WinXP | 96.49.85.18 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | 3a8d87f48a NEW |
5194faca11 [none] | none:none |
none|none | none | none |
| T:22:58:00 | WinXP | 83.215.2.213 (SALZBURG-ONLINE.AT): SALZBURG AG PROVIDES INTERNET-SERVICES, SALZBURG, SALZBURG, AT. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 8128405d8c NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:23:17:00 | Win2K-f | 114.36.41.110 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 17c42606e8 NEW |
afaf06d6cd [none] | none:none |
none|none | none | none | |
| T:23:23:00 | Win2K-f | 68.147.31.16 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | TW:m.DRD3H.COM TW:122.117.146.70:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 29a3030e16 NEW |
1d04d6dc84 [none] | ASM:Graph |
none|none | lines=3292 embedded dns |
none |
| T:23:30:00 | Win2K-f | 118.169.220.71 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | f14fd68756 NEW |
f14fd68756 [1] | ASM:Graph |
pex| | lines=19 | trace |
| T:23:41:00 | Win2K-f | 117.19.121.76 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8887d42f5c NEW |
afaf06d6cd [0] | none:none |
pex| | none | trace | |
| T:23:53:00 | Win2K-f | 96.49.65.80 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | a321b333db NEW |
none[none] | none:none |
none|none | none | none |
| T:23:54:00 | Win2K-f | 77.47.63.156 (CABLESURF.DE): KKG-GUE-DHCP-SPACE, BERLIN, BERLIN, DE. (DSL) |
n/a | TW:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 29a3030e16 NEW |
1d04d6dc84 [none] | ASM:Graph |
none|none | lines=3292 embedded dns |
none |