|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:08:00 | Win2K-f | 60.249.37.106 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:01:39:00 | WinXP | 24.106.128.202 (RR.COM): ROAD RUNNER HOLDCO LLC, CUYAHOGA FALLS, OHIO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:39:00 | Win2K-f | 70.60.180.200 (RR.COM): ROAD RUNNER HOLDCO LLC, WEST MEMPHIS, ARKANSAS, US. (DSL) |
n/a | US:microsoft.com CN:proxim.ircgalaxy.pl CN:av.lometr.pl CN:down1130.iwillhavesexygirls.com EU:pozeml.com :pozemle.cn :commerceclick.co.uk 1.1.1.1:80 CN:210.51.36.215:88 CN:61.235.117.71:80 |
135 | pcap | raw alerts ruleset |
irc http 560 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 41 34 of 36 4 of 41 33 of 36 11 of 41 |
5fd727d3c1 NEW 644b2a1105 NEW 8e7cffa818 NEW 9c9ab20965 NEW a2ce42b73d NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:02:08:00 | WinXP | 75.51.249.146 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 02:24:00 | Win2K-f | 218.22.106.14 (CNDATA.COM): CHINANET ANHUI PROVINCE NETWORK, HEFEI, ANHUI, CN. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk US:www.getmyip.org :checkip.dyndns.org US:67.15.94.80:80 US:75.126.138.202:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:03:17:00 | Win2K-f | 71.116.212.170 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:52:00 | Win2K-f | 203.118.238.245 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, T'AI-WAN, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:56:00 | Win2K-f | 202.147.209.43 (KCN-TV.NE.JP): KUMAMOTO CABLE NETWORK CORPORATION, KUMAMOTO, KUMAMOTO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
3dabcd5308 NEW 846729d45e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:16:00 | Win2K-f | 67.55.176.51 (NETINS.NET): WESTERN IOWA TELEPHONE, MOVILLE, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:04:33:00 | WinXP | 112.78.74.174 (-): VIBO TELECOM INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | cf346981b5 NEW |
2eb6c94f0a [none] | none:none |
PolyEnE| | none | trace |
| T:04:42:00 | WinXP | 64.188.198.102 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | none:none |
PolyEnE| | none | trace |
| T:04:46:00 | Win2K-f | 99.160.253.121 (PACBELL.NET): AT&T INTERNET SERVICES, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:32:00 | Win2K-f | 208.79.57.174 (295.CA): 3757277 CANADA INC. (OA 295.CA), MONTREAL, QUEBEC, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 | b7082104e4 NEW |
c5b49e7b82 [0] | ASM:Graph |
tElock| | lines=41 | trace | |
| T:05:32:00 | Win2K-f | 218.220.157.207 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 37 of 41 |
53bfe15e91 NEW 89747f56b8 NEW |
1473091351 [0] bd6821b297[0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns none |
trace trace |
| T:05:50:00 | Win2K-f | 110.12.45.97 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
193.104.94.11:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:av.lometr.pl CN:down1130.iwillhavesexygirls.com EU:pozeml.com CN:1130.kfgrtjer.cn :bfkq.com :jsactivity.com :pozemle.cn US:search.toptravellingtips.com FR:193.104.94.11:65520 US:208.43.250.167:80 |
135 | pcap | raw alerts ruleset |
irc http 205 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 0 of 41 24 of 41 29 of 32 10 of 41 4 of 41 28 of 32 11 of 41 20 of 41 28 of 41 |
1952cce948 NEW 40da9b2b3a NEW 5fd727d3c1 NEW 8a75955033 NEW 8cf255489d NEW 8e7cffa818 NEW 9276c8b36b NEW a2ce42b73d NEW bff6a46c39 NEW c125dd19c3 NEW |
none[none] none [none] none [none] 2bf3e548b9[0] none [none] none [none] none [0] none [none] none [none] none [none] |
none:none none:none none:none ASM:Graph none:none none:none ASM:Graph none:none none:none none:none |
none|none none|none none|none tElock| none|none none|none Armadillo| none|none none|none none|none |
none none none lines=126 embedded dns none none lines=81 none none none |
none none none trace none none trace none none none |
| T:05:58:00 | Win2K-f | 203.70.52.115 (SEED.NET.TW): SEEDNET-TAIPEIDP-S, TAIPEI, T'AI-PEI, TW. (DSL) |
68.178.232.100:80 | US:as.casalemedia.com :pagead2.googlesyndication.com US:images-pw.secureserver.net US:cdn.optmd.com US:download.macromedia.com US:i.casalemedia.com :imagesak.godaddy.com US:fpdownload2.macromedia.com US:search.musicforher.com **:169.254.254.2:707 209.188.91.204:80 |
135 | pcap | raw alerts ruleset |
http 67 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 41 13 of 41 |
3e27e9efd4 NEW a5c912735e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:17:00 | Win2K-f | 119.228.144.224 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. (DSL) |
88.198.228.238:65520 | CN:proxim.ircgalaxy.pl CN:down1130.iwillhavesexygirls.com EU:pozeml.com CN:1130.kfgrtjer.cn :pozemle.cn CN:ty.lnlycnc.cn :wws.mobiec.net :xz.ub9.net :in.7cy.net :in1.7cy.net :patchcar.com US:i.nuseek.com US:rc10.overture.com US:m1549.ic-live.com 1.1.1.1:80 US:206.16.45.171:80 DE:88.198.228.238:65520 |
445 | pcap | raw alerts ruleset |
http irc 51 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 41 none 4 of 41 11 of 41 0 of 41 20 of 41 14 of 41 26 of 41 |
0a05b99e8f NEW 1952cce948 NEW 8e7cffa818 NEW a2ce42b73d NEW af931532a6 NEW bff6a46c39 NEW d704c1205e NEW dd96e88e03 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] 6f87541765[0] |
none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none StarForce| |
none none none none none none none none |
none none none none none none none trace |
| T:06:36:00 | WinXP | 218.39.23.40 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
218.93.201.51:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :bfkq.com :jsactivity.com EU:pozeml.com :pozemle.cn US:search.toptravellingtips.com CN:ty.lnlycnc.cn :commerceclick.co.uk 1.1.1.1:80 |
135 | pcap | raw alerts ruleset |
irc http 176 lines |
Yeah : 1.8 profile |
none | summary tarball |
8 of 41 31 of 33 none 24 of 41 31 of 33 10 of 41 4 of 41 11 of 41 20 of 41 0 of 41 14 of 41 |
0a05b99e8f NEW 168aab35a3 NEW 1952cce948 NEW 5fd727d3c1 NEW 667f0c59f3 NEW 8cf255489d NEW 8e7cffa818 NEW a2ce42b73d NEW bff6a46c39 NEW d583bb6178 NEW d704c1205e NEW |
none[none] 60b730b97e[0] none [none] none [none] 8fe2be2095[0] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none ASM:Graph none:none none:none ASM:Graph none:none none:none none:none none:none none:none none:none |
none|none tElock| none|none none|none Armadillo| none|none none|none none|none none|none none|none none|none |
none lines=120 embedded dns none none lines=91 none none none none none none |
none trace none none trace none none none none none none |
| T:06:58:00 | Win2K-f | 222.234.193.106 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 5 of 41 |
14f47ffd1e NEW 50437008d9 NEW |
90bf4b99ff [0] c1b09ac5d7[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:07:58:00 | Win2K-f | 202.137.187.238 (CCNET-AI.NE.JP): COMMUNITY NETWORK CENTER INC, TOYOKAWA, AICHI, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=81 lines=75 embedded dns |
trace trace |
| T:08:20:00 | Win2K-f | 70.232.240.25 (ISOSAT.NET): LG WIS INC, NEW YORK, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:08:26:00 | WinXP | 95.246.173.111 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA WIRELINE SERVICES, ROME, LAZIO, IT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
none[0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:43:00 | WinXP | 116.59.172.78 (HINET.NET): CHT-MOBILE BUSINESS GROUP CHUNGHWA, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:10:39:00 | Win2K-f | 71.170.77.82 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GARLAND, TEXAS, US. (DSL) |
92.240.234.164:3305 | :cx10man.weedns.com US:fx010413.whyI.org 92.240.234.164:3305 |
135 | pcap | raw alerts ruleset |
irc 696 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 41 | deffdf68e8 NEW |
2b011e15ba [0] | none:none |
StarForce| | none | trace |
| T:10:58:00 | Win2K-f | 110.11.222.61 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
218.93.201.51:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:down1130.iwillhavesexygirls.com CN:1130.kfgrtjer.cn :bfkq.com :jsactivity.com US:search.toptravellingtips.com CN:ty.lnlycnc.cn :www.toptravellingtips.com :wws.mobiec.net 173.45.105.218:8392 |
135 | pcap | raw alerts ruleset |
irc http 338 lines |
Yeah : 1.8 profile |
none | summary tarball |
8 of 41 none 29 of 32 10 of 41 28 of 32 0 of 40 20 of 41 14 of 41 26 of 41 |
0a05b99e8f NEW 1952cce948 NEW 8a75955033 NEW 8cf255489d NEW 9276c8b36b NEW aebdbede2a NEW bff6a46c39 NEW d704c1205e NEW dd96e88e03 NEW |
none[none] none [none] 2bf3e548b9[0] none [none] none [0] none [none] none [none] none [none] 6f87541765[0] |
none:none none:none ASM:Graph none:none ASM:Graph none:none none:none none:none none:none |
none|none none|none tElock| none|none Armadillo| none|none none|none none|none StarForce| |
none none lines=126 embedded dns none lines=81 none none none none |
none none trace none trace none none none trace |
| T:12:02:00 | WinXP | 186.9.204.152 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
n/a | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | f45285574e NEW |
d984958bf9 [none] | none:none |
PolyEnE| | none | trace |
| 13:13:00 | WinXP | 212.200.109.145 (BANKERINTER.NET): BANKER-NET, CS. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | e0a6ade689 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:40:00 | Win2K-f | 70.182.68.25 (COX.NET): COX COMMUNICATIONS, NORMAN, OKLAHOMA, US. (DSL) |
88.198.228.238:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:down1130.iwillhavesexygirls.com CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc 135 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a NEW b4fe4581c3 NEW |
3ff643aae6 [0] 599b835896[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| 14:53:00 | WinXP | 216.19.20.78 (COMMSPEED.NET): COMMSPEED ARIZONA LLC, CHINO VALLEY, ARIZONA, US. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:14:57:00 | Win2K-f | 69.114.190.103 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BROOKLYN, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:22:00 | Win2K-f | 71.136.4.212 (-): CLINTON GILBERT, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:16:04:00 | Win2K-f | 4.227.114.44 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LIBERTY, TEXAS, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1017 lines |
Yeah : 1.3 profile |
none | summary tarball |
7 of 41 | 2c257ce9ff NEW |
none[none] | none:none |
none|none | none | none | |
| T:16:36:00 | Win2K-f | 61.215.150.186 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
10eebdc28e NEW 761a66b891 NEW |
e2ca2da35d [none] b469dac5dc[none] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| 16:41:00 | WinXP | 59.114.11.80 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 NEW |
none[0] | none:none |
PolyEnE| | lines=63 | trace |
| T:16:59:00 | WinXP | 4.143.230.150 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WILMINGTON, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
5af05bec2e NEW ff34a1caa4 NEW |
none[none] 979a6569d4[0] |
none:none none:none |
none|none Armadillo| |
none none |
none trace |
| T:18:04:00 | Win2K-f | 125.58.124.242 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 18:26:00 | Win2K-f | 115.232.9.25 (HZ.ZJ.CN): CHINANET ZHEJIANG PROVINCE NETWORK, BEIJING, BEIJING, CN. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org :checkip.dyndns.org US:67.15.94.80:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:18:50:00 | Win2K-f | 152.48.222.69 (UNC.EDU): NORTH CAROLINA RESEARCH AND EDUCATION NETWORK, DURHAM, NORTH CAROLINA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:55:00 | WinXP | 64.188.193.218 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | none:none |
PolyEnE| | none | trace |
| T:19:01:00 | Win2K-f | 4.180.150.63 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCE, KANSAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 3 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:18:00 | WinXP | 64.188.193.218 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | none:none |
PolyEnE| | none | trace | |
| T:19:48:00 | Win2K-f | 66.160.182.5 (SQUAW.COM): BIGBIZ INTERNET SERVICES, NEW YORK, NEW YORK, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 756ec12774 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:12:00 | Win2K-f | 63.17.209.80 (UU.NET): UUNET TECHNOLOGIES INC, SENOIA, GEORGIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 222 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
|
| 20:33:00 | Win2K-f | 122.252.232.139 (-): DAINIKBHASKAR, AGRA, UTTAR PRADESH, IN. (100Mbps) |
n/a | US:www.maxmind.com :checkip.dyndns.org US:www.getmyip.org EU:getmyip.co.uk GB:www.vouchercodez.com 208.78.70.70:80 US:67.15.94.80:80 US:75.126.138.202:80 GB:80.82.121.239:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:20:43:00 | Win2K-f | 122.252.232.139 (-): DAINIKBHASKAR, AGRA, UTTAR PRADESH, IN. (100Mbps) |
n/a | US:www.maxmind.com US:www.getmyip.org EU:getmyip.co.uk GB:www.vouchercodez.com :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:21:12:00 | Win2K-f | 172.129.191.95 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 140 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:35:00 | Win2K-f | 61.215.150.186 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
10eebdc28e NEW 761a66b891 NEW |
e2ca2da35d [none] b469dac5dc[none] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:23:44:00 | WinXP | 116.197.30.69 (-): DIGI TELECOMMUNICATIONS SDN BHD, SHAH ALAM, SELANGOR, MY. (DSL) |
n/a | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | none:none |
PolyEnE| | none | trace |