|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:29:00 | Win2K-f | 211.135.63.202 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
| T:00:30:00 | WinXP | 174.44.24.39 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 7a10f959b5 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:38:00 | Win2K-f | 202.128.67.167 (NETPCI.COM): STARTEC GLOBAL COMMUNCATIONS GUAM, AGANA, GUAM, GU. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 196 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 39 38 of 40 |
25d536bea8 NEW 38fe0764dc NEW |
9cffc8f48e [0] de343dc6d8[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:00:42:00 | Win2K-f | 24.76.205.246 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
70.107.249.167:7000 | US:dns.aswend.com | 135 | pcap | raw alerts ruleset |
irc 443 lines |
Yeah : 1.8 profile |
none | summary tarball |
40 of 43 | b55df243e2 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:44:00 | WinXP | 212.129.86.92 (-): METEOR-GPRS, DUBLIN, DUBLIN, IE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 01c4a6b3eb NEW |
dd524b0259 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:49:00 | WinXP | 174.39.178.232 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, NORTH PLATTE, NEBRASKA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:17:00 | WinXP | 109.86.139.247 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace | |
| 01:31:00 | WinXP | 92.46.158.188 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM KARAGANDA AFFILIATE, KARAGANDA, WEST KAZAKHSTAN, KZ. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | d25ed0cb66 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:40:00 | WinXP | 79.163.154.248 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:47:00 | WinXP | 72.48.64.159 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS SAN ANTONIO HUB, SAN ANTONIO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:02:26:00 | WinXP | 65.113.119.118 (TRANQUILITY.NET): CORAL WIRELESS LLC, HONOLULU, HAWAII, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 1eac709679 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:32:00 | WinXP | 112.206.21.166 (PLDT.NET): IPG, PH. (DSL) |
n/a | US:gg.arrancar.org US:69.43.160.145:555 |
135 | pcap | raw alerts ruleset |
other 334 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | 359ed03913 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:35:00 | Win2K-f | 173.212.37.114 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
68b5e580f0 NEW b475ce7c0b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:49:00 | WinXP | 121.120.16.170 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:04:01:00 | WinXP | 178.157.162.8 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace | |
| T:04:09:00 | Win2K-f | 208.126.64.227 (NETINS.NET): BROOKLYN MUTUAL TELEPHONE CO, BROOKLYN, IOWA, US. (DSL) |
n/a | CN:irc.zief.pl LV:ad.ghura.pl :bb.iwillhavebigdick.com LV:kdert.com LV:streq.cn LV:bestkind.ru PL:randomname.in 173.192.153.178:80 LV:91.188.60.177:80 LV:91.188.60.96:80 |
135 | pcap | raw alerts ruleset |
irc http 1226 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 28 of 43 20 of 42 2 of 43 13 of 43 0 of 43 17 of 43 36 of 43 4 of 42 |
17f476ffd5 NEW 34d6e95d5b NEW 519ddb74fa NEW 5a6ae63b41 NEW 73c8396e88 NEW a61bc13011 NEW b8e8b768cb NEW c69512a223 NEW f34ba103d5 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none none none |
none none none none none none none none none |
| T:04:23:00 | Win2K-f | 88.16.6.71 (RIMA-TDE.NET): TELEFONICA DE ESPANA, MURCIA, MURCIA, ES. (DSL) |
n/a | LV:bestkind.ru CN:irc.zief.pl LV:ad.ghura.pl :bb.iwillhavebigdick.com LV:kdert.com LV:streq.cn US:gg.arrancar.org 173.192.153.178:80 US:69.43.160.145:555 |
445 | pcap | raw alerts ruleset |
http irc 348 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 43 20 of 42 4 of 42 |
34d6e95d5b NEW 519ddb74fa NEW f34ba103d5 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:04:32:00 | WinXP | 66.72.68.29 (AMERITECH.NET): AT&T INTERNET SERVICES, NASHVILLE, INDIANA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:04:49:00 | WinXP | 113.252.42.179 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:09:00 | Win2K-f | 113.254.219.162 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
7f6289ba44 NEW 80ad48ab3e NEW |
3b6bb7e7a6 [0] c0e98a3863[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=64 embedded dns lines=42 |
trace trace |
| T:05:12:00 | WinXP | 59.113.179.41 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:05:49:00 | Win2K-f | 76.189.154.103 (RR.COM): ROAD RUNNER HOLDCO LLC, CLEVELAND, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:03:00 | Win2K-f | 189.5.178.116 (VIRTUA.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 41 | cc04277ea8 NEW |
bac4cc6eec [0] | ASM:Graph |
Armadillo| | lines=218 | trace | |
| T:06:03:00 | Win2K-f | 77.45.53.247 (COM.PL): ASTA-NET CUSTOMERS, WARSAW, WARSZAWA, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 19a2f0507e NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:03:00 | WinXP | 95.93.43.245 (-): TVCABO PORTUGAL S.A, PT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | dacd1ee333 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:03:00 | WinXP | 187.56.218.37 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
60.190.222.139:65520 | DE:proxim.ircgalaxy.pl LV:ad.ghura.pl :bb.iwillhavebigdick.com LV:kdert.com LV:streq.cn LV:bestkind.ru DE:mx-ha02.web.de DE:mx-ha01.web.de DE:nsx1.web.de DE:nsx2.web.de US:mx2.hotmail.com US:mx3.hotmail.com US:mx4.hotmail.com US:ns4.msft.net US:ns5.msft.net US:ns1.msft.net :alt1.gmail-smtp-in.l.google.com :alt2.gmail-smtp-in.l.google.com :alt3.gmail-smtp-in.l.google.com :alt4.gmail-smtp-in.l.google.com :k.mx.mail.yahoo.com US:j.mx.mail.yahoo.com US:ns2.yahoo.com US:ns1.yahoo.com :ns5.yahoo.com CN:ns8.yahoo.com US:mailin-04.mx.aol.com US:dns-07.ns.aol.com US:ns4.yahoo.com AP:ns6.yahoo.com :ns3.yahoo.com US:dns-06.ns.aol.com US:dns-01.ns.aol.com US:dns-02.ns.aol.com 173.192.153.178:80 173.236.31.98:80 GB:212.117.161.188:80 CN:60.190.222.139:65520 CN:60.191.254.235:80 US:69.175.67.194:80 LV:91.188.59.199:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 183 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 43 20 of 42 41 of 43 4 of 42 |
34d6e95d5b NEW 519ddb74fa NEW a61eb9ab88 NEW f34ba103d5 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:06:04:00 | WinXP | 87.69.242.167 (012.NET.IL): GOLDENLINES-ADSL, RISHON LE ZION, HAMERKAZ, IL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 11d4c623eb NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:06:00 | Win2K-f | 90.151.94.50 (PERMONLINE.RU): DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:08:00 | WinXP | 85.182.42.225 (ALICEDSL.DE): HANSENET-ADSL, DORTMUND, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 09130de778 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:20:00 | WinXP | 109.162.37.133 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:kidos-bank.ru US:master-x.com EU:fethard.biz DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:07:02:00 | WinXP | 189.53.118.23 (EMBRATEL.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:07:09:00 | WinXP | 85.179.86.81 (ALICEDSL.DE): HANSENET-ADSL, BERLIN, BERLIN, DE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:07:18:00 | WinXP | 87.103.76.131 (REV.VODAFONE.PT): VODAFONE PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:07:35:00 | WinXP | 79.163.163.247 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, PL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:07:44:00 | WinXP | 117.20.153.109 (-): STARHUB HSPA, SINGAPORE, SINGAPORE, SG. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 07:53:00 | WinXP | 93.102.206.138 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:08:23:00 | Win2K-f | 212.10.33.15 (REV.STOFANET.DK): TELIA STOFA A/S, SLAGELSE, VESTSJALLAND, DK. (DSL) |
83.133.119.206:65520 | DE:proxim.ircgalaxy.pl LV:ad.ghura.pl :bb.iwillhavebigdick.com BR:www.billboxrecords.com.br :www.mlh.co.jp US:www.365.e-secom.jp EU:wow.merlin.org.ua :la2.meganet.org.ua :shop.poziti :cps-h3.ep.sci.hokudai.ac.jp US:www.stone.co.ua LV:kdert.com JP:m-repo.lib.meiji.ac.jp LV:streq.cn 115.125.150.234:443 JP:133.87.45.189:443 PR:200.5.0.0:443 BR:201.20.45.207:443 JP:202.218.203.244:443 UA:212.111.198.59:443 UA:212.42.72.183:443 US:67.15.97.220:443 67.212.184.226:80 |
139 | pcap | raw alerts ruleset |
irc http 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 43 20 of 42 18 of 43 39 of 43 22 of 43 4 of 42 |
34d6e95d5b NEW 519ddb74fa NEW 65e302400b NEW bb2230c1a0 NEW d0a070b647 NEW f34ba103d5 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| 08:28:00 | WinXP | 77.54.142.128 (REV.VODAFONE.PT): VODAFONE PORTUGAL, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:08:40:00 | Win2K-f | 95.28.61.81, 173.192.153.178 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
60.190.222.139:65520 | CN:exe2.perfectexe.com LV:bestkind.ru PL:randomname.in :sb.perfectexe.com DE:proxim.ircgalaxy.pl LV:kdert.com CN:2b.perfectexe.com LV:ad.ghura.pl :nodes.com.ua UA:bunker.org.ua BR:ssl876.locaweb.com.br JP:center.umin.ac.jp JP:www.myeclipseide.jp US:www.365.e-secom.jp JP:131.113.221.138:443 JP:133.87.45.189:443 BR:201.20.45.207:443 UA:212.111.198.59:443 JP:219.109.13.187:443 UA:77.120.121.35:443 EU:91.196.95.24:443 |
445 | pcap | raw alerts ruleset |
irc http 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 43 6 of 43 31 of 43 41 of 43 |
126eba0028 NEW 1a35eea934 NEW 3a894ba0c8 NEW b4afa1df1d NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 09:04:00 | WinXP | 109.86.139.247 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:09:36:00 | WinXP | 201.47.132.239 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:09:45:00 | WinXP | 115.186.22.143 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, LAHORE, PUNJAB, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | 8081b6b58c NEW |
none[none] | none:none |
none|none | none | none |
| T:09:55:00 | Win2K-f | 122.146.81.201 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:10:00:00 | WinXP | 59.103.204.199 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | aad01847fa NEW |
none[none] | none:none |
none|none | none | none |
| T:10:18:00 | WinXP | 151.82.95.203 (51-151.NET24.IT): IUNET-BNET, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:21:00 | Win2K-f | 70.128.20.170 (PARAGOULD.NET): PARAGOULD CITY LIGHT & WATER, PARAGOULD, ARKANSAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 42 41 of 42 |
4d91db06f4 NEW 80ad2a0006 NEW |
67419c8838 [0] 06729732e0[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:11:24:00 | WinXP | 173.30.195.68 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, FEDERAL WAY, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 39 of 41 |
10759405e0 NEW d08e00dfaf NEW |
292d343248 [0] 854c49d8c4[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| 12:03:00 | WinXP | 174.44.24.39 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 7a10f959b5 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:03:00 | WinXP | 65.254.160.215 (GCRONLINE.NET): GCR COMPANY, SOUTH BOSTON, VIRGINIA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 12:29:00 | WinXP | 79.163.243.151 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, PL. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:13:01:00 | WinXP | 24.155.22.206 (GRANDENETWORKS.NET): CLEARSOURCE INC, SAN ANTONIO, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:06:00 | Win2K-f | 4.170.0.155 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KEY BISCAYNE, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:32:00 | WinXP | 204.111.10.174 (MERIDIANINC.COM): SHENTEL SERVICE COMPANY, EDINBURG, VIRGINIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:13:42:00 | WinXP | 50.15.22.179 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:09:00 | WinXP | 89.194.198.227 (-): ORANGE HIGH SPEED INTERNET, LONDON, ENGLAND, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 42 | 2649ca00e5 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:41:00 | WinXP | 62.140.34.163 (TELERING.AT): T-MOBILE AUSTRIA GMBH, VIENNA, WIEN, AT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:15:52:00 | Win2K-f | 68.192.127.136 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), LAKEWOOD, NEW JERSEY, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:16:15:00 | Win2K-f | 70.128.25.15 (PARAGOULD.NET): PARAGOULD CITY LIGHT & WATER, PARAGOULD, ARKANSAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 42 41 of 42 |
4d91db06f4 NEW 80ad2a0006 NEW |
67419c8838 [0] 06729732e0[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:16:22:00 | Win2K-f | 99.147.79.245 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:18:05:00 | Win2K-f | 70.63.94.161 (RR.COM): ROAD RUNNER HOLDCO LLC, JACKSONVILLE, NORTH CAROLINA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1002 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 41 | 43b8f21924 NEW |
none[3] | none:none |
none|none | none | trace | |
| T:18:44:00 | Win2K-f | 94.197.227.35 (THREE.CO.UK): MOBILE BROADBAND SERVICE, MANCHESTER, ENGLAND, UK. (DSL) |
n/a | DE:proxim.ircgalaxy.pl US:microsoft.com LV:ad.ghura.pl :cps-h3.ep.sci.hokudai.ac.jp US:www.365.e-secom.jp JP:center.umin.ac.jp :www.mlh.co.jp GB:forum.gryada.org.ua US:www.iknow.co.jp :www.imagemfolheados.com.br UA:hosting.cnrg.com.ua JP:g105.secure.ne.jp :www.digimer.com.br RU:www.treasuryislandcasino.com.ua 115.125.150.234:443 JP:130.69.92.68:443 187.17.83.154:443 GB:193.169.188.64:443 JP:202.164.228.11:443 JP:203.179.38.26:443 RU:87.239.184.105:443 |
135 | pcap | raw alerts ruleset |
irc http 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 31 of 43 none |
3954175906 NEW ab65121be3 NEW fd9b49840f NEW |
none[none] none [none] fd9b49840f[1] |
none:none none:none ASM:Graph |
none|none none|none Armadillo| |
none none lines=81 |
none none trace |
| T:19:02:00 | WinXP | 96.15.143.39 (-): ALLTEL SIP CUSTOMERS - LITTLE ROCK, FOREMAN, ARKANSAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
53aa804019 NEW 95ddd4a823 NEW |
29c6cdbf45 [0] 9e78315a6d[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:19:08:00 | WinXP | 72.35.6.197 (RHCCI.NET): FUSEPOINT MANAGED SERVICES, TORONTO, ONTARIO, CA. (DSL) |
60.190.222.139:65520 | DE:proxim.ircgalaxy.pl | 139 | pcap | raw alerts ruleset |
irc 35 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | d23c6c308f NEW |
none[none] | none:none |
none|none | none | none |
| T:19:21:00 | Win2K-f | 71.173.76.164 (MYFAIRPOINT.NET): FAIRPOINT COMMUNICATIONS INC, YARMOUTH, MAINE, US. (DSL) |
n/a | 115.125.150.227:443 JP:131.206.55.11:443 JP:163.209.180.1:443 191.132.154.190:443 BR:200.192.143.87:443 PR:200.5.0.0:443 BR:201.20.45.207:443 JP:202.218.111.122:443 204.145.82.228:443 US:69.57.128.35:443 UA:82.193.122.190:443 TR:88.240.41.129:443 |
135 | pcap | raw alerts ruleset |
other 8 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:22:00 | WinXP | 75.92.30.118 (CLEARWIRE-DNS.NET): CLEARWIRE US LLC, SPRINGDALE, ARKANSAS, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:20:23:00 | Win2K-f | 12.65.0.175 (PRSERV.NET): AT&T GLOBAL SERVICES, MIAMI, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:20:36:00 | Win2K-f | 122.146.240.216 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:00:00 | Win2K-f | 61.205.153.46 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
| T:21:18:00 | WinXP | 24.81.21.225 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1012 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 41 | 682a384fe9 NEW |
none[3] | none:none |
none|none | none | trace | |
| T:22:12:00 | WinXP | 70.126.154.4 (RR.COM): ROAD RUNNER HOLDCO LLC, BRADENTON, FLORIDA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:40:00 | Win2K-f | 175.112.245.37 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 41 33 of 33 |
8b41cb7a41 NEW 97fef473b9 NEW |
ef18d720f3 [0] ff4e7d6992[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=90 lines=64 embedded dns |
trace trace |
| T:23:17:00 | Win2K-f | 72.184.203.91 (RR.COM): ROAD RUNNER HOLDCO LLC, BRANDON, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 37 of 39 |
1da4193446 NEW 6278c9374a NEW |
8a97c8536a [none] cc7aaf6ea9[none] |
none:none none:none |
none|none none|none |
none none |
none none |