|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:01:10:00 | WinXP | 173.168.63.133 (RR.COM): ROAD RUNNER HOLDCO LLC, LUTZ, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:50:00 | WinXP | 93.102.231.14 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:02:10:00 | WinXP | 61.59.190.124 (SEED.NET.TW): SEEDNET-TAICHUNGDP-S, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 40 | 23406743e0 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:18:00 | Win2K-f | 4.240.239.38 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SILVER CITY, NEW MEXICO, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| 03:28:00 | WinXP | 119.234.139.181 (-): SINGTEL MOBILE, SINGAPORE, SINGAPORE, SG. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:04:07:00 | WinXP | 188.173.42.154 (RIPE.NET): EUROPEAN REGIONAL REGISTRY, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 40 | 65db8c1d0d NEW |
none[none] | none:none |
none|none | none | none |
| T:05:03:00 | WinXP | 79.40.27.148 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, MONCALIERI, PIEMONTE, IT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 42 | 9b285231fe NEW |
a9a8f0a26f [0] | none:none |
PolyEnE| | none | trace |
| T:05:34:00 | WinXP | 89.214.48.156 (-): GPRS COSTUMERS, FARO, FARO, PT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 066f40993d NEW |
none[none] | none:none |
none|none | none | none |
| T:05:45:00 | Win2K-f | 72.241.49.182 (BUCKEYECOM.NET): BUCKEYE CABLEVISION INC, PERRYSBURG, OHIO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 350 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:49:00 | WinXP | 188.176.70.1 (DSL.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:05:59:00 | WinXP | 79.162.183.7 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
213.155.0.224:80 83.133.119.206:65520 | DE:proxim.ircgalaxy.pl DE:citi-bank.ru LV:ad.ghura.pl NL:mejac.com |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 9bb68450cd NEW |
c2d5ac2315 [0] | ASM:Graph |
PolyEnE| | lines=73 embedded dns |
trace |
| T:05:59:00 | WinXP | 70.126.198.140 (RR.COM): ROAD RUNNER HOLDCO LLC, SEMINOLE, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 40 |
1761e9db94 NEW d1e83e2d0a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:47:00 | WinXP | 110.11.235.135 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 5 of 41 |
14f47ffd1e NEW 50437008d9 NEW |
90bf4b99ff [0] c1b09ac5d7[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=56 embedded dns lines=90 |
trace trace |
| T:07:58:00 | Win2K-f | 113.252.206.185 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
435b7fcc1e NEW a2904ec678 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:09:14:00 | WinXP | 99.164.23.178 (SBCGLOBAL.NET): RANI PAL LLC, PLANO, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 402 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | c4c5a56ffe NEW |
8bef2f9170 [0] | ASM:Graph |
StarForce| | lines=30 | trace | |
| T:09:40:00 | WinXP | 189.118.173.5 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, RIO DE JANEIRO, RIO DE JANEIRO, BR. (DSL) |
174.34.153.71:2081 | :s.unicat.org US:attacke.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 30 of 41 |
67a66839f7 NEW fc53a7c081 NEW |
7b1fc808a3 [0] bac4cc6eec[0] |
ASM:Graph ASM:Graph |
none|none Armadillo| |
lines=200 lines=218 |
trace trace |
| T:09:40:00 | Win2K-f | 84.224.114.222 (PGSM.HU): PANNON GSM TELECOMMUNICATIONS INC, BUDAPEST, BUDAPEST, HU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:40:00 | WinXP | 186.97.67.135 (-): . |
174.34.153.71:2081 | :s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 | 7d6df80947 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:42:00 | Win2K-f | 92.115.95.196 (HOST-STATIC-92-115-28-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
174.34.153.71:9890 | :f.unicat.org US:attacke.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc 42 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:09:56:00 | Win2K-f | 178.164.139.72 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
174.34.153.71:2081 | :s.unicat.org US:attacke.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc 42 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 40 | e5a2c15d9e NEW |
none[none] | none:none |
none|none | none | none |
| T:09:57:00 | Win2K-f | 24.236.120.47 (KNOLOGY.NET): KNOLOGY INC, MADISON, ALABAMA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | fc3b28a022 NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:01:00 | WinXP | 79.168.20.145 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. (DSL) |
174.34.153.71:9890 174.34.153.71:2010 | :f.unicat.org US:attacke.100free.com :adware.rxmods.net |
445 | pcap | raw alerts ruleset |
ftp irc http 858 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 41 of 41 |
cd75030ece NEW e9a456535a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:04:00 | Win2K-f | 201.95.19.132 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
174.34.153.71:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 48 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | c654e20df3 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:09:00 | Win2K-f | 95.88.242.222 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BERLIN, BERLIN, DE. (100Mbps) |
174.34.153.71:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 40 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:10:09:00 | WinXP | 95.91.54.21 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BERLIN, BERLIN, DE. (DSL) |
174.34.153.71:2081 | :s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | 7ac48871d4 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:29:00 | WinXP | 190.209.153.27 (-): TELMEX CHILE S.A HFC, CL. (DSL) |
174.34.153.71:2081 | :s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | ASM:Graph |
none|none | lines=200 | trace |
| T:10:31:00 | Win2K-f | 178.187.242.227 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
174.34.153.71:2081 | :s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | ASM:Graph |
none|none | lines=200 | trace |
| T:10:40:00 | WinXP | 93.102.143.39 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. (DSL) |
n/a | :www.yahoo.com :www.google.com.au :jbeegvia.ru EU:crutop.nu US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru GB:www.viruslist.com :okskyyn.ru :pnlkria.ru :kargai.ru :kfwfceki.ru RU:alfabank.ru :nhuwxyuw.ru :udluzuq.ru :fiazpvnne.ru :ppxuub.ru :crime-research.ru :lvwgdhwlj.ru GB:www.candidateverifier.com :raxeqajrf.ru :dhagunb.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 17028f1eda NEW |
none[3] | none:none |
tElock| | none | trace |
| T:10:51:00 | WinXP | 85.179.166.29 (ALICEDSL.DE): HANSENET-ADSL, BERLIN, BERLIN, DE. (DSL) |
174.34.153.71:2081 | :s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 48de3eaee3 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:51:00 | WinXP | 79.163.197.199 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:10:56:00 | Win2K-f | 4.143.211.122 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ORLAND PARK, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 151 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
5af05bec2e NEW ff34a1caa4 NEW |
ec2138d5b2 [0] 979a6569d4[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:11:09:00 | WinXP | 114.74.183.86 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, MELBOURNE, VICTORIA, AU. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 40 of 41 |
56703b9d17 NEW c55e86f7e9 NEW |
de8764ef05 [0] c790c10ad1[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:11:52:00 | WinXP | 69.121.163.188 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BRONX, NEW YORK, US. (DSL) |
194.109.11.65:6556 194.109.11.65:1023 | NL:0x80.online-software.org | 135 | pcap | raw alerts ruleset |
other 190 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 NEW |
4c95ae4b3d [0] | ASM:Graph |
StarForce| | lines=212 embedded dns |
trace |
| T:12:01:00 | Win2K-f | 89.167.66.140 (-): NPLAY NETWORK - LUBLIN POLAND, LUBLIN, LUBELSKIE, PL. (DSL) |
174.34.153.71:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 40 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 NEW |
none[0] | none:none |
ASProtect| | lines=585 embedded dns |
trace |
| T:12:21:00 | WinXP | 77.41.9.71 (QWERTY.RU): NEOCENTEL-HOME-HIMKI-LOBNYA, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 39d42dbc9a NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:39:00 | Win2K-f | 122.105.214.145 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, MELBOURNE, VICTORIA, AU. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 40 36 of 40 |
2543dd1ec2 NEW a44c4d2b4b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:48:00 | WinXP | 70.62.194.152 (RR.COM): ROAD RUNNER HOLDCO LLC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:08:00 | Win2K-f | 207.254.161.166 (CKT.NET): CRAW-KAN TELEPHONE COOP. INC, GALESBURG, KANSAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 | e5903b685f NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:34:00 | Win2K-f | 80.171.106.62 (HANSENET.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:40:00 | WinXP | 123.163.139.84 (163DATA.COM.CN): CHINANET HENAN PROVINCE NETWORK, BEIJING, BEIJING, CN. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:07:00 | WinXP | 122.146.226.169 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:34:00 | WinXP | 72.184.121.243 (RR.COM): ROAD RUNNER HOLDCO LLC, AUBURNDALE, FLORIDA, US. (DSL) |
62.193.249.122:3305 | IT:cx10man.weedns.com FR:fx010413.whyI.org FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 607 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 41 | 2d3a252cbc NEW |
none[none] | none:none |
none|none | none | none |
| T:20:51:00 | Win2K-f | 114.73.161.12 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, AU. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:21:33:00 | Win2K-f | 174.116.49.56 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:50:00 | WinXP | 58.121.123.229 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
91.188.59.12:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com LV:ad.ghura.pl NL:mejac.com FR:streq.cn FR:mskla.com CN:exe.perfectexe.com :server14.ss2.name GB:194.8.251.142:80 EU:78.159.112.192:80 LV:91.188.59.199:80 |
135 | pcap | raw alerts ruleset |
irc http 148 lines |
Yeah : 1.8 profile |
none | summary tarball |
40 of 41 36 of 41 23 of 41 8 of 40 29 of 41 24 of 41 39 of 41 32 of 41 16 of 41 |
1824c59f34 NEW 1e2bf1815b NEW 5b1f41eead NEW 5bae55ed0e NEW 73b6dc8213 NEW c9cac9a4aa NEW caaeb70f9f NEW ce48c3c03a NEW fa4c2f7feb NEW |
da8a48fc3a [0] none [none] none [none] none [none] none [none] none [none] fdabb272e7[0] none [none] none [none] |
ASM:Graph none:none none:none none:none none:none none:none ASM:Graph none:none none:none |
tElock| none|none none|none none|none none|none none|none Armadillo| none|none none|none |
lines=112 embedded dns none none none none none lines=91 none none |
trace none none none none none trace none none |
| 22:53:00 | Win2K-f | 94.76.204.79 (AS29550.NET): BLUECONNEX-INFRA, UK. (100Mbps) |
n/a | US:www.maxmind.com :checkip.dyndns.org EU:getmyip.co.uk :www.vouchercodes.com US:www.getmyip.org DE:131.220.6.26:80 208.78.70.70:80 |
445 | pcap | raw alerts ruleset |
http 45 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 23:53:00 | Win2K-f | 200.168.86.168 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org US:www.getmyip.org EU:getmyip.co.uk 208.78.70.70:80 US:67.15.94.80:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:23:56:00 | WinXP | 4.130.137.74 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SANTA ANA, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 147 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | 34f1265311 NEW |
none[none] | none:none |
none|none | none | none |