|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:17:00 | Win2K-f | 118.87.18.171 (ODWR.J-CNET.JP): ODAWARA CABLETV INTERNET SERVICE, ODAWARA, KANAGAWA, JP. (DSL) |
92.240.234.164:3305 | US:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 604 lines |
Yeah : 1.8 profile |
none | summary tarball |
36 of 39 | f5114d3371 NEW |
330af0d74b [0] | none:none |
StarForce| | none | trace |
| T:01:30:00 | Win2K-f | 112.200.57.9 (PLDT.NET): IPG, LAS PINAS CITY, MANILA, PH. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1075 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 13cb2915ce NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:39:00 | Win2K-f | 70.184.248.143 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. (DSL) |
88.198.228.238:65520 | US:microsoft.com CN:proxim.ircgalaxy.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :bfkq.com :wws.mobiec.net :jsactivity.com US:search.toptravellingtips.com US:search.articleswave.co.uk 204.27.57.154:8392 US:208.43.250.167:80 DE:88.198.228.238:65520 |
135 | pcap | raw alerts ruleset |
irc http 204 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none none none none none 32 of 33 29 of 33 26 of 41 |
0efb36c9d9 NEW 28c18857f4 NEW 38a08b3ef6 NEW 6aa975ce51 NEW 6e36427ade NEW 79383ccc54 NEW 87e1117f2a NEW b4fe4581c3 NEW dd96e88e03 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] 3ff643aae6[0] 599b835896[0] 6f87541765[0] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none tElock| Armadillo| StarForce| |
none none none none none none none none none |
none none none none none none trace trace trace |
| T:01:49:00 | Win2K-f | 78.156.235.240 (-): OPEN JOINT-STOCK COMPANY DAGSVYAZINFORM, MAKHACHKALA, DAGESTAN, RU. (DSL) |
218.93.201.51:65520 | :search.bestoffersdirectory.com US:microsoft.com CN:proxim.ircgalaxy.pl CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :wws.mobiec.net :xz.ub9.net :in.7cy.net :in1.7cy.net US:phtos.net US:images01.tzimg.com US:domdex.com :b.collective-media.net :a.collective-media.net US:ad.yieldmanager.com US:64.38.232.180:80 67.228.101.130:80 67.228.101.131:80 |
445 | pcap | raw alerts ruleset |
http irc 51 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none none none 26 of 41 |
0efb36c9d9 NEW 388c6da80c NEW 6e36427ade NEW 79383ccc54 NEW a436ee2a83 NEW dd96e88e03 NEW |
none[none] none [none] none [none] none [none] none [none] 6f87541765[0] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none StarForce| |
none none none none none none |
none none none none none trace |
| T:01:54:00 | WinXP | 70.64.14.198 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:19:00 | Win2K-f | 113.252.8.243 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:03:04:00 | WinXP | 122.209.39.222 (UCOM.NE.JP): G-KG0050N, TOKYO, TOKYO, JP. (100Mbps) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 3909702c20 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:04:00 | Win2K-f | 113.255.28.132 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
7f6289ba44 NEW 80ad48ab3e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:56:00 | WinXP | 79.162.134.131 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 07191c6c59 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:13:00 | WinXP | 122.49.237.61 (CCNET-AI.NE.JP): COMMUNITY NETWORK CENTER INC, TOYOKAWA, AICHI, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=81 lines=75 embedded dns |
trace trace |
| T:04:29:00 | WinXP | 208.105.225.199 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:04:45:00 | Win2K-f | 123.214.252.39 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
88.198.228.238:65520 | US:microsoft.com FR:proxim.ircgalaxy.pl EU:pozeml.com CN:down1130.iwillhavesexygirls.com :pozemle.cn CN:www.petdoso.com CN:202.97.184.196:81 CN:210.51.36.215:88 DE:88.198.228.238:65520 |
135 | pcap | raw alerts ruleset |
irc http 131 lines |
Yeah : 1.8 profile |
none | summary tarball |
16 of 41 29 of 32 4 of 41 28 of 32 11 of 41 |
371ffb2c8b NEW 8a75955033 NEW 8e7cffa818 NEW 9276c8b36b NEW a2ce42b73d NEW |
none[none] 2bf3e548b9[0] none [none] none [0] none [none] |
none:none ASM:Graph none:none ASM:Graph none:none |
none|none tElock| none|none Armadillo| none|none |
none lines=126 embedded dns none lines=81 none |
none trace none trace none |
| T:06:14:00 | Win2K-f | 63.28.116.188 (UU.NET): UUNET TECHNOLOGIES INC, COLLEGEVILLE, PENNSYLVANIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:07:02:00 | Win2K-f | 173.29.139.196 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 40 |
067917e07b NEW d764c1dcb2 NEW |
dae35b319c [0] 3d2bc60c5d[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:07:13:00 | WinXP | 99.129.102.119 (PACBELL.NET): AT&T INTERNET SERVICES, WATERBURY, CONNECTICUT, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:07:35:00 | WinXP | 79.162.164.155 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 07191c6c59 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:05:00 | WinXP | 112.203.82.187 (PLDT.NET): IPG, PH. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | f45285574e NEW |
d984958bf9 [none] | none:none |
PolyEnE| | none | trace |
| T:08:18:00 | Win2K-f | 4.225.139.113 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CINCINNATI, OHIO, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 163 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:08:53:00 | Win2K-f | 110.9.112.81 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 5 of 41 |
14f47ffd1e NEW 50437008d9 NEW |
90bf4b99ff [0] c1b09ac5d7[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| 09:59:00 | WinXP | 109.87.25.76 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | cdfc97be37 NEW |
48cdfeed00 [none] | none:none |
PolyEnE| | none | trace |
| 10:16:00 | Win2K-f | 222.124.189.129 (TELKOM.NET.ID): PT TELKOM INDONESIA'S CUSTOMER, JAKARTA, JAKARTA RAYA, ID. (100Mbps) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:11:59:00 | Win2K-f | 24.76.116.136 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 484165cb8a NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:11:00 | WinXP | 217.248.110.215 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BERLIN, BERLIN, DE. (DIAL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 29 | 02e28b7658 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:50:00 | Win2K-f | 4.228.255.160 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SALT LAKE CITY, UTAH, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:08:00 | WinXP | 186.9.41.225 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:19:00 | Win2K-f | 118.87.20.227 (ODWR.J-CNET.JP): ODAWARA CABLETV INTERNET SERVICE, ODAWARA, KANAGAWA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 NEW e4ed4df0f0 NEW |
5fe761661a [0] de471fc380[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:14:46:00 | Win2K-f | 67.150.58.245 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, ROCHESTER, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 203 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:08:00 | WinXP | 74.73.20.65 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. (DSL) |
n/a | EU:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef NEW |
none[0] | none:none |
ASPack| | lines=281 embedded dns |
trace |
| T:15:31:00 | Win2K-f | 60.234.113.1 (ORCON.NET.NZ): ORCON INTERNET LTD SUPPORT, AUCKLAND, AUCKLAND, NZ. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 709 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 | 83f6cb959d NEW |
445f56b6dd [0] | none:none |
StarForce| | none | trace | |
| T:15:38:00 | Win2K-f | 173.19.208.234 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, IOWA CITY, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 39 of 41 |
3bff218b8f NEW 7eaf7b4470 NEW |
b570b734be [0] 8e0b194526[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:15:59:00 | Win2K-f | 76.92.201.45 (RR.COM): ROAD RUNNER HOLDCO LLC, OVERLAND PARK, KANSAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 17:41:00 | Win2K-f | 80.253.136.167 (AZADNET.NET): AZADNET CUSTOMER ASSIGNMENT BLOCK NUMBER FOUR, TEHRAN, ESFAHAN, IR. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org EU:getmyip.co.uk US:www.getmyip.org DE:131.220.6.26:80 208.78.70.70:80 US:75.126.138.202:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:19:01:00 | Win2K-f | 207.5.121.144 (MICROLNK.COM): MICROLNK LLC, OMAHA, NEBRASKA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:20:00 | WinXP | 117.254.21.48 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
n/a | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 58103f6fe1 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:26:00 | Win2K-f | 4.159.226.95 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 19:39:00 | Win2K-f | 194.225.115.82 (-): IRAN POLYMER INSTITUTE, TEHRAN, ESFAHAN, IR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 12 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:02:00 | Win2K-f | 173.31.83.189 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MIDDLETOWN, NEW YORK, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:24:00 | WinXP | 186.10.17.251 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, CL. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:20:30:00 | Win2K-f | 71.74.112.223 (RR.COM): ROAD RUNNER HOLDCO LLC, ERIE, PENNSYLVANIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 340 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 9ff879d07e NEW |
none[none] | none:none |
none|none | none | none | |
| T:21:05:00 | WinXP | 211.211.69.38 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
218.93.201.51:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com EU:pozeml.com :pozemle.cn CN:www.petdoso.com CN:down1130.iwillhavesexygirls.com GB:www.businesstomb.com CN:www.kimcar.com US:fafcdsads.com US:syndication.exoclick.com :ad.doubleclick.net CN:210.51.36.215:88 CN:61.152.144.146:80 74.125.19.148:80 |
135 | pcap | raw alerts ruleset |
irc http 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 16 of 41 22 of 41 31 of 33 4 of 41 11 of 41 21 of 41 |
168aab35a3 NEW 371ffb2c8b NEW 3b7db74080 NEW 667f0c59f3 NEW 8e7cffa818 NEW a2ce42b73d NEW eaadfe3615 NEW |
60b730b97e [0] none [none] none [none] 8fe2be2095[0] none [none] none [none] none [none] |
ASM:Graph none:none none:none ASM:Graph none:none none:none none:none |
tElock| none|none none|none Armadillo| none|none none|none none|none |
lines=120 embedded dns none none lines=91 none none none |
trace none none trace none none none |
| T:21:55:00 | Win2K-f | 69.72.36.214 (CORETEL.NET): CORETEL AMERICA INC, ANNAPOLIS, MARYLAND, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 159 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:21:00 | Win2K-f | 174.5.168.103 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
15b89b9fda NEW 631bd3e5f4 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:34:00 | WinXP | 64.178.145.112 (-): FOX CREEK CPE, WHITECOURT, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:15:00 | WinXP | 60.249.37.247 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:23:28:00 | Win2K-f | 219.44.12.57 (BBTEC.NET): SOFTBANK BB CORP, YOKOHAMA, KANAGAWA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |