|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:05:00 | Win2K-f | 200.107.121.52 (-): SERCOM DE HONDURAS, TEGUCIGALPA, FRANCISCO MORAZAN, HN. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org EU:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 00:34:00 | Win2K-f | 115.186.154.101 (115-186-128-10.NAYATEL.PK): MICRONET BROADBAND (PVT) LTD, ISLAMABAD, ISLAMABAD, PK. (DSL) |
n/a | US:www.maxmind.com US:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:01:09:00 | Win2K-f | 194.19.234.252 (-): BTG, RIGA, RIGA, LV. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:20:00 | WinXP | 96.13.8.37 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - ATLANTA, MOULTRIE, GEORGIA, US. (DSL) |
n/a | :moscow-advokat.ru :caen.fr.eu.undernet.org :gaspode.zanet.org.za AT:graz.at.eu.undernet.org SE:ced.dal.net SE:viking.dal.net SE:ozbytes.dal.net :brussels.be.eu.undernet.org :washington.dc.us.undernet.org NL:diemen.nl.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:01:34:00 | Win2K-f | 64.175.160.91 (PACBELL.NET): AT&T INTERNET SERVICES, CARLSBAD, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:58:00 | Win2K-f | 61.215.146.218 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
10c560fc02 NEW 1b8d146832 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:35:00 | Win2K-f | 173.168.81.7 (RR.COM): ROAD RUNNER HOLDCO LLC, LUTZ, FLORIDA, US. (DSL) |
62.193.249.122:3305 | IT:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 607 lines |
Yeah : 1.8 profile |
none | summary tarball |
42 of 43 | 4e53336b38 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:50:00 | WinXP | 110.9.146.80 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | DE:proxima.ircgalaxy.pl US:microsoft.com CN:60.190.222.139:65520 DE:83.133.119.206:65520 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 31 of 33 |
ab9c4b5f21 NEW d789c8d157 NEW |
5fe48b2dcc [0] 5f6572479f[0] |
ASM:Graph ASM:Graph |
Armadillo| PolyEnE| |
lines=42 lines=113 embedded dns |
trace trace |
| T:03:02:00 | Win2K-f | 115.186.154.101 (115-186-128-10.NAYATEL.PK): MICRONET BROADBAND (PVT) LTD, ISLAMABAD, ISLAMABAD, PK. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org :getmyip.co.uk EU:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:03:52:00 | WinXP | 79.163.226.247 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:04:28:00 | Win2K-f | 122.149.75.178 (DODO.COM.AU): LAYER 2 BROADBAND CUSTOMER NETWORK, AU. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1022 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 40 | 4af34f0119 NEW |
none[none] | none:none |
none|none | none | none | |
| 06:04:00 | WinXP | 78.48.207.27 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, ESSEN, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:06:18:00 | WinXP | 121.121.252.193 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | ed43adc9b7 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:49:00 | WinXP | 61.215.167.118 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
10eebdc28e NEW 761a66b891 NEW |
e2ca2da35d [0] b469dac5dc[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:07:05:00 | WinXP | 119.103.168.58 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, WUHAN, HUBEI, CN. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 07:10:00 | WinXP | 87.18.110.219 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, ENNA, SICILIA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:19:00 | WinXP | 193.92.154.24 (FORTHNET.GR): FORTHNET-NOC-ATH, ATHENS, ATTIKI, GR. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:31:00 | Win2K-f | 116.126.201.37 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | CN:proxim.ircgalaxy.pl US:microsoft.com CN:60.190.222.139:65520 DE:83.133.119.206:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce NEW 58c343a8d8 NEW |
c67adf46e2 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=126 embedded dns lines=91 |
trace trace |
| T:07:52:00 | WinXP | 59.121.33.149 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | :moscow-advokat.ru SE:vancouver.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org AT:graz.at.eu.undernet.org NL:diemen.nl.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:07:58:00 | Win2K-f | 119.26.173.211 (ZAQ.NE.JP): KANSAI MULTIMEDIA SERVICE COMPANY, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:08:05:00 | WinXP | 121.120.101.16 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:08:14:00 | WinXP | 180.229.72.81 (-): . |
n/a | CN:proxim.ircgalaxy.pl US:microsoft.com CN:60.190.222.139:65520 DE:83.133.119.206:65520 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f NEW c7d6018f97 NEW |
dc70d9623a [0] 5c1d8bbd5b[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=125 embedded dns |
trace trace |
| T:08:27:00 | Win2K-f | 173.31.104.168 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MIDDLETOWN, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 36 of 40 |
2f3c3bf61f NEW 7500930684 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:39:00 | WinXP | 123.99.20.154 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:59:00 | WinXP | 88.31.90.43 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), MADRID, MADRID, ES. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:09:02:00 | Win2K-f | 173.20.235.159 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, NORTH LIBERTY, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 40 |
067917e07b NEW d764c1dcb2 NEW |
dae35b319c [0] 3d2bc60c5d[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:09:06:00 | WinXP | 72.51.228.117 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, MALDEN, MISSOURI, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:09:48:00 | WinXP | 121.123.13.163 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:50:00 | WinXP | 123.99.20.75 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:52:00 | Win2K-f | 61.229.233.93 (PRESTONAUTO.COM): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:10:05:00 | WinXP | 79.163.82.86 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:10:14:00 | WinXP | 109.175.192.235 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
37 of 43 | 5ed0874084 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:26:00 | WinXP | 4.177.221.249 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LA MESA, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 455 lines |
Yeah : 1.3 profile |
none | summary tarball |
43 of 43 | 4616ac7e4c NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:58:00 | WinXP | 208.94.183.147 (KARIBCABLE.COM): KARIB CABLE, KINGSTOWN, SAINT GEORGE, VC. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:11:39:00 | WinXP | 72.184.203.91 (RR.COM): ROAD RUNNER HOLDCO LLC, BRANDON, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 37 of 39 |
1da4193446 NEW 6278c9374a NEW |
8a97c8536a [none] cc7aaf6ea9[none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:41:00 | WinXP | 186.97.72.68 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:12:05:00 | Win2K-f | 174.116.60.242 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:35:00 | WinXP | 67.150.141.31 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, SACRAMENTO, CALIFORNIA, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:14:37:00 | Win2K-f | 4.248.71.114 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BELLEVILLE, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:02:00 | WinXP | 109.175.192.235 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
37 of 43 | 5ed0874084 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:16:00 | WinXP | 59.120.228.224 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 NEW |
none[0] | none:none |
Armadillo| | lines=90 | trace | |
| T:15:36:00 | Win2K-f | 180.70.142.218 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | DE:proxima.ircgalaxy.pl US:microsoft.com CN:60.190.222.139:65520 DE:83.133.119.206:65520 |
135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 31 of 33 |
ab9c4b5f21 NEW d789c8d157 NEW |
5fe48b2dcc [0] 5f6572479f[0] |
ASM:Graph ASM:Graph |
Armadillo| PolyEnE| |
lines=42 lines=113 embedded dns |
trace trace |
| T:16:08:00 | WinXP | 4.224.141.211 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:20:00 | WinXP | 189.53.123.101 (EMBRATEL.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:17:30:00 | WinXP | 175.125.239.53 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 8 of 43 |
14f47ffd1e NEW 74f7b8393b NEW |
90bf4b99ff [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=56 embedded dns none |
trace none |
| T:17:55:00 | WinXP | 96.15.185.142 (-): ALLTEL SIP CUSTOMERS - LITTLE ROCK, RUSSELLVILLE, ARKANSAS, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:18:06:00 | WinXP | 121.121.47.232 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 5a160ffa85 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:17:00 | Win2K-f | 203.91.113.22 (-): G-MOBILE, MN. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:34:00 | WinXP | 63.26.239.220 (UU.NET): UUNET TECHNOLOGIES INC, DES MOINES, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 147 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:37:00 | WinXP | 189.118.127.1 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BELO HORIZONTE, MINAS GERAIS, BR. (DSL) |
n/a | CN:proxim.ircgalaxy.pl DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | e158a924e8 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:43:00 | WinXP | 116.125.162.9 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 41 33 of 33 |
8b41cb7a41 NEW 97fef473b9 NEW |
ef18d720f3 [0] ff4e7d6992[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=90 lines=64 embedded dns |
trace trace |
| T:21:05:00 | WinXP | 65.36.51.3 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS NETWORKS INC, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:59:00 | WinXP | 166.237.203.138 (MFGNW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:23:00:00 | WinXP | 70.61.104.132 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |