Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

21 February 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:01:58:00 Win2K-f 202.150.118.127 (-):
KOL-DIAL,
AUCKLAND, AUCKLAND, NZ. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:02:06:00 Win2K-f 211.23.226.98 (-):
LIOU-TZUNG-YI-TC,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
37 of 40		 5d445c59d8
NEW
8a54950abb
NEW 		892e12db7b [0]
f6b9e43917[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:02:49:00 Win2K-f 209.204.73.136 (SNIPARPA.NET):
SNIP,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:08:00 Win2K-f 180.67.129.163 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		83.133.119.206:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
CN:122.224.6.48:88
EU:91.206.201.39:80 		135 pcap raw alerts
ruleset 		irc
128 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
NEW
667f0c59f3
NEW 		60b730b97e [0]
8fe2be2095[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=120
embedded dns
lines=91 		trace
trace
T:03:30:00 Win2K-f 67.213.240.240 (UBTANET.COM):
UBTANET,
VERNAL, UTAH, US. (DSL) 		83.133.119.206:65520 DE:proxima.ircgalaxy.pl
:pozemle.cn
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
US:bfkq.com
:jsactivity.com
EU:img.ub8.net
US:search.toptravellingtips.com
US:208.43.250.167:80
CN:60.190.222.139:65520
US:64.120.176.66:8392
EU:91.214.44.12:80 		445 pcap raw alerts
ruleset 		irc
http
102 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 41
11 of 41
10 of 41
6 of 41
0 of 40
6 of 41
15 of 40
7 of 41		 07040dcdd8
NEW
62918c0f46
NEW
8412afbcf5
NEW
959e296c78
NEW
9ef7a1c0f9
NEW
c7d753fe73
NEW
ca0b4211c2
NEW
dd3a45a19c
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none
none
none 		none
none
none
none
none
none
none
none
T:04:30:00 Win2K-f 118.83.8.105 (HTOJ.J-CNET.JP):
JCN-HTMNET,
HACHIOJI, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
122 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 0b951c2832
NEW
e4ed4df0f0
NEW 		5fe761661a [0]
de471fc380[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:05:39:00 Win2K-f 64.175.160.91 (PACBELL.NET):
AT&T INTERNET SERVICES,
CARLSBAD, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:05:54:00 WinXP 186.9.23.235 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
06:20:00 Win2K-f 98.134.57.52 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - ATLANTA,
LAKE CITY, FLORIDA, US. (DSL) 		n/a EE:www.starman.ee
FI:www.if.ee
FI:194.215.38.3:80
US:204.152.184.139:80
EE:62.65.192.24:80 		445 pcap raw alerts
ruleset 		other
0 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:06:32:00 Win2K-f 113.252.87.217 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1002 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 41 76b84a1bf1
NEW 		none[3] none:none
 none|none none trace
08:20:00 Win2K-f 114.26.147.25 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a EE:www.starman.ee
FI:194.215.38.3:80
US:204.152.184.139:80
EE:62.65.192.24:80 		445 pcap raw alerts
ruleset 		other
0 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
08:56:00 Win2K-f 85.95.147.44 (ROSMORPORT.RU):
PORTTELEKOM LLC 9 STRELNIKOVA ST. AREA SUBSCRIBERS,
MOSCOW, MOSCOW CITY, RU. (100Mbps) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:09:04:00 Win2K-f 70.183.3.169 (COX.NET):
COX COMMUNICATIONS,
SPRINGFIELD, VIRGINIA, US. (DSL) 		83.133.119.206:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
EU:img.ub8.net
CN:122.224.6.48:88
CN:60.190.222.139:65520
DE:83.133.119.206:65520
EU:91.206.201.39:80
EU:91.214.44.12:80 		135 pcap raw alerts
ruleset 		irc
http
117 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 41
32 of 33
29 of 33		 2c4ccca089
NEW
87e1117f2a
NEW
b4fe4581c3
NEW 		none[none]
3ff643aae6[0]
599b835896[0] 		none:none
none:none
none:none
 none|none
tElock|
Armadillo| 		none
none
none 		none
trace
trace
T:09:05:00 Win2K-f 85.95.147.44 (ROSMORPORT.RU):
PORTTELEKOM LLC 9 STRELNIKOVA ST. AREA SUBSCRIBERS,
MOSCOW, MOSCOW CITY, RU. (100Mbps) 		n/a US:www.maxmind.com
:checkip.dyndns.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
US:www.getmyip.org
DE:131.220.6.26:80
208.78.70.70:80
US:67.15.94.80:80
GB:80.82.121.239:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
10:15:00 Win2K-f 93.125.72.12 (AICHYNA.COM):
BELARUS ISP COMPANY,
MINSK, MINSK, BY. (DSL) 		n/a CN:www.baidu.com
US:ditblmrups.biz
US:swewvkk.biz
:tqqoxuepams.com
:srkvy.com
:dnjndiqgtt.info
:veoaqouvp.com
:mxmxnfa.com
US:eifgvef.biz
:tlcuhd.com
:iyvyhkg.net
:embqjpll.org
:vkourokz.info
:kmcajeflgwk.org
:pezqqp.com
:qzejl.com
US:ommioivw.biz
:rwhsitisik.org
:wvyxkibrhh.org
:mpwhlferr.com
:jxikg.com
:pvkzvvc.info
:lujbuotil.net
:qgatnseni.net
US:tnfllucxwa.biz
:emtcmcbkvxh.org
:kfvjiqpws.com
:uvdaun.com
US:narjxxa.biz
:gtrshg.net
:glseextrpyp.org
:bsmyfxhr.info
:pqlwfyxg.org
:xbksppayul.info
US:oxgrryrnd.biz
:biwlvquue.com
:kselvthxja.com
:mayqxk.info
:axtnnpncfnr.net
:cvdyo.org
:borhckfscd.net
:kucswkaitvk.org
US:urnbeujz.biz
:alqntlmqk.net
US:rmdxihnjnyb.biz
:bukhb.org
:yawhyl.net
:aoufyvi.net
:ywfgmisb.com
:mncpfe.info
:hobwhjhx.com
FI:194.215.38.3:80
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
7 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:10:41:00 Win2K-f 194.19.234.252 (-):
BTG,
RIGA, RIGA, LV. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:12:04:00 WinXP 203.90.81.38 (AKAMAITECHNOLOGIES.COM):
HCL INFINET LIMITED,
NEW DELHI, DELHI, IN. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:13:15:00 Win2K-f 71.130.22.21 (PACBELL.NET):
WILLIAM MARTINEZ DBA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
13:20:00 Win2K-f 78.51.84.243 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
BERLIN, BERLIN, DE. (DSL) 		n/a US:www.w3.org
US:ommioivw.biz
US:eifgvef.biz
:lcpisu.org
:oqesw.com
:dnjndiqgtt.info
:pqjxb.info
:hobwhjhx.com
:cwujhrxzn.org
:jpwra.info
:yrhxpqdg.info
US:xtxnun.biz
:xbksppayul.info
:deotbguwpye.net
US:oxecvhaiux.biz
US:uyfeslba.biz
:eletik.info
:msxgpfm.info
:kucswkaitvk.org
:zfvzudzx.info
US:tdgismeky.biz
:wjymfyudi.net
:skqvxnlmi.info
:lvbvgzv.net
US:ubtfvbg.biz
:lnvhcsimm.net
US:qrecutrhpek.biz
US:qfhmrzex.biz
US:oiidquqaf.biz
:tlcuhd.com
:hbdubjbrii.net
US:tbmsqw.biz
:biwlvquue.com
:bkjvtpnok.info
:yawhyl.net
:pftgth.com
US:crpgfnnp.biz
:fbfwxpmz.info
:olvsvrau.com
US:ptuapk.biz
:vkourokz.info
:xitmqlgctm.info
:rlvhgdmpkq.com
:fbdxtb.net
:wcpfhxb.net
:shutptdzpz.net
:uysos.info
:nncsyxwifd.net
:mrxvypbc.net
:xjcpnfzhztd.com
:bbtatd.org
:itdetkbonrn.net
:gmwdnidnf.info
:zqrpiewcig.net
:nnqgfjsqsez.info
:kfvjiqpws.com
:qclvges.org
:tqrfgo.info
:whlytird.net
:elpbrfj.com
:atrpayufu.com
:tgvwvigm.com
US:ditblmrups.biz
:wfdvf.com
:yvimjhct.info
:nscwllpu.com
:wfkupzeb.com
:wwtjabyx.com
:movpj.net
:uvdaun.com
:rwseny.org
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:14:10:00 Win2K-f 211.20.222.150 (HINET.NET):
XUN HANG TECHNOLOGY CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		212.54.2.171:3305 JP:cx10man.weedns.com
US:fx010413.whyI.org
:gynoman.weedns.com
US:g.0x20.biz
FI:telephone.dd.blueline.be
92.240.234.164:3305 		135 pcap raw alerts
ruleset 		irc
696 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 41 b8076e37ae
NEW 		52953fed05 [0] none:none
 StarForce| none trace
T:14:52:00 Win2K-f 24.178.114.74 (CHARTER.COM):
CHARTER COMMUNICATIONS,
COLUMBUS, GEORGIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
89 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
40 of 41		 53bfe15e91
NEW
e9ba0ecde5
NEW 		1473091351 [0]
none [none] 		ASM:Graph
none:none
 tElock|
none|none 		lines=75
embedded dns
none 		trace
none
T:19:00:00 Win2K-f 61.59.149.139 (SEED.NET.TW):
SEEDNET-TAIPEIDP-S,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
40 of 41		 71e6f60517
NEW
ab4e3226c4
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:30:00 Win2K-f 99.160.223.178 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
21:36:00 WinXP 69.85.121.224 (ELLIJAY.COM):
ELLIJAY COMMUNITY TELEVISION,
ELLIJAY, GEORGIA, US. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 35 9716d7995a
NEW 		c3a5354b6f [0] none:none
 PolyEnE| none trace
T:22:08:00 WinXP 61.46.140.90 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
33 of 33		 07fabc79ef
NEW
53bfe15e91
NEW 		none[0]
1473091351[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=81
lines=75
embedded dns 		trace
trace
T:23:31:00 WinXP 122.146.242.155 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
57ce4acac2
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
23:47:00 Win2K-f 76.160.242.238 (CAVTEL.NET):
CAVALIER TELEPHONE,
DUNDALK, MARYLAND, US. (DSL) 		n/a US:trafficconverter.biz
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none