|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:02:06:00 | WinXP | 174.3.201.115 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:42:00 | Win2K-f | 125.4.12.122 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:03:11:00 | WinXP | 222.230.153.144 (VECTANT.NE.JP): SEIKA CORPORATION, YOKOHAMA, KANAGAWA, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:03:13:00 | WinXP | 70.184.154.68 (COX.NET): COX COMMUNICATIONS, YUKON, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 38 of 41 |
53bfe15e91 NEW 97437a0627 NEW |
1473091351 [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=75 embedded dns none |
trace none |
| T:04:04:00 | Win2K-f | 175.113.133.136 (-): . |
60.190.222.139:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:ku.perfectexe.com CN:mm.perfectexe.com US:sendinvest.com :findhobbits.com CN:pic.iwillhavesexygirls.com :www.infostockcotv.info :braverhotels.com US:1pennyhotels.com CN:hotelseas.com 204.45.71.42:80 US:64.191.44.8:8392 |
135 | pcap | raw alerts ruleset |
irc http 168 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 40 19 of 41 9 of 41 22 of 41 40 of 41 5 of 41 |
10660a029e NEW 548f1b0a6b NEW 96ed1cb508 NEW d1c9d8866c NEW dec9a6f96c NEW eab5d10fbd NEW |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| T:04:09:00 | Win2K-f | 61.218.191.251 (-): LIAN HONG BUSINESS CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
761a66b891 NEW 98d05c039b NEW |
b469dac5dc [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=64 embedded dns none |
trace none |
| T:04:15:00 | Win2K-f | 95.28.24.180 (CORBINA.RU): INVESTELEKTROSVIAZ LTD, MOSCOW, MOSCOW CITY, RU. (100Mbps) |
n/a | :defcc0ff.linkbucks.com :static.linkbucks.com :ad.xtendmedia.com US:content.yieldmanager.com US:cookex.amp.yahoo.com US:rts.sparkstudios.com :www.google-analytics.com US:edge.quantserve.com :www.worldstarhiphop.com US:64.94.107.12:80 |
445 | pcap | raw alerts ruleset |
http irc 54 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 41 | 2b04d9bf0b NEW |
none[none] | none:none |
none|none | none | none |
| T:04:20:00 | Win2K-f | 121.121.222.183 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
60.190.222.139:65520 | CN:proxim.ircgalaxy.pl CN:mm.perfectexe.com CN:pic.iwillhavesexygirls.com :www.infostockcotv.info :braverhotels.com US:1pennyhotels.com CN:hotelseas.com CN:ku.perfectexe.com CN:60.190.222.139:65520 |
445 | pcap | raw alerts ruleset |
http irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 41 9 of 41 22 of 41 5 of 41 |
548f1b0a6b NEW 96ed1cb508 NEW d1c9d8866c NEW eab5d10fbd NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:05:02:00 | WinXP | 217.203.215.241 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 2d74521143 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:07:00 | WinXP | 81.84.96.66 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 912a073945 NEW |
7874c7f21e [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:32:00 | Win2K-f | 63.27.77.165 (UU.NET): UUNET TECHNOLOGIES INC, MILLERSVILLE, MARYLAND, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:07:02:00 | WinXP | 61.195.125.205 (EONET.NE.JP): K-OPTICOM CORPORATION, TOKYO, TOKYO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| 07:14:00 | WinXP | 81.84.96.66 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 912a073945 NEW |
7874c7f21e [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:04:00 | Win2K-f | 62.47.226.64 (TELEKOM.AT): HIGHWAY CUSTOMERS, INNSBRUCK, TIROL, AT. (DSL) |
n/a | NL:wow.blackirc.us | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:08:28:00 | WinXP | 4.184.60.207 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 91 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:26:00 | WinXP | 70.127.55.156 (RR.COM): ROAD RUNNER HOLDCO LLC, DAVENPORT, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:50:00 | WinXP | 65.27.149.206 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 10:28:00 | Win2K-f | 167.206.232.232 (-): SOUTHAMPTON PUBLIC SCHOOLS, SOUTHAMPTON, NEW YORK, US. (100Mbps) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 52 lines |
Yeah : 0.8 profile |
none | summary tarball |
4 of 37 | 8ce32ded17 NEW |
none[3] | none:none |
Armadillo| | none | trace |
| T:10:53:00 | Win2K-f | 110.13.202.149 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 5 of 41 |
14f47ffd1e NEW 50437008d9 NEW |
90bf4b99ff [0] c1b09ac5d7[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=56 embedded dns lines=90 |
trace trace |
| T:12:15:00 | WinXP | 87.205.56.220 (INETIA.PL): INTERNETIA, SZCZECIN, ZACHODNIOPOMORSKIE, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 2b9bc1463d NEW |
7978e0f6fb [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:34:00 | WinXP | 24.77.254.38 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 41 |
34cbe7a593 NEW 3e83a2d4d7 NEW |
d38cb78003 [0] b97fd63d29[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:13:00:00 | WinXP | 93.102.33.160 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PORTO, PORTO, PT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 91349f7f9b NEW |
none[none] | none:none |
none|none | none | none |
| 14:04:00 | Win2K-f | 94.102.11.253 (NI.NET.TR): NETINTERNET BILGISAYAR VE TELEKOMUNIKASYAN SAN. VE TIC. LTD. STI, TR. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org EU:getmyip.co.uk US:www.getmyip.org 208.78.70.70:80 US:67.15.94.80:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 14:05:00 | WinXP | 189.66.162.204 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 2d74521143 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:13:00 | Win2K-f | 94.102.11.253 (NI.NET.TR): NETINTERNET BILGISAYAR VE TELEKOMUNIKASYAN SAN. VE TIC. LTD. STI, TR. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 53 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:15:15:00 | WinXP | 4.224.141.149 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:17:00 | Win2K-f | 209.250.52.79 (WISPNET.NET): WISPNET LLC, WINCHESTER, KENTUCKY, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:17:00 | WinXP | 174.116.60.87 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:55:00 | Win2K-f | 180.220.153.240 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:12:00 | Win2K-f | 174.0.172.111 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:18:19:00 | Win2K-f | 4.177.222.16 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, POWAY, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 131 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:21:00 | WinXP | 61.218.205.52 (HINET.NET): TAIWAN PROVINCE TAP-WATER CO. LTD, KAOHSIUNG, T'AI-WAN, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
761a66b891 NEW 98d05c039b NEW |
b469dac5dc [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=64 embedded dns none |
trace none |
| 18:57:00 | Win2K-f | 69.65.42.35 (LOUISIANADYNAMICS.COM): GIGENET, ARLINGTON HEIGHTS, ILLINOIS, US. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org US:www.getmyip.org EU:getmyip.co.uk 208.78.70.70:80 US:67.15.94.80:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:18:58:00 | Win2K-f | 122.146.80.161 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:06:00 | Win2K-f | 69.65.42.35 (LOUISIANADYNAMICS.COM): GIGENET, ARLINGTON HEIGHTS, ILLINOIS, US. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org EU:getmyip.co.uk GB:www.vouchercodez.com :checkip.dyndns.org DE:131.220.6.26:80 208.78.70.70:80 |
445 | pcap | raw alerts ruleset |
http 52 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:19:34:00 | Win2K-f | 114.206.140.141 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.206:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com CN:ku.perfectexe.com CN:mm.perfectexe.com US:sendinvest.com :findhobbits.com CN:pic.iwillhavesexygirls.com :www.infostockcotv.info :braverhotels.com US:1pennyhotels.com CN:hotelseas.com US:64.191.44.8:8392 64.79.86.26:8392 |
135 | pcap | raw alerts ruleset |
irc http 208 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 19 of 41 9 of 41 39 of 41 20 of 41 11 of 41 0 of 41 5 of 41 |
168aab35a3 NEW 548f1b0a6b NEW 96ed1cb508 NEW aa6d257461 NEW ae8b08cddf NEW b8438c56c2 NEW bcd834d763 NEW eab5d10fbd NEW |
60b730b97e [0] none [none] none [none] 6aca567868[0] none [none] none [none] none [none] none [none] |
ASM:Graph none:none none:none ASM:Graph none:none none:none none:none none:none |
tElock| none|none none|none Armadillo| none|none none|none none|none none|none |
lines=120 embedded dns none none lines=91 none none none none |
trace none none trace none none none none |
| T:19:48:00 | Win2K-f | 115.135.115.19 (115.IN-ADDR.ARPA): CORE IP NETWORK DEVELOPMENT, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | :in.7cy.net :in1.7cy.net US:bestofsaltlakecity.com :pagead2.googlesyndication.com US:panther1.cpxinteractive.com US:images-pw.secureserver.net :imagesak.godaddy.com 173.222.56.166:80 |
445 | pcap | raw alerts ruleset |
http irc 88 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 40 | 4feab58b34 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:30:00 | WinXP | 69.193.78.147 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:07:00 | WinXP | 114.51.195.86 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:22:58:00 | Win2K-f | 113.254.187.64 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
62.193.249.122:3305 | KR:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 698 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:59:00 | WinXP | 116.118.133.87 (TINP.NET.TW): TAIWAN INFRASTRUCTURE NETWORK TECHNOLOGIES, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:18:00 | Win2K-f | 210.242.163.229 (-): CHIFA SECURITIES INVESTMEN CONSULTANT CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
60.190.222.139:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:ku.perfectexe.com CN:mm.perfectexe.com US:sendinvest.com :findhobbits.com CN:pic.iwillhavesexygirls.com :www.infostockcotv.info US:search.toptravellingtips.com US:208.43.250.167:80 US:64.191.44.8:8392 |
135 | pcap | raw alerts ruleset |
irc http 224 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 41 19 of 41 39 of 40 20 of 41 14 of 41 9 of 41 39 of 41 |
128fa18683 NEW 548f1b0a6b NEW 5f18bfb6ff NEW 6a619faef0 NEW 7e4fb059dc NEW 96ed1cb508 NEW f23435beac NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none |
none none none none none none none |
| T:23:31:00 | Win2K-f | 95.26.104.242 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. (DSL) |
83.133.119.206:65520 | :in.7cy.net :in1.7cy.net :theaterdogs.com CN:mm.perfectexe.com :www.infostockcotv.info CN:proxim.ircgalaxy.pl CN:ku.perfectexe.com |
445 | pcap | raw alerts ruleset |
http irc 40 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 40 9 of 41 11 of 41 |
4feab58b34 NEW 96ed1cb508 NEW b8438c56c2 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:23:47:00 | Win2K-f | 24.79.194.150 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 41 |
34cbe7a593 NEW 3e83a2d4d7 NEW |
d38cb78003 [0] b97fd63d29[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |