Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

06 March 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:22:00 Win2K-f 174.39.188.83 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
NORTH PLATTE, NEBRASKA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
129 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 53aa804019
NEW
95ddd4a823
NEW 		29c6cdbf45 [0]
9e78315a6d[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=64
embedded dns
lines=91 		trace
trace
T:01:22:00 WinXP 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, T'AI-WAN, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:10:00 Win2K-f 115.130.38.169 (-):
3G MOBILE SERVICE PROVIDER,
MELBOURNE, VICTORIA, AU. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:02:32:00 Win2K-f 64.175.160.91 (PACBELL.NET):
AT&T INTERNET SERVICES,
CARLSBAD, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:59:00 Win2K-f 203.88.177.9 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOYAMA, TOYAMA, JP. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:48:00 WinXP 122.126.66.2 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 ed96c03ca8
NEW 		c0028e9e98 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:08:09:00 Win2K-f 195.137.30.127 (FREEDOM2SURF.NET):
FREEDOM TO SURF LTD,
LONDON, ENGLAND, UK. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
40 of 41		 99c07c4fd6
NEW
bc43f0abc4
NEW 		bbf30ef165 [0]
67bede154c[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=91
lines=64
embedded dns 		trace
trace
T:12:23:00 Win2K-f 173.16.42.71 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
DAPHNE, ALABAMA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:14:04:00 Win2K-f 68.147.4.6 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
188 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 8ef3f9fd36
NEW 		1c396012a3 [0] ASM:Graph
 none|none lines=546 trace
T:14:12:00 WinXP 96.15.238.246 (-):
ALLTEL SIP CUSTOMERS - LITTLE ROCK,
WEST MONROE, LOUISIANA, US. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 42 3df86eba85
NEW 		none[none] none:none
 none|none none none
T:14:28:00 WinXP 68.201.22.135 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BRANDON, FLORIDA, US. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:14:58:00 Win2K-f 24.178.114.74 (CHARTER.COM):
CHARTER COMMUNICATIONS,
COLUMBUS, GEORGIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
89 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
40 of 41		 53bfe15e91
NEW
e9ba0ecde5
NEW 		1473091351 [0]
c03f9e1524[none] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
none 		trace
none
T:15:20:00 WinXP 4.158.204.241 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DELANO, MINNESOTA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
142 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 42
40 of 42		 7549900329
NEW
b71514f095
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
15:55:00 Win2K-f 61.191.228.149 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
HEFEI, ANHUI, CN. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:16:05:00 Win2K-f 61.191.228.149 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
HEFEI, ANHUI, CN. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
16:57:00 Win2K-f 74.222.0.83 (VRTSERVERS.NET):
VRTSERVERS INC,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
GB:80.82.121.239:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:17:06:00 Win2K-f 74.222.0.83 (VRTSERVERS.NET):
VRTSERVERS INC,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:17:10:00 Win2K-f 72.185.231.20 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
20:11:00 Win2K-f 173.45.83.75 (XLHOST.COM):
XLHOST.COM INC,
COLUMBUS, OHIO, US. (100Mbps) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
20:32:00 Win2K-f 194.209.31.13 (-):
PALEXPO-1-NET,
GENEVA, GENEVE, CH. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 71afca1665
NEW 		none[3] none:none
 StarForce| none trace
T:20:52:00 WinXP 144.134.1.54 (TMNS.NET.AU):
TELSTRAINTERNET27,
ADELAIDE, SOUTH AUSTRALIA, AU. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:57:00 Win2K-f 61.122.50.245 (OCT-NET.NE.JP):
OITA CABLE TELECOM CO. LTD,
OITA, OITA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
41 of 42		 024410ad21
NEW
a52a7a8054
NEW 		96d0267b80 [0]
none [none] 		ASM:Graph
none:none
 tElock|
none|none 		lines=64
embedded dns
none 		trace
none
T:22:06:00 Win2K-f 4.176.108.159 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TUCSON, ARIZONA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
204 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41
36 of 40		 47d3548e36
NEW
d8722af110
NEW 		ab13346633 [0]
ab30a55931[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=91
lines=64
embedded dns 		trace
trace
T:22:12:00 Win2K-f 114.205.185.116 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 99c49d7014
NEW
e124bde171
NEW 		731b2ae7b1 [none]
f373c00d1e[none] 		none:none
none:none
 Armadillo|
PolyEnE| 		none
none 		none
none
T:22:30:00 WinXP 115.164.181.138 (-):
DIGI TELECOMMUNICATIONS SDN BHD,
SHAH ALAM, SELANGOR, MY. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace