|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:01:07:00 | WinXP | 121.121.166.32 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:02:00:00 | Win2K-f | 24.78.244.13 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 41 |
34cbe7a593 NEW 3e83a2d4d7 NEW |
d38cb78003 [0] b97fd63d29[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:02:05:00 | WinXP | 115.81.134.158 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:02:10:00 | WinXP | 92.115.140.235 (HOST-STATIC-92-115-28-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | aad01847fa NEW |
none[none] | none:none |
none|none | none | none |
| 02:43:00 | WinXP | 92.115.140.235 (HOST-STATIC-92-115-28-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | aad01847fa NEW |
none[none] | none:none |
none|none | none | none |
| T:04:04:00 | Win2K-f | 216.211.244.134 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 37 of 41 |
c89b154681 NEW d2b40c91a1 NEW |
58d02dbffa [0] fbaa414397[0] |
ASM:Graph ASM:Graph |
StarForce| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:04:25:00 | Win2K-f | 4.248.74.72 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, JACKSON, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:04:27:00 | WinXP | 112.197.72.84 (-): SAIGON TOURIST CABLE TELEVISION, VN. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 5818023061 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:05:38:00 | Win2K-f | 24.71.19.184 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VERNON, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 43 | 22dc0c0b80 NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:49:00 | WinXP | 115.83.42.136 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:05:56:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:05:59:00 | WinXP | 119.154.55.176 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, LAHORE, PUNJAB, PK. (DSL) |
213.155.0.224:80 | CN:irc.zief.pl DE:citi-bank.ru CN:60.190.222.139:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 43 | a749b00e15 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:15:00 | WinXP | 180.144.72.30 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | 7b313206a2 NEW |
0c866c8cce [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:06:20:00 | Win2K-f | 218.50.81.179 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.206:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com :bb.iwillhavebigdick.com LV:kdert.com LV:streq.cn 173.192.153.178:80 173.224.120.138:80 173.236.31.98:80 184.154.40.58:80 GB:212.117.161.188:80 CN:60.191.254.235:80 LV:91.188.60.16:80 LV:91.188.60.96:80 |
135 | pcap | raw alerts ruleset |
irc http 218 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 43 26 of 43 40 of 43 4 of 42 |
a677ec43bd NEW afd0915c1a NEW e1a27921fa NEW f34ba103d5 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:06:33:00 | WinXP | 79.163.58.144 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:06:42:00 | Win2K-f | 4.143.209.14 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 164 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
5af05bec2e NEW ff34a1caa4 NEW |
ec2138d5b2 [0] 979a6569d4[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:06:49:00 | Win2K-f | 89.203.66.159 (ANS-CONSULT.COM): FAST TELECOMMUNICATIONS COMPANY, KW. (DSL) |
83.133.119.206:65520 | DE:proxim.ircgalaxy.pl LV:ad.ghura.pl :bb.iwillhavebigdick.com LV:kdert.com LV:streq.cn LV:bestkind.ru PL:unknownname.in 173.192.153.178:80 173.236.31.98:80 LV:91.188.59.199:80 |
445 | pcap | raw alerts ruleset |
irc http 42 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 43 28 of 43 20 of 35 13 of 42 14 of 43 26 of 43 4 of 42 |
2c19b67965 NEW 34d6e95d5b NEW 47619862ad NEW 4bd9563a04 NEW ac7d456668 NEW afd0915c1a NEW f34ba103d5 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none |
none none none none none none none |
| T:06:54:00 | WinXP | 79.163.128.151 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WROCLAW, DOLNOSLASKIE, PL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:06:54:00 | Win2K-f | 113.252.210.108 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8887d42f5c NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace | |
| T:07:10:00 | WinXP | 98.103.2.96 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
62.193.249.122:3305 | IT:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 607 lines |
Yeah : 1.8 profile |
none | summary tarball |
40 of 43 | 435e5e1bba NEW |
none[none] | none:none |
none|none | none | none |
| T:07:58:00 | WinXP | 24.103.188.37 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
0563ea7af7 NEW 7e1532574f NEW |
bc2e11a802 [0] e6930769d0[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=65 embedded dns lines=91 |
trace trace |
| T:07:58:00 | WinXP | 4.153.2.19 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NORTH AUGUSTA, SOUTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 08:02:00 | Win2K-f | 61.16.247.68 (DIRECT.NET.IN): TATA COMMUNICATIONS INTERNET SERVICES LTD, NEW DELHI, DELHI, IN. (DSL) |
n/a | US:www.maxmind.com US:checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:08:10:00 | Win2K-f | 61.16.247.68 (DIRECT.NET.IN): TATA COMMUNICATIONS INTERNET SERVICES LTD, NEW DELHI, DELHI, IN. (DSL) |
n/a | US:www.maxmind.com :getmyip.co.uk :www.mail.ru EU:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:08:25:00 | WinXP | 109.86.115.157 (JWS.COM): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:30:00 | WinXP | 79.163.129.81 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| 08:34:00 | WinXP | 79.163.129.81 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:08:53:00 | WinXP | 211.179.63.177 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.206:65520 | CN:proxima.ircgalaxy.pl US:microsoft.com :bb.iwillhavebigdick.com LV:kdert.com LV:streq.cn LV:bestkind.ru PL:unknownname.in 173.192.153.178:80 173.236.31.98:80 184.154.40.58:80 DE:83.133.119.206:65520 PL:89.149.223.252:80 |
135 | pcap | raw alerts ruleset |
irc http 155 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 43 28 of 43 20 of 35 39 of 41 14 of 43 26 of 43 31 of 33 4 of 42 |
2c19b67965 NEW 34d6e95d5b NEW 47619862ad NEW ab9c4b5f21 NEW ac7d456668 NEW afd0915c1a NEW d789c8d157 NEW f34ba103d5 NEW |
none[none] none [none] none [none] 5fe48b2dcc[0] none [none] none [none] 5f6572479f[0] none [none] |
none:none none:none none:none ASM:Graph none:none none:none ASM:Graph none:none |
none|none none|none none|none Armadillo| none|none none|none PolyEnE| none|none |
none none none lines=42 none none lines=113 embedded dns none |
none none none trace none none trace none |
| T:09:09:00 | WinXP | 189.116.239.35 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 40 | 65db8c1d0d NEW |
none[none] | none:none |
none|none | none | none |
| T:09:12:00 | WinXP | 61.219.244.133 (HINET.NET): SHENG YANG CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| 09:31:00 | WinXP | 109.86.115.157 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:47:00 | WinXP | 4.163.196.5 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ELBERT, COLORADO, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:48:00 | WinXP | 112.197.130.111 (-): SAIGON TOURIST CABLE TELEVISION, VN. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 01c4a6b3eb NEW |
dd524b0259 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:50:00 | WinXP | 64.188.192.81 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
n/a | RU:siliconfireware.ru RU:auction.nic.ru :www.google-analytics.com RU:domain-parking.ru RU:ebookfinaltrash.ru :www.epartner.ru :erotds.net EU:eropod.com EU:videoxx-vitrina.com RU:whatdo.ru :wpad RU:www.bbin.ru |
445 | pcap | raw alerts ruleset |
http http http http 700 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | db03c02347 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:17:00 | WinXP | 113.252.210.108 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8887d42f5c NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace |
| T:10:31:00 | Win2K-f | 173.212.34.195 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
68b5e580f0 NEW b475ce7c0b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:32:00 | WinXP | 109.86.250.227 (JWS.COM): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:39:00 | WinXP | 96.8.128.63 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 40 |
9bdd2c95b1 NEW cd456ac095 NEW |
d1bbd693ba [0] d75caee680[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:11:50:00 | WinXP | 178.92.150.116 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:12:10:00 | WinXP | 70.44.40.143 (PTD.NET): PENTELEDATA INC. - CABLE, MILFORD, PENNSYLVANIA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:13:08:00 | WinXP | 70.71.118.214 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LANGLEY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 43 38 of 42 |
27faa1bee8 NEW 95305fb0b1 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:20:00 | WinXP | 79.1.252.71 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, VERONA, VENETO, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | ef1952306e NEW |
none[none] | none:none |
none|none | none | none |
| T:13:47:00 | WinXP | 115.186.26.42 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, PK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | 8081b6b58c NEW |
none[none] | none:none |
none|none | none | none |
| T:14:09:00 | WinXP | 113.252.88.252 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | d8e60db98a NEW |
6991257f56 [0] | ASM:Graph |
pex| | lines=42 | trace |
| T:14:11:00 | WinXP | 93.105.45.189 (VECTRANET.PL): BROADBAND SERS OF VECTRA S.A, WARSAW, WARSZAWA, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ffbb6cbe61 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:14:12:00 | Win2K-f | 92.80.105.134 (ROMTELECOM.NET): ROMTELECOM DATA NETWORK, BUCHAREST, BUCURESTI, RO. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | f996bf0275 NEW |
1e4ad6cdb1 [0] | ASM:Graph |
ASPack| | lines=3065 embedded dns |
trace | |
| T:14:16:00 | Win2K-f | 84.108.128.98 (BEZEQINT.NET): CABLES-CUSTOMERS-CONNECTION, JERUSALEM, YERUSHALAYIM, IL. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 17f4f7fd38 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:19:00 | WinXP | 77.254.154.183 (INETIA.PL): INTERNETIA, KRAKOW, MALOPOLSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 6704922c65 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:14:20:00 | WinXP | 88.28.31.0 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), MADRID, MADRID, ES. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 4dd4197eb4 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:14:23:00 | Win2K-f | 78.131.44.149 (HDSNET.HU): KISPEST DOCSIS, BUDAPEST, BUDAPEST, HU. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | c03793a035 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| 14:24:00 | WinXP | 88.29.41.127 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), MADRID, MADRID, ES. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | e6cfefd7ea NEW |
none[none] | none:none |
none|none | none | none |
| T:14:25:00 | Win2K-f | 217.201.30.9 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 647430c87b NEW |
none[none] | none:none |
none|none | none | none |
| T:14:28:00 | Win2K-f | 178.36.120.78 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 3901a3305a NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:40:00 | WinXP | 113.252.180.245 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 46bf358cc3 NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace |
| T:14:53:00 | WinXP | 46.32.152.242 (-): . |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | ace3787bc2 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:11:00 | Win2K-f | 77.252.91.106 (OLKUSZ.PL): EUROCOM-OLKUSZ, WARSAW, WARSZAWA, PL. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | b41e2557c8 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:18:00 | Win2K-f | 24.172.164.183 (RR.COM): ROAD RUNNER HOLDCO LLC, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 57a0c6b729 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:27:00 | WinXP | 208.94.182.230 (KARIBCABLE.COM): KARIB CABLE, KINGSTOWN, SAINT GEORGE, VC. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:15:29:00 | Win2K-f | 118.161.196.67 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 8128405d8c NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:15:32:00 | WinXP | 85.216.181.122 (CHELLO.SK): UPC SLOVAKIA, BRATISLAVA, BRATISLAVA, SK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:32:00 | Win2K-f | 95.160.189.45 (VECTRANET.PL): BROADBAND USERS OF VECTRA S.A, OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | 72c317205f NEW |
none[none] | none:none |
none|none | none | none |
| T:15:40:00 | WinXP | 77.254.187.232 (INETIA.PL): INTERNETIA, BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 29a3030e16 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:15:42:00 | Win2K-f | 79.16.179.193 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, PADOVA, VENETO, IT. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | b68d420d61 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:15:45:00 | WinXP | 186.36.20.124 (CHILESAT.NET): TELMEX SERVICIOS EMPRESARIALES S.A, CL. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 309898871c NEW |
none[none] | none:none |
none|none | none | none |
| T:15:50:00 | Win2K-f | 123.194.1.104 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b35d8ec50e NEW |
none[none] | none:none |
none|none | none | none |
| T:16:08:00 | Win2K-f | 89.167.16.215 (-): NPLAY ISP NETWORK LUBLIN POLAND, LUBLIN, LUBELSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 379a6daa0d NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:16:11:00 | WinXP | 78.84.53.14 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 4dd4197eb4 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:16:20:00 | Win2K-f | 68.174.72.186 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. (100Mbps) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 4dd4197eb4 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
| T:16:22:00 | WinXP | 86.63.96.155 (COM.PL): ASTA-NET CUSTOMERS, WARSAW, WARSZAWA, PL. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | f534041536 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:16:23:00 | WinXP | 124.239.151.167 (163DATA.COM.CN): CHINANET HEBEI PROVINCE NETWORK, BEIJING, BEIJING, CN. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | ffbb6cbe61 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:16:47:00 | WinXP | 85.67.142.215 (BACS-NET.HU): FIBERNET COMMUNICATION CO, BUDAPEST, BUDAPEST, HU. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 50cdd5c6cf NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:16:55:00 | Win2K-f | 173.240.117.44 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 0d499b2d7b NEW |
none[none] | none:none |
none|none | none | none | |
| 17:01:00 | WinXP | 70.44.145.221 (PTD.NET): PENTELEDATA INC. - CABLE, HAZLETON, PENNSYLVANIA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | d1377a8b90 NEW |
ad56da3672 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:05:00 | WinXP | 219.84.7.92 (SO-NET.NET.TW): SONY NETWORK TAIWAN LIMITED, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:51:00 | WinXP | 64.24.142.183 (MCLEODUSA.NET): PAETEC COMMUNICATIONS INC, ROCHESTER, NEW YORK, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b NEW |
none[0] | none:none |
none|none | lines=64 | trace | |
| T:18:35:00 | WinXP | 121.121.43.141 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | 543e92e51d NEW |
none[none] | none:none |
none|none | none | none |
| 18:41:00 | Win2K-f | 122.180.105.35 (122.AIRTELBROADBAND.IN): BHARTI AIRTEL LTD. TELEMEDIA SERVICES, NEW DELHI, DELHI, IN. (DSL) |
n/a | US:www.maxmind.com :getmyip.co.uk :www.mail.ru EU:checkip.dyndns.org :www.getmyip.org US:67.15.94.80:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:18:46:00 | Win2K-f | 186.19.239.42 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 8088cf3c73 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:20:00 | WinXP | 121.121.15.106 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | b46489628e NEW |
none[none] | none:none |
none|none | none | none |
| T:19:23:00 | Win2K-f | 219.80.255.41 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 1 of 33 |
53bfe15e91 NEW c562e2226d NEW |
1473091351 [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=75 embedded dns none |
trace none |
| T:19:27:00 | WinXP | 184.74.74.92 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:38:00 | Win2K-f | 173.31.92.213 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MIDDLETOWN, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:52:00 | Win2K-f | 77.253.131.190 (INETIA.PL): INTERNETIA, SZCZECIN, ZACHODNIOPOMORSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | f534041536 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:20:11:00 | WinXP | 188.109.12.88 (ARCOR-IP.NET): ARCOR AG & CO. KG, DE. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | 013a5ba10e NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
| T:20:12:00 | WinXP | 187.27.102.124 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:20:34:00 | Win2K-f | 68.200.105.157 (RR.COM): ROAD RUNNER HOLDCO LLC, LARGO, FLORIDA, US. (DSL) |
62.193.249.122:3305 | IT:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 607 lines |
Yeah : 1.8 profile |
none | summary tarball |
43 of 43 | 03e53fb32a NEW |
none[none] | none:none |
none|none | none | none |
| T:20:50:00 | WinXP | 113.254.60.209 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 38 of 41 |
a5ceb6c29d NEW adadfc0e1c NEW |
d64cd9d18b [0] 0f57439d82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:20:58:00 | WinXP | 72.184.203.91 (RR.COM): ROAD RUNNER HOLDCO LLC, BRANDON, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 37 of 39 |
1da4193446 NEW 6278c9374a NEW |
8a97c8536a [none] cc7aaf6ea9[none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:25:00 | WinXP | 93.116.103.245 (HOST-STATIC-93-116-0-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:23:26:00 | WinXP | 219.234.80.181 (IAPCM.AC.CN): BEIJING TELETRON TELECOM ENGINEERING CO. LTD, BEIJING, BEIJING, CN. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:29:00 | WinXP | 178.167.171.20 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |