|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:31:00 | WinXP | 24.80.172.205 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 41 | e699383656 NEW |
none[none] | none:none |
none|none | none | none | |
| T:00:34:00 | Win2K-f | 24.79.87.133 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 41 |
34cbe7a593 NEW 3e83a2d4d7 NEW |
d38cb78003 [0] b97fd63d29[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:01:02:00 | Win2K-f | 113.253.161.210 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1043 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 | b5e3c14700 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:04:00 | WinXP | 79.44.182.141 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, VICENZA, VENETO, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:38:00 | WinXP | 93.113.207.249 (-): SC JMG CALCULATOARE SRL, RO. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:49:00 | WinXP | 210.245.212.179 (NWTGIGALINK.COM): NEW WORLD TELEPHONE, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:01:58:00 | Win2K-f | 175.112.246.28 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 6 of 41 |
5213395833 NEW 9fdf6de4a9 NEW |
515eacbc36 [0] 794f9a1087[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=56 embedded dns lines=90 |
trace trace |
| T:02:03:00 | Win2K-f | 113.254.54.36 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 38 of 41 |
a5ceb6c29d NEW adadfc0e1c NEW |
d64cd9d18b [0] 0f57439d82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:03:44:00 | Win2K-f | 24.76.5.147 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SELKIRK, MANITOBA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 41 | 770a04a72c NEW |
none[3] | none:none |
none|none | none | trace | |
| T:04:07:00 | Win2K-f | 118.221.175.8 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.206:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:ad.lometr.pl :rastu.com.ua BR:www.sextoy.com.br UA:spooky.cartoons.org.ua US:www.iknow.co.jp :www.mlh.co.jp US:secure.foxvideo.com.br 115.125.150.234:443 JP:131.113.221.138:443 JP:164.46.227.120:443 JP:202.226.91.62:443 UA:212.111.198.59:443 US:69.61.11.226:443 US:69.72.149.166:443 UA:77.120.104.50:443 UA:77.120.99.240:443 EU:79.171.122.236:443 |
135 | pcap | raw alerts ruleset |
irc http 147 lines |
Yeah : 1.8 profile |
none | summary tarball |
36 of 41 29 of 32 28 of 32 |
138360a64d NEW 8a75955033 NEW 9276c8b36b NEW |
none[none] 2bf3e548b9[0] none [0] |
none:none ASM:Graph none:none |
none|none tElock| Armadillo| |
none lines=126 embedded dns lines=90 |
none trace trace |
| T:04:11:00 | Win2K-f | 118.83.40.72 (HTOJ.J-CNET.JP): JCN-HTMNET, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 NEW e4ed4df0f0 NEW |
5fe761661a [0] de471fc380[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:04:16:00 | Win2K-f | 91.45.169.16 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, STUTTGART, BADEN-WÜRTTEMBERG, DE. (DSL) |
n/a | 115.125.150.227:443 191.4.157.190:443 PR:200.5.0.0:443 JP:202.218.203.244:443 JP:202.226.91.62:443 JP:203.179.38.26:443 UA:212.82.216.42:443 US:216.194.41.129:443 JP:219.99.163.41:443 JP:61.120.56.37:443 UA:62.149.23.110:443 US:67.15.97.220:443 EU:91.196.95.24:443 |
445 | pcap | raw alerts ruleset |
irc 31 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:04:18:00 | WinXP | 117.254.146.230 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:04:41:00 | WinXP | 117.104.53.41 (T-COM.NE.JP): TOKAI CORPORATION, SHIZUOKA, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
6b315f5dbc NEW 7938865f8c NEW |
7604b94520 [0] a9b9e4904b[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:05:32:00 | Win2K-f | 70.182.94.31 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. (DSL) |
83.133.119.206:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:ad.lometr.pl US:www.pirateparty.in.ua EU:wow.merlin.org.ua :www.imagemfolheados.com.br UA:shop.pozitiv.ks.ua JP:cg.ces.kyutech.ac.jp JP:www.kajima.co.jp :nodes.com.ua BR:www.guiaseshop.com.br US:www.stone.co.ua BR:www.billboxrecords.com.br JP:131.206.55.11:443 JP:202.218.170.179:443 JP:222.146.58.38:443 US:64.131.68.169:443 US:67.15.97.220:443 US:69.61.11.226:443 UA:77.120.99.240:443 DE:83.133.119.206:65520 95.169.190.41:443 |
135 | pcap | raw alerts ruleset |
irc http 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 36 of 41 35 of 36 |
bea8cb1865 NEW f0a4409bf8 NEW fac78fde16 NEW |
154de51a66 [0] none [none] 882896ab05[0] |
ASM:Graph none:none ASM:Graph |
Armadillo| none|none tElock| |
lines=91 none lines=126 embedded dns |
trace none trace |
| T:05:32:00 | Win2K-f | 61.192.59.200 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 37 of 41 |
53bfe15e91 NEW 6c28235817 NEW |
1473091351 [0] e88650c1e2[0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns none |
trace trace |
| T:06:01:00 | Win2K-f | 213.17.62.33 (WANADOO.NL): WANADOO NL ADSL CUSTOMERS WITH STATIC ADDRESSES, UTRECHT, UTRECHT, NL. (DSL) |
83.133.119.206:65520 | CN:proxim.ircgalaxy.pl CN:ad.lometr.pl BR:www.sextoy.com.br BR:www.digimer.com.br EU:avdesk.net.ua UA:www.rulez.org.ua CA:weather.co.ua JP:form.cao.go.jp JP:ir.kagoshima-u.ac.jp US:www.stone.co.ua 115.125.150.227:443 JP:130.69.92.68:443 JP:163.209.180.1:443 191.4.157.190:443 DE:193.26.15.243:443 BR:200.192.143.87:443 BR:201.76.41.87:443 JP:202.214.40.79:443 JP:202.218.203.244:443 JP:202.226.91.62:443 JP:203.180.136.89:443 CA:209.172.35.117:443 US:67.15.97.220:443 US:69.61.11.226:443 UA:77.120.121.35:443 UA:77.120.99.240:443 EU:79.171.122.236:443 UA:82.193.122.190:443 |
445 | pcap | raw alerts ruleset |
irc http 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 | f0a4409bf8 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:36:00 | Win2K-f | 122.146.241.198 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 92 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:07:50:00 | Win2K-f | 114.200.17.108 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 5 of 41 |
14f47ffd1e NEW 50437008d9 NEW |
90bf4b99ff [0] c1b09ac5d7[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=56 embedded dns lines=90 |
trace trace |
| T:08:11:00 | WinXP | 4.226.171.66 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MEMPHIS, TENNESSEE, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:07:00 | WinXP | 109.162.75.241 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:09:16:00 | WinXP | 186.9.76.95 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:40:00 | WinXP | 186.25.167.142 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 10:45:00 | WinXP | 61.20.158.250 (FETNET.NET): FAR EASTONE TELECOMMUNICATION CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 2b9bc1463d NEW |
7978e0f6fb [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:11:24:00 | WinXP | 66.81.185.210 (O1.COM): O1 DIALUP SERVICES, CITRUS HEIGHTS, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:36:00 | Win2K-f | 208.110.57.2 (-): PRIVATE CABLE ISP SUBSCRIBER (SCHAUMBURG IL MARKET), JONESBORO, GEORGIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:38:00 | WinXP | 202.147.221.62 (KCN-TV.NE.JP): KUMAMOTO CABLE NETWORK CORPORATION, KUMAMOTO, KUMAMOTO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
595716fa87 NEW 5e31cc8bf6 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:53:00 | Win2K-f | 75.37.173.251 (SBCGLOBAL.NET): JASON LEE, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:12:00:00 | Win2K-f | 96.8.220.162 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 40 |
9bdd2c95b1 NEW cd456ac095 NEW |
d1bbd693ba [0] d75caee680[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:13:12:00 | WinXP | 81.84.8.48 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 912a073945 NEW |
7874c7f21e [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:36:00 | WinXP | 76.171.220.62 (RR.COM): ROAD RUNNER HOLDCO LLC, MONTEBELLO, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 365c6f7cd1 NEW |
none[none] | none:none |
none|none | none | none | |
| 13:48:00 | WinXP | 63.46.128.180 (UU.NET): UUNET TECHNOLOGIES INC, CRESCENT CITY, CALIFORNIA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:14:05:00 | Win2K-f | 70.71.255.36 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LANGLEY, BRITISH COLUMBIA, CA. (DSL) |
n/a | NL:proxim.ntkrnlpa.info NL:83.68.16.30:80 |
135 | pcap | raw alerts ruleset |
irc 190 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 1e4f8f9259 NEW |
e73db583fd [0] | ASM:Graph |
none|none | lines=546 | trace |
| T:14:22:00 | Win2K-f | 64.164.152.183 (-): SORRIS AUTO WRECKERS, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
n/a | US:216.240.187.145:555 |
139 | pcap | raw alerts ruleset |
irc 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 4c6ed19a25 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:38:00 | Win2K-f | 201.124.21.247 (PROD-INFINITUM.COM.MX): GESTIN DE DIRECCIONAMIENTO UNINET, MEXICO, DISTRITO FEDERAL, MX. (DSL) |
n/a | NL:proxim.ntkrnlpa.info US:216.240.187.145:555 NL:83.68.16.30:80 |
445 | pcap | raw alerts ruleset |
irc 4 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:48:00 | WinXP | 71.72.220.97 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:58:00 | WinXP | 4.181.67.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROKEN ARROW, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 151 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 36 of 40 |
47d3548e36 NEW d8722af110 NEW |
ab13346633 [0] ab30a55931[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:15:01:00 | Win2K-f | 96.238.214.11 (VERIZON.NET): VERIZON INTERNET SERVICES INC, NOVATO, CALIFORNIA, US. (DSL) |
n/a | NL:proxim.ntkrnlpa.info US:216.240.187.145:555 NL:83.68.16.30:80 |
135 | pcap | raw alerts ruleset |
irc 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:47:00 | Win2K-f | 203.198.218.17 (NETVIGATOR.COM): CCC046 INTERNET ACCESS IBS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | FI:194.215.38.3:80 US:216.240.187.145:555 |
135 | pcap | raw alerts ruleset |
other 10 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:54:00 | Win2K-f | 198.182.77.8 (ACES.NET): LOGIN INC, PORTLAND, OREGON, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:59:00 | WinXP | 186.10.199.187 (-): . |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:18:44:00 | WinXP | 68.149.91.179 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:25:00 | WinXP | 58.0.47.177 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), KYOTO, KYOTO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | eb33ccfff8 NEW |
e732a43be0 [0] | ASM:Graph |
none|none | lines=58 | trace | |
| T:20:10:00 | Win2K-f | 61.46.143.176 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:53:00 | WinXP | 75.44.62.89 (SBCGLOBAL.NET): RBACK6B.MILWWI.20060913, MILWAUKEE, WISCONSIN, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b NEW |
none[0] | none:none |
none|none | lines=64 | trace | |
| T:21:27:00 | Win2K-f | 61.215.246.213 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCROPORATE), TAKAMATSU, KAGAWA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
10c560fc02 NEW 1b8d146832 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:38:00 | Win2K-f | 202.51.107.27 (SOLUSI.NET.ID): SOLUSI INTERNET SERVICE PROVIDER, JAKARTA, JAKARTA RAYA, ID. (DIAL) |
n/a | US:www.maxmind.com :checkip.dyndns.org US:www.getmyip.org EU:getmyip.co.uk GB:www.vouchercodez.com 208.78.70.70:80 US:67.15.94.80:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:21:46:00 | Win2K-f | 202.51.107.27 (SOLUSI.NET.ID): SOLUSI INTERNET SERVICE PROVIDER, JAKARTA, JAKARTA RAYA, ID. (DIAL) |
n/a | US:www.maxmind.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:22:10:00 | Win2K-f | 96.49.148.170 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 22:26:00 | Win2K-f | 207.182.131.67 (XLHOST.COM): XLHOST.COM INC, COLUMBUS, OHIO, US. (100Mbps) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com :checkip.dyndns.org US:67.15.94.80:80 GB:80.82.121.239:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:23:21:00 | WinXP | 63.24.111.200 (UU.NET): UUNET TECHNOLOGIES INC, BOISE, IDAHO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 NEW |
none[0] | none:none |
Armadillo| | lines=90 | trace | |
| T:23:24:00 | Win2K-f | 72.128.22.28 (RR.COM): ROAD RUNNER HOLDCO LLC, KANSAS CITY, KANSAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |