|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:59:00 | Win2K-f | 113.254.24.123 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 538 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 42 | b45117d840 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:34:00 | WinXP | 114.51.160.96 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:02:47:00 | WinXP | 125.4.227.106 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOKYO, TOKYO, JP. (DSL) |
62.193.249.122:3305 | KR:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 695 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 41 | b8076e37ae NEW |
52953fed05 [0] | none:none |
StarForce| | none | trace |
| T:03:00:00 | WinXP | 220.216.56.94 (THN.NE.JP): TOKAI CORPORATION, SHIZUOKA, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
6a6aaa5b73 NEW 8bde6dd126 NEW |
63889c9976 [0] 885c68f500[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:03:30:00 | WinXP | 186.40.78.129 (E-CORPNET.ORG): TELEFONICA MOVIL DE CHILE S.A, CL. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | f45285574e NEW |
d984958bf9 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:39:00 | WinXP | 59.103.213.230 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | f379e9f26f NEW |
none[none] | none:none |
none|none | none | none |
| T:05:15:00 | Win2K-f | 98.154.54.49 (RR.COM): ROAD RUNNER HOLDCO LLC, FULLERTON, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:13:00 | WinXP | 79.163.109.183 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:06:14:00 | Win2K-f | 180.70.142.54 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
91.188.59.12:65520 | LV:proxima.ircgalaxy.pl US:microsoft.com |
135 | pcap | raw alerts ruleset |
irc 164 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 41 31 of 33 |
ab9c4b5f21 NEW d789c8d157 NEW |
5fe48b2dcc [0] 5f6572479f[0] |
ASM:Graph ASM:Graph |
Armadillo| PolyEnE| |
lines=42 lines=113 embedded dns |
trace trace |
| T:06:44:00 | Win2K-f | 77.223.189.33 (-): NEAS-MYADMIN-PHASE, NO. (DSL) |
60.190.222.139:65520 | LV:proxima.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:51:00 | Win2K-f | 70.68.139.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:58:00 | WinXP | 64.181.117.210 (-): JHW CHARITABLE ANNUITY TRUST, CHARLESTON, WEST VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 38 of 40 |
67f1a33096 NEW 724cf0dc37 NEW |
148e04eaab [0] 901dd267d4[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:07:09:00 | Win2K-f | 4.225.169.152 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ITALY, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:08:04:00 | WinXP | 79.163.198.19 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, PL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:08:51:00 | Win2K-f | 187.160.138.115 (NIC-R2-R1-MTY.NIC.MX): NETWORK INFORMATION CENTER MEXICO, MX. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 778 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:53:00 | WinXP | 190.241.118.83 (HOST1-RACSA.CO.CR): RADIGRAFICA COSTARRICENSE, CR. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 796 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:02:00 | WinXP | 190.255.78.58 (TELEFONICA.NET.CO): COLOMBIA TELECOMUNICACIONES S.A. ESP, SANTAFé DE BOGOTá, DISTRITO ESPECIAL, CO. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 780 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:05:00 | WinXP | 190.105.78.124 (-): . |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 781 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:05:00 | Win2K-f | 178.150.51.153 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info :kukutrustnet777.info DE:kukutrustnet888.info :kukutrustnet987.info |
135 | pcap | raw alerts ruleset |
irc 821 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 | 3d837c6275 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:08:00 | Win2K-f | 41.251.167.61 (IAM.NET.MA): AFRINIC, CASABLANCA, CASABLANCA, MA. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 852 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 42 | 96a0cbeb88 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:45:00 | Win2K-f | 186.19.239.81 (-): . |
70.107.249.167:7000 | US:dns.aswend.com | 135 | pcap | raw alerts ruleset |
irc 238 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | 88730549bb NEW |
none[none] | none:none |
none|none | none | none |
| T:09:47:00 | WinXP | 186.19.127.247 (-): . |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 778 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:08:00 | WinXP | 117.254.220.26 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f592d52f3c NEW |
85a7174aed [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:10:58:00 | Win2K-f | 124.241.150.77 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
62.193.249.122:3305 | IT:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 695 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:10:00 | Win2K-f | 190.158.157.40 (DAVITA.COM): TV CABLE S.A, SANTAFé DE BOGOTá, DISTRITO ESPECIAL, CO. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 778 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:16:00 | Win2K-f | 92.242.86.189 (IP-TELECOM.RU): BUSINESS COMMUNICATION AGENCY, RU. (DSL) |
92.237.69.33:6667 | :wankers.no-ip.org | 135 | pcap | raw alerts ruleset |
lanman shell shell shell shell shell shell irc 347 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 42 | 3b2231069b NEW |
none[none] | none:none |
none|none | none | none |
| T:11:22:00 | Win2K-f | 86.106.230.179 (HOST-STATIC-86-106-247-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
n/a | EU:convict.no-ip.org **:10.2.31.9:1433 |
135 | pcap | raw alerts ruleset |
irc 799 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 42 | a1d686010e NEW |
none[none] | none:none |
none|none | none | none |
| 11:32:00 | Win2K-f | 186.9.139.195 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 778 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:33:00 | WinXP | 186.10.170.158 (-): . |
n/a | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 777 lines |
Yeah : 0.8 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:33:00 | Win2K-f | 186.10.16.39 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 781 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:48:00 | WinXP | 109.87.137.156 (JWS.COM): EU-ZZ, UK. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 689 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 42 | 957eacda80 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:48:00 | Win2K-f | 186.9.161.145 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info US:mmmontage.ath.cx IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 790 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:53:00 | WinXP | 190.208.111.238 (-): TELMEX CHILE S.A HFC, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 778 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:11:00 | WinXP | 109.87.134.198 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
other 738 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 42 | cdcf98e4fe NEW |
none[none] | none:none |
none|none | none | none |
| T:12:11:00 | Win2K-f | 186.10.6.57 (IMOVIL.ENTELPCS.CL): ENTEL PCS TELECOMUNICACIONES S.A, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 780 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:21:00 | WinXP | 41.251.137.243 (IAM.NET.MA): AFRINIC, MARRAKESH, MARRAKECH, MA. (DSL) |
n/a | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 831 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 42 | 96a0cbeb88 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:46:00 | Win2K-f | 109.86.203.222 (JWS.COM): EU-ZZ, UK. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 722 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 42 | 1a42c2f906 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:53:00 | Win2K-f | 187.160.119.140 (NIC-R2-R1-MTY.NIC.MX): NETWORK INFORMATION CENTER MEXICO, MX. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info IT:143.225.93.198:65267 |
135 | pcap | raw alerts ruleset |
irc 778 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:53:00 | WinXP | 190.208.76.59 (-): TELMEX CHILE S.A HFC, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 782 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:53:00 | WinXP | 125.4.244.193 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 40 of 41 |
1b1db1c992 NEW 8a50345c2f NEW |
a8036b5105 [0] 585123125f[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:13:24:00 | Win2K-f | 98.157.13.84 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 13:52:00 | Win2K-f | 186.87.190.122 (HOODPACKAGING.COM): TV CABLE S.A, CO. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 791 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:55:00 | Win2K-f | 71.107.141.233 (VERIZON.NET): VERIZON INTERNET SERVICES INC, HUNTINGTON BEACH, CALIFORNIA, US. (DSL) |
62.193.249.122:3305 | EU:cx10man.weedns.com EU:fx010413.whyI.org FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 695 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 41 | deffdf68e8 NEW |
2b011e15ba [0] | ASM:Graph |
StarForce| | lines=3122 embedded dns |
trace |
| T:14:33:00 | Win2K-f | 173.168.35.88 (RR.COM): ROAD RUNNER HOLDCO LLC, NAPLES, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:34:00 | WinXP | 24.76.93.29 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:40:00 | WinXP | 151.82.132.94 (51-151.NET24.IT): IUNET-BNET, IT. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8e26f3c975 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:43:00 | Win2K-f | 24.246.152.92 (-): MORRIS BROADBAND LLC, AUGUSTA, GEORGIA, US. (DSL) |
60.190.222.139:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com |
135 | pcap | raw alerts ruleset |
irc 133 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 35 of 36 |
bea8cb1865 NEW fac78fde16 NEW |
154de51a66 [0] 882896ab05[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=126 embedded dns |
trace trace |
| T:16:06:00 | WinXP | 174.39.243.32 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, YORK, NEBRASKA, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | be560d19a9 NEW |
none[none] | none:none |
none|none | none | none |
| 16:30:00 | Win2K-f | 190.208.76.59 (-): TELMEX CHILE S.A HFC, SANTIAGO, REGION METROPOLITANA, CL. (DSL) |
143.225.93.198:65267 | IT:pimp.foilball.info | 135 | pcap | raw alerts ruleset |
irc 794 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 42 | 6e4e6297a0 NEW |
none[none] | none:none |
none|none | none | none |
| 16:35:00 | Win2K-f | 200.107.121.33 (-): SERCOM DE HONDURAS, TEGUCIGALPA, FRANCISCO MORAZAN, HN. (DSL) |
n/a | US:www.maxmind.com :checkip.dyndns.org EU:getmyip.co.uk :www.vouchercodes.com US:www.getmyip.org DE:131.220.6.26:80 208.78.70.70:80 US:75.126.138.202:80 94.236.56.130:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:17:01:00 | WinXP | 173.168.63.133 (RR.COM): ROAD RUNNER HOLDCO LLC, LUTZ, FLORIDA, US. (DSL) |
n/a | FR:cx10man.weedns.com FR:fx010413.whyI.org FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 694 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:20:00 | Win2K-f | 4.174.179.181 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VINELAND, NEW JERSEY, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 36 of 40 |
47d3548e36 NEW d8722af110 NEW |
ab13346633 [0] ab30a55931[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:17:41:00 | WinXP | 71.100.194.135 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LAKELAND, FLORIDA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:56:00 | Win2K-f | 174.39.174.148 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, NORTH PLATTE, NEBRASKA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 170 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 95ddd4a823 NEW |
9e78315a6d [0] | ASM:Graph |
Armadillo| | lines=91 | trace | |
| T:18:41:00 | WinXP | 210.126.248.6 (KRLINE.NET): KRNIC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 35 of 38 |
9199efd9a1 NEW b9297745a1 NEW |
none[none] 4294884d84[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=64 embedded dns |
none trace |
| T:18:46:00 | WinXP | 125.4.243.210 (ZAQ.NE.JP): J:COM WEST CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 37 of 41 |
98d2778fd6 NEW f676f3bf5b NEW |
9feea491cb [0] 0fba495fc4[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:18:49:00 | WinXP | 189.48.164.114 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, RIO DE JANEIRO, RIO DE JANEIRO, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:19:05:00 | Win2K-f | 65.30.50.207 (RR.COM): ROAD RUNNER HOLDCO LLC, LIBERTY, MISSOURI, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:12:00 | WinXP | 76.167.243.90 (RR.COM): ROAD RUNNER HOLDCO LLC, LOS ANGELES, CALIFORNIA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:19:48:00 | WinXP | 125.230.97.106 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 19:56:00 | Win2K-f | 94.24.136.109 (IS74.RU): INTERSVYAZ-2 JSC, RU. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org EU:getmyip.co.uk :checkip.dyndns.org DE:131.220.6.26:80 208.78.70.70:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:20:04:00 | Win2K-f | 94.24.136.109 (IS74.RU): INTERSVYAZ-2 JSC, RU. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:20:41:00 | WinXP | 118.15.23.19 (OCN.NE.JP): OPEN COMPUTER NETWORK, YOKOHAMA, KANAGAWA, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| 21:01:00 | Win2K-f | 94.102.11.233 (NI.NET.TR): NETINTERNET BILGISAYAR VE TELEKOMUNIKASYAN SAN. VE TIC. LTD. STI, TR. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org EU:getmyip.co.uk :checkip.dyndns.org 208.78.70.70:80 US:67.15.94.80:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:21:27:00 | WinXP | 220.213.91.142 (WAKWAK.NE.JP): XEPHION-CIDR-BLK, KYOTO, KYOTO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| 23:49:00 | WinXP | 114.27.82.58 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |