|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:10:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:14:00 | WinXP | 70.184.154.68 (COX.NET): COX COMMUNICATIONS, YUKON, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:43:00 | Win2K-f | 98.191.203.210 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:54:00 | Win2K-f | 207.5.200.227 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:56:00 | Win2K-f | 219.248.211.156 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
60.190.222.139:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com CN:ku1.installstorm.com CN:down.installstorm.com US:sendinvest.com :findhobbits.com 173.45.105.218:8392 CN:222.170.127.203:88 CN:58.221.42.4:88 US:64.120.176.66:8392 US:64.191.44.8:8392 |
135 | pcap | raw alerts ruleset |
irc http 282 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 41 27 of 41 13 of 41 20 of 41 38 of 41 |
25797ca0a4 NEW 5c6c70b905 NEW 9f5205c55e NEW e2a8c34ba9 NEW ff3843f312 NEW |
none[4] none [none] none [none] none [none] 30a7e641cf[0] |
none:none none:none none:none none:none ASM:Graph |
PolyEnE| none|none none|none none|none Armadillo| |
none none none none lines=90 |
trace none none none trace |
| T:02:14:00 | Win2K-f | 95.25.196.42 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, MOSCOW, MOSCOW CITY, RU. (DSL) |
83.133.119.206:65520 | CN:down.installstorm.com DE:proxim.ircgalaxy.pl MD:ad.ghura.pl CN:ku1.installstorm.com CN:pic.iwillhavesexygirls.com CN:sky.installstorm.com :in.7cy.net :in1.7cy.net :camerastands.net :ad.yieldmanager.com US:food-saver.info US:microsoft.com CN:58.221.42.4:88 DE:83.133.119.206:65520 |
445 | pcap | raw alerts ruleset |
irc http 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 41 27 of 41 13 of 41 19 of 41 20 of 41 |
2cb2e4374e NEW 5c6c70b905 NEW 9f5205c55e NEW bfab139d60 NEW e2a8c34ba9 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:02:16:00 | WinXP | 62.117.123.103 (COMCOR.RU): COMCOR, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | US:microsoft.com EE:www.starman.ee FI:194.215.38.3:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 19 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:34:00 | Win2K-f | 125.4.236.50 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 40 of 41 |
1b1db1c992 NEW 8a50345c2f NEW |
a8036b5105 [0] 585123125f[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:03:54:00 | WinXP | 61.219.234.102 (HINET.NET): I-TAI-TECHNOLOGY-TP-NET, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | EE:www.starman.ee US:microsoft.com EE:195.50.195.10:443 |
135 | pcap | raw alerts ruleset |
http 19 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:04:31:00 | WinXP | 96.8.242.42 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:04:34:00 | Win2K-f | 125.4.7.245 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:04:40:00 | WinXP | 99.172.147.246 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, CHICAGO, ILLINOIS, US. (DSL) |
n/a | FI:194.215.38.3:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 12 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:12:00 | Win2K-f | 122.146.83.24 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:05:14:00 | WinXP | 58.123.70.58 (HANANET.NET): HANARO TELECOM INC, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 0 of 33 |
14f47ffd1e NEW 4c3df24b32 NEW |
90bf4b99ff [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=56 embedded dns lines=90 |
trace trace |
| T:06:45:00 | WinXP | 78.106.80.165 (CORBINA.RU): BROADBAND CUSTOMERS IN MOSCOW, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:06:58:00 | WinXP | 92.81.126.78 (ROMTELECOM.NET): ROMTELECOM DATA NETWORK, BUCHAREST, BUCURESTI, RO. (DSL) |
n/a | :m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | e3faefa56a NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:06:59:00 | Win2K-f | 113.252.206.108 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:09:36:00 | Win2K-f | 174.39.247.247 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, NORTH PLATTE, NEBRASKA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 95ddd4a823 NEW |
9e78315a6d [0] | ASM:Graph |
Armadillo| | lines=91 | trace | |
| T:09:39:00 | Win2K-f | 212.200.234.214 (TELEKOMSRBIJA.COM): TELEKOM SRBIJA, CS. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:02:00 | WinXP | 77.255.76.112 (COM.PL): NETIA, PL. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee US:microsoft.com FI:194.215.38.3:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
139 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:11:00 | Win2K-f | 81.9.214.105 (CM-81-9-237-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | US:microsoft.com | 139 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:15:00 | WinXP | 85.204.5.134 (OSI7.RO): S.C. IT4WEB S.R.L, CLUJ-NAPOCA, CLUJ, RO. (DSL) |
n/a | EE:www.starman.ee US:microsoft.com FI:194.215.38.3:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
139 | pcap | raw alerts ruleset |
http 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:13:00 | Win2K-f | 24.167.174.37 (RR.COM): ROAD RUNNER HOLDCO LLC, WINSTON SALEM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:12:07:00 | WinXP | 120.142.91.36 (-): C&M COMMUNICATION CO LTD, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | EE:www.starman.ee FI:194.215.38.3:80 EE:195.50.195.10:443 |
139 | pcap | raw alerts ruleset |
http 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:11:00 | WinXP | 24.79.87.133 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:43:00 | Win2K-f | 152.48.222.12 (UNC.EDU): NORTH CAROLINA RESEARCH AND EDUCATION NETWORK, DURHAM, NORTH CAROLINA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:54:00 | WinXP | 186.9.211.141 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | eda3b7766c NEW |
7556343561 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:02:00 | WinXP | 89.152.75.222 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, FARO, FARO, PT. (DSL) |
n/a | EE:www.starman.ee US:microsoft.com FI:194.215.38.3:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
139 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:38:00 | WinXP | 71.116.212.170 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:56:00 | WinXP | 67.150.208.244 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, MESA, ARIZONA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:59:00 | WinXP | 198.182.77.8 (ACES.NET): LOGIN INC, PORTLAND, OREGON, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:16:50:00 | WinXP | 66.81.51.22 (O1.COM): O1 DIALUP SERVICES, SACRAMENTO, CALIFORNIA, US. (DIAL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:47:00 | WinXP | 63.19.57.27 (UU.NET): UUNET TECHNOLOGIES INC, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:17:54:00 | Win2K-f | 63.19.249.78 (UU.NET): UUNET TECHNOLOGIES INC, ROANOKE, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 178 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 37 of 41 |
7461f4b99e NEW f9e3a69cf4 NEW |
de5ff2b862 [0] b40853b435[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:17:56:00 | WinXP | 4.163.193.33 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DENVER, COLORADO, US. (DIAL) |
n/a | EE:www.starman.ee US:microsoft.com FI:194.215.38.3:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
135 | pcap | raw alerts ruleset |
http 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:08:00 | WinXP | 89.152.75.222 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, FARO, FARO, PT. (DSL) |
n/a | EE:www.starman.ee FI:194.215.38.3:80 EE:195.50.195.10:443 |
139 | pcap | raw alerts ruleset |
http 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:44:00 | WinXP | 206.248.223.5 (NTELOS.NET): NTELOS - WYBO ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:20:12:00 | WinXP | 71.72.222.51 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:20:18:00 | WinXP | 69.85.103.135 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:20:20:00 | Win2K-f | 116.127.80.191 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.206:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com MD:ad.ghura.pl CN:ku1.installstorm.com CN:222.170.127.203:88 |
135 | pcap | raw alerts ruleset |
irc http 104 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 29 of 32 8 of 41 |
99b248336f NEW 9d677c3f70 NEW a706638ffa NEW |
c64bd1a776 [0] 77e75ff10f[0] none [none] |
ASM:Graph ASM:Graph none:none |
Armadillo| tElock| none|none |
lines=91 lines=120 embedded dns none |
trace trace none |
| T:20:50:00 | Win2K-f | 207.5.158.48 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:00:00 | Win2K-f | 60.248.162.75 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 39 35 of 38 |
2205443cc8 NEW b9297745a1 NEW |
04ce1ed773 [none] 4294884d84[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=64 embedded dns |
none trace |
| T:21:21:00 | WinXP | 114.200.17.124 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 5 of 41 |
14f47ffd1e NEW 50437008d9 NEW |
90bf4b99ff [0] c1b09ac5d7[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=56 embedded dns lines=90 |
trace trace |
| T:21:50:00 | WinXP | 115.81.73.90 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:21:56:00 | WinXP | 173.31.105.147 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MIDDLETOWN, NEW YORK, US. (DSL) |
n/a | EE:www.starman.ee FI:194.215.38.3:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:40:00 | WinXP | 61.59.190.124 (SEED.NET.TW): SEEDNET-TAICHUNGDP-S, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 40 | 23406743e0 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:41:00 | Win2K-f | 202.137.148.20 (-): TELECOMMUNICATION SERVICE, VIENTIANE, VIENTIANE, LA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:47:00 | Win2K-f | 219.115.222.191 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOYONAKA, OSAKA, JP. (DSL) |
194.109.11.65:6556 | NL:0x80.online-software.org NL:0x80.martiansong.com :0xff.memzero.info :0x80.my-secure.name NL:0x80.goingformars.com NL:0x80.my1x1.com |
135 | pcap | raw alerts ruleset |
other 188 lines |
Yeah : 1.8 profile |
none | summary tarball |
36 of 36 | 0c01728b7e NEW |
none[none] | none:none |
none|none | none | none |
| T:23:03:00 | WinXP | 174.6.21.151 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:18:00 | Win2K-f | 4.160.204.228 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BUCKEYE LAKE, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |