|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:08:00 | Win2K-f | 117.196.243.250 (10/24.BSNL.IN): NIB (NATIONAL INTERNET BACKBONE), JAIPUR, RAJASTHAN, IN. (DSL) |
n/a | CN:irc.zief.pl LV:ad.ghura.pl CN:ku.perfectexe.com US:sendinvest.com :findhobbits.com US:search.toptravellingtips.com CN:sky.perfectexe.com :in.7cy.net :in1.7cy.net :onlinestoresvitamins.com US:69.43.160.145:555 74.54.152.13:80 |
445 | pcap | raw alerts ruleset |
http 116 lines |
Yeah : 0.8 profile |
none | summary tarball |
none none 19 of 38 10 of 41 none 11 of 41 none none |
2f54e4ffb7 NEW 568388fbf5 NEW 7421a30b77 NEW 77828cb0f5 NEW b35ff2033f NEW c9e89abb7b NEW d83171f4e5 NEW f7034c7344 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none none |
none none none none none none none none |
| T:00:09:00 | Win2K-f | 75.51.249.146 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:00:16:00 | Win2K-f | 4.231.146.63 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DEER PARK, TEXAS, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:28:00 | WinXP | 219.115.206.158 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOYONAKA, OSAKA, JP. (DSL) |
62.193.249.122:3305 | JP:cx10man.weedns.com FR:fx010413.whyI.org FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 699 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:44:00 | WinXP | 61.130.137.145 (163DATA.COM.CN): CHINANET-ZJ NINGBO NODE NETWORK, NINGBO, ZHEJIANG, CN. (DIAL) |
60.190.222.139:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:ku.perfectexe.com CN:sky.perfectexe.com :in.7cy.net :in1.7cy.net :vonagvisa.com CN:pic.iwillhavesexygirls.com :ad.yieldmanager.com 174.120.120.170:80 |
135 | pcap | raw alerts ruleset |
irc http 153 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none none 19 of 38 none 11 of 41 none |
2f54e4ffb7 NEW 60f795ea96 NEW 6d24500583 NEW 7421a30b77 NEW 8452d97fce NEW c9e89abb7b NEW f7034c7344 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none |
none none none none none none none |
| T:00:48:00 | WinXP | 120.138.140.249 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 39 of 39 |
b8e6f4caf7 NEW fb92b91fe7 NEW |
f81eac6379 [0] fe88ab8768[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:01:39:00 | WinXP | 58.124.191.62 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.206:65520 | CN:proxim.ircgalaxy.pl US:microsoft.com CN:ku.perfectexe.com US:sendinvest.com :findhobbits.com US:search.toptravellingtips.com CN:sky.perfectexe.com :in.7cy.net :in1.7cy.net 174.133.57.141:80 |
135 | pcap | raw alerts ruleset |
irc http 227 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none 30 of 33 28 of 33 19 of 38 27 of 41 11 of 41 none |
02703fb63c NEW 2f54e4ffb7 NEW 533d15b5ce NEW 58c343a8d8 NEW 7421a30b77 NEW bab4036112 NEW c9e89abb7b NEW f7034c7344 NEW |
none[none] none [none] c67adf46e2[0] none [0] none [none] none [none] none [none] none [none] |
none:none none:none ASM:Graph none:none none:none none:none none:none none:none |
none|none none|none tElock| Armadillo| none|none none|none none|none none|none |
none none lines=126 embedded dns lines=91 none none none none |
none none trace trace none none none none |
| T:01:42:00 | Win2K-f | 60.250.246.160 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:04:17:00 | Win2K-f | 66.205.126.163 (CLASSICNET.NET): CLASSIC COMMUNICATIONS, PILOT POINT, TEXAS, US. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 2c6f37944b NEW |
none[none] | none:none |
none|none | none | none |
| T:04:17:00 | Win2K-f | 61.230.69.162 (PRESTONAUTO.COM): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:04:20:00 | Win2K-f | 87.110.169.44 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:23:00 | WinXP | 213.138.231.248 (NETMADEIRA.COM): CABO TV MADEIRENSE S.A, FUNCHAL, MADEIRA, PT. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | 013a5ba10e NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:04:27:00 | WinXP | 84.224.131.41 (PGSM.HU): PANNON GSM TELECOMMUNICATIONS INC, BUDAPEST, BUDAPEST, HU. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 3964b551b6 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:27:00 | Win2K-f | 114.45.104.125 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:04:31:00 | Win2K-f | 94.251.214.151 (-): SERVERS STREAM COMMUNICATIONS, PL. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | e3faefa56a NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:04:34:00 | WinXP | 83.238.88.153 (-): ZAKLAD ELEKTRO-AUTOMATYKI ZELA SZOPIENICE SP. Z O.O, KATOWICE, SLASKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 6704922c65 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:04:51:00 | WinXP | 82.65.18.193 (PROXAD.NET): PROXAD / FREE SAS, FR. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 39 | 1a6c7da535 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:04:53:00 | Win2K-f | 111.255.81.42 (-): . |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 24686bff5c NEW |
none[none] | none:none |
none|none | none | none |
| T:04:54:00 | WinXP | 62.108.210.182 (HELSINGENET.COM): HELSINGE NET AB, STOCKHOLM, STOCKHOLMS LAN, SE. (DSL) |
n/a | PR:m.drd3h.com | 139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | 84b1b363a1 NEW |
1e4ad6cdb1 [0] | ASM:Graph |
ASPack| | lines=3065 embedded dns |
trace |
| T:05:01:00 | Win2K-f | 88.172.83.59 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 0c766d95a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:01:00 | Win2K-f | 113.252.86.49 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 39 | 1a6c7da535 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:05:01:00 | Win2K-f | 98.104.188.153 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - MATTHEWS, MESA, ARIZONA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
443030b837 NEW d14c55e282 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:10:00 | Win2K-f | 125.232.87.41 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 41 | f75c895158 NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace | |
| T:05:20:00 | WinXP | 217.201.157.242 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:21:00 | WinXP | 118.168.190.135 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 379a6daa0d NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:05:25:00 | Win2K-f | 66.66.5.156 (RR.COM): ROAD RUNNER HOLDCO LLC, NORTH CHILI, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:05:27:00 | WinXP | 89.186.21.112 (VIP-NET.PL): INTERNET PROVIDER, LUBLIN, LUBELSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 760ab8f2ff NEW |
none[none] | none:none |
none|none | none | none |
| T:05:36:00 | Win2K-f | 92.80.80.24 (ROMTELECOM.NET): ROMTELECOM DATA NETWORK, BUCHAREST, BUCURESTI, RO. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ffbb6cbe61 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:05:41:00 | WinXP | 61.228.241.163 (PRESTONAUTO.COM): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | 013a5ba10e NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:05:46:00 | Win2K-f | 88.156.23.49 (VECTRANET.PL): VECTRA S.A, OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 8e8c7fc3c9 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:50:00 | WinXP | 78.88.210.37 (VECTRANET.PL): BROADBAND USERS OF VECTRA S.A, JELENIA GORA, DOLNOSLASKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | b68d420d61 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:05:53:00 | Win2K-f | 77.78.225.163 (-): GLOBALNET-BH, SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:58:00 | WinXP | 87.196.126.182 (NET.NOVIS.PT): NOVIS TELECOM S.A, FARO, FARO, PT. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 07cd4bac78 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:01:00 | Win2K-f | 125.232.137.140 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 39 | 1a6c7da535 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:06:10:00 | WinXP | 87.205.161.52 (INETIA.PL): INTERNETIA, LUBLIN, LUBELSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | b41e2557c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:16:00 | Win2K-f | 125.58.70.38 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:27:00 | Win2K-f | 118.169.46.215 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | fe87c62b51 NEW |
fe87c62b51 [1] | ASM:Graph |
pex| | lines=19 | trace | |
| T:06:42:00 | WinXP | 86.52.59.92 (REV.STOFANET.DK): STOFANET-INET-CIDR, ÅRHUS, ARHUS, DK. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ffbb6cbe61 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:06:42:00 | Win2K-f | 111.240.144.43 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | fe87c62b51 NEW |
fe87c62b51 [1] | ASM:Graph |
pex| | lines=19 | trace | |
| T:06:44:00 | Win2K-f | 62.107.157.117 (-): STOFANET-KOLD-NET, KOLDING, VEJLE, DK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:06:50:00 | WinXP | 88.132.51.229 (PRTELECOM.HU): PRTELECOM-CP, NAGYKOROS, PEST, HU. (DSL) |
n/a | PR:m.drd3h.com PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 51d4c68a04 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:56:00 | WinXP | 117.254.237.115 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | a2e502267f NEW |
none[none] | none:none |
none|none | none | none |
| T:06:58:00 | WinXP | 123.195.62.90 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | c45a01fbcc NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace |
| T:07:05:00 | Win2K-f | 70.66.26.242 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:07:07:00 | Win2K-f | 213.138.229.249 (NETMADEIRA.COM): CABO TV MADEIRENSE S.A, FUNCHAL, MADEIRA, PT. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:07:16:00 | Win2K-f | 41.231.12.33 (POP.PLANET.TN): AFRINIC, TN. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | e3faefa56a NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:07:17:00 | WinXP | 76.164.160.29 (ARILION.COM): API DIGITAL COMMUNICATIONS GROUP LLC, HUNTSVILLE, ALABAMA, US. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.72:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | e7919a4b8a NEW |
none[none] | none:none |
none|none | none | none |
| T:07:20:00 | WinXP | 78.227.101.236 (PROXAD.NET): PROXAD / FREE SAS, FR. (DSL) |
n/a | PR:m.drd3h.com | 139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | e0dc02ee4b NEW |
1e4ad6cdb1 [0] | ASM:Graph |
ASPack| | lines=3065 embedded dns |
trace |
| T:07:53:00 | Win2K-f | 78.234.143.88 (PROXAD.NET): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, FR. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | b91423b944 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:08:00 | WinXP | 93.149.167.203 (DSL.VODAFONE.IT): IP ADDRESSES ALLOCATED TO DSL CUSTOMERS, ROME, LAZIO, IT. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ca8bd5c40e NEW |
9cb687217f [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:13:00 | WinXP | 87.110.86.134 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 9d38d43309 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:34:00 | WinXP | 89.194.33.158 (-): ORANGE HIGH SPEED INTERNET, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 912a073945 NEW |
7874c7f21e [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:44:00 | Win2K-f | 118.232.167.57 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 2dc7ebd302 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:00:00 | WinXP | 219.248.211.145 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:40:00 | WinXP | 24.59.6.89 (RR.COM): ROAD RUNNER HOLDCO LLC, MASSENA, NEW YORK, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :pagead2.googlesyndication.com :googleads.g.doubleclick.net US:spi.domainsponsor.com :wpad GB:welcome3.smile.co.uk GB:195.92.84.198:80 US:208.73.210.125:80 |
445 | pcap | raw alerts ruleset |
http http http 51 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee NEW |
none[0] | none:none |
ASPack| | lines=298 embedded dns |
trace |
| T:09:42:00 | Win2K-f | 65.30.52.156 (RR.COM): ROAD RUNNER HOLDCO LLC, LIBERTY, MISSOURI, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:10:55:00 | WinXP | 211.161.196.205 (GWBNSH.NET.CN): FOR GREAT WALL BROADBAND NETWORK SERVICE ACCESS IN SHANGHAI, SHANGHAI, SHANGHAI, CN. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
2027759016 NEW 5011691722 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:59:00 | Win2K-f | 4.248.75.129 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PLAINFIELD, NEW JERSEY, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:45:00 | Win2K-f | 113.254.192.218 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 182 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 7c7d5bd68d NEW |
25c505d17c [0] | ASM:Graph |
StarForce| | lines=546 | trace | |
| T:12:19:00 | WinXP | 117.254.244.43 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:22:00 | WinXP | 59.103.63.79 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, LAHORE, PUNJAB, PK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:13:17:00 | WinXP | 70.183.164.197 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:04:00 | WinXP | 166.166.214.211 (MYVZW.COM): SERVICE PROVIDER CORPORATION, PRESCOTT, ARIZONA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:23:00 | Win2K-f | 175.112.246.9 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 37 of 41 |
14f47ffd1e NEW 1d7d8f40e3 NEW |
90bf4b99ff [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=56 embedded dns none |
trace none |
| T:15:11:00 | WinXP | 69.193.74.22 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 16:04:00 | WinXP | 87.103.109.107 (REV.VODAFONE.PT): GPRS POOLS, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:16:49:00 | WinXP | 75.50.253.245 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, MILWAUKEE, WISCONSIN, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b NEW |
none[0] | none:none |
none|none | lines=64 | trace | |
| T:18:23:00 | Win2K-f | 98.173.216.77 (COX.NET): COX COMMUNICATIONS, SANTA BARBARA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 18:50:00 | Win2K-f | 202.152.26.148 (-): ARTAJASA PEMBAYARAN ELEKTRONIS, JAKARTA, JAKARTA RAYA, ID. (100Mbps) |
n/a | US:www.maxmind.com US:www.getmyip.org :checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:19:33:00 | WinXP | 211.29.16.61 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, PERTH, WESTERN AUSTRALIA, AU. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
89fe27b5eb NEW da8b2534a9 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:48:00 | WinXP | 61.218.205.52 (HINET.NET): TAIWAN PROVINCE TAP-WATER CO. LTD, KAOHSIUNG, T'AI-WAN, TW. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:25:00 | WinXP | 118.83.151.139 (NKNO.J-CNET.JP): CITY TV NAKANO LIMITED, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 248 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
6d9c899101 NEW f78c670c4a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:01:00 | WinXP | 75.23.76.129 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, PEORIA, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
0474b4b09f NEW 1c3210698a NEW |
affa94efc0 [0] 38bbefb8cc[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:21:01:00 | WinXP | 69.193.15.232 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:44:00 | WinXP | 119.103.109.79 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, WUHAN, HUBEI, CN. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | d1377a8b90 NEW |
ad56da3672 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:46:00 | Win2K-f | 207.5.121.144 (MICROLNK.COM): MICROLNK LLC, OMAHA, NEBRASKA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:48:00 | WinXP | 70.119.148.232 (RR.COM): ROAD RUNNER HOLDCO LLC, OVIEDO, FLORIDA, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 1002 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 41 | 6170c9b183 NEW |
none[none] | none:none |
none|none | none | none | |
| 22:50:00 | WinXP | 119.103.109.79 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, WUHAN, HUBEI, CN. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | d1377a8b90 NEW |
ad56da3672 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |