|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:43:00 | WinXP | 95.57.25.85 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM KARAGANDA AFFILIATE, KARAGANDA, WEST KAZAKHSTAN, KZ. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 2cceeae738 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:59:00 | Win2K-f | 222.5.14.89 (DION.NE.JP): DION (KDDI CORPORATION), TOKYO, TOKYO, JP. (DSL) |
62.193.249.122:3305 | IT:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 709 lines |
Yeah : 1.8 profile |
none | summary tarball |
43 of 43 | 27b8ca6a46 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:04:00 | WinXP | 117.254.147.204 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 43 | 9af6ce3cc8 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:04:00 | WinXP | 119.154.54.75 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, LAHORE, PUNJAB, PK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:09:00 | WinXP | 122.146.80.4 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 01:11:00 | WinXP | 117.20.167.95 (-): STARHUB HSPA, SINGAPORE, SINGAPORE, SG. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 43 | 4410d5ed68 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:37:00 | WinXP | 109.175.192.51 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 43 | 5ed0874084 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:40:00 | WinXP | 161.53.193.139 (-): CARNET-MOBILECARNET, HR. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 01:41:00 | Win2K-f | 194.85.172.33 (KARELIA.RU): FEDERAL NODE RUNNET IN PETROZAVODSK STATE UNIVERSITY, PETROZAVODSK, KARELIA, RU. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org US:checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:01:49:00 | Win2K-f | 194.85.172.33 (KARELIA.RU): FEDERAL NODE RUNNET IN PETROZAVODSK STATE UNIVERSITY, PETROZAVODSK, KARELIA, RU. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org EU:getmyip.co.uk :www.vouchercodes.com EU:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:02:05:00 | WinXP | 27.248.153.156 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:03:00:00 | WinXP | 178.92.248.225 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:06:00 | Win2K-f | 173.169.146.48 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 523 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 43 42 of 43 |
2daddf3f53 NEW 4e53336b38 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:03:40:00 | WinXP | 121.120.4.232 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 6e6fde936f NEW |
none[none] | none:none |
none|none | none | none |
| T:03:40:00 | Win2K-f | 125.4.70.145 (ZAQ.NE.JP): J:COM WEST CO. LTD, TAKATSUKI, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:04:56:00 | WinXP | 178.92.125.170 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 43 | 9840fb7808 NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:07:00 | WinXP | 66.72.68.99 (AMERITECH.NET): AT&T INTERNET SERVICES, NASHVILLE, INDIANA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:05:18:00 | WinXP | 121.121.17.46 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 8fc7967af9 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:22:00 | WinXP | 70.70.129.188 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 41 | 43b8f21924 NEW |
none[3] | none:none |
none|none | none | trace | |
| T:05:23:00 | WinXP | 203.196.74.159 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 369 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 41 | b8076e37ae NEW |
52953fed05 [0] | none:none |
StarForce| | none | trace | |
| T:05:46:00 | WinXP | 110.227.133.164 (59.AIRTELBROADBAND.IN): BHARTI AIRTEL LTD, GURGAON, HARYANA, IN. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:48:00 | WinXP | 118.20.9.80 (PLALA.OR.JP): NTT PLALA INC, SHIOJIRI, NAGANO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:06:40:00 | Win2K-f | 24.77.27.102 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 42 39 of 42 |
a1fac31325 NEW c018e17b5b NEW |
0fd057b5e2 [0] 8caee80d88[0] |
none:none none:none |
Armadillo| StarForce| |
none none |
trace trace |
| T:07:05:00 | WinXP | 203.81.211.95 (WORLDCALL.NET.PK): WORLDCALL MULTIMEDIA LTD, KARACHI, SINDH, PK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | aad01847fa NEW |
none[none] | none:none |
none|none | none | none |
| T:07:14:00 | WinXP | 187.27.4.149 (CLARO.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, CAMPINAS, SAO PAULO, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 41 | 37beabdfa7 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:24:00 | WinXP | 121.121.177.224 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:07:38:00 | WinXP | 117.254.124.99 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:31:00 | WinXP | 93.177.149.10 (CAUCASUS.NET): CAUCASUS ONLINE BROADBAND NETWORK, GE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 88f3393e20 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:37:00 | WinXP | 121.120.190.49 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:05:00 | WinXP | 82.53.34.161 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, CATANIA, SICILIA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:09:16:00 | WinXP | 117.254.228.233 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | 513b4a0dd4 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:25:00 | Win2K-f | 172.162.21.11 (AOL.COM): AMERICA ONLINE, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:30:00 | WinXP | 118.232.157.190 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | a5afad5d2f NEW |
none[none] | none:none |
none|none | none | none |
| T:09:40:00 | WinXP | 83.68.66.128 (TNP.PL): TELENETCENTRUM-NET, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 622ed518b6 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:42:00 | WinXP | 111.88.41.179 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, PK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 40 | 7a07facf44 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:34:00 | WinXP | 122.196.41.32 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
| T:10:42:00 | Win2K-f | 211.23.226.98 (-): LIOU-TZUNG-YI-TC, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 37 of 40 |
5d445c59d8 NEW 8a54950abb NEW |
892e12db7b [0] f6b9e43917[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:11:04:00 | WinXP | 109.162.122.195 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 42 | 51d87960af NEW |
none[none] | none:none |
none|none | none | none |
| T:11:27:00 | WinXP | 81.198.236.11 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 6642d0be08 NEW |
none[none] | none:none |
none|none | none | none |
| 11:46:00 | WinXP | 121.120.146.128 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 95d1a78f0d NEW |
none[none] | none:none |
none|none | none | none |
| T:11:50:00 | WinXP | 79.163.30.15 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:56:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:05:00 | WinXP | 87.69.146.159 (012.NET.IL): GOLDENLINES-CABLE, RISHON LE ZION, HAMERKAZ, IL. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | de4624560d NEW |
none[none] | none:none |
none|none | none | none |
| T:13:08:00 | WinXP | 4.163.199.59 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, COLORADO SPRINGS, COLORADO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 42 40 of 42 |
7549900329 NEW b71514f095 NEW |
4b13f1921b [0] f6aa3689d1[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| 13:19:00 | WinXP | 178.92.175.172 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:13:30:00 | Win2K-f | 122.149.41.3 (DODO.COM.AU): LAYER 2 BROADBAND CUSTOMER NETWORK, AU. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 183 lines |
Yeah : 1.3 profile |
none | summary tarball |
7 of 43 | 3a521d2be7 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:46:00 | WinXP | 24.211.83.23 (RR.COM): ROAD RUNNER HOLDCO LLC, HARTSVILLE, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:15:19:00 | WinXP | 65.36.21.193 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS ODESSA HUB, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:21:00 | WinXP | 98.134.24.196 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - ATLANTA, JOHNSON CITY, TENNESSEE, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | fb85113a6e NEW |
none[none] | none:none |
none|none | none | none |
| T:15:22:00 | Win2K-f | 24.80.161.199 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | DE:irc.zief.pl GB:ad.ghura.pl GB:www.derquda.com :streqa.com EU:bestkind.ru EU:anotherdomainname.in 173.224.212.93:443 184.82.18.196:443 US:66.240.171.29:443 US:66.240.171.36:443 CA:74.117.63.232:443 |
135 | pcap | raw alerts ruleset |
http 358 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 43 18 of 43 14 of 43 17 of 42 34 of 40 25 of 43 13 of 43 |
2deb2753bb NEW 34ae91af51 NEW 827e44840a NEW 99e40412c8 NEW a72398081f NEW b6a0b73e41 NEW eb30e132f5 NEW |
none[none] none [none] none [none] none [none] 3f0ad45d1c[0] none [none] none [none] |
none:none none:none none:none none:none ASM:Graph none:none none:none |
none|none none|none none|none none|none tElock| none|none none|none |
none none none none lines=10 none none |
none none none none trace none none |
| T:15:35:00 | Win2K-f | 61.205.8.156 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. (DSL) |
n/a | EU:bestkind.ru DE:irc.zief.pl GB:www.derquda.com :streqa.com :sb.perfectexe.com 173.192.153.178:80 173.224.212.93:443 184.82.18.196:443 US:209.222.0.219:443 US:63.223.117.12:443 US:66.240.171.36:443 CA:74.117.63.232:443 |
445 | pcap | raw alerts ruleset |
http 19 lines |
Argh : 0.3 profile |
none | summary tarball |
5 of 43 14 of 43 25 of 43 |
2deb2753bb NEW 827e44840a NEW b6a0b73e41 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:15:38:00 | WinXP | 88.210.100.175 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:15:54:00 | Win2K-f | 64.188.192.27 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
62.193.249.122:3305 | EU:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 612 lines |
Yeah : 1.8 profile |
none | summary tarball |
41 of 42 | f5286bdcaf NEW |
none[none] | none:none |
none|none | none | none |
| T:16:18:00 | Win2K-f | 75.56.19.180 (SBCGLOBAL.NET): TAPATIO BROTHERS, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:16:33:00 | Win2K-f | 4.234.6.222 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOCA RATON, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:23:00 | WinXP | 115.164.48.170 (-): DIGI TELECOMMUNICATIONS SDN BHD, SHAH ALAM, SELANGOR, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:17:39:00 | WinXP | 190.209.15.21 (-): TELMEX CHILE S.A HFC, CL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:17:41:00 | WinXP | 111.125.93.158 (-): INTERNET SERVICE PROVIDER, PH. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:18:14:00 | WinXP | 207.144.17.20 (CSTEL.NET): COM-SOUTH, MYRTLE BEACH, SOUTH CAROLINA, US. (DSL) |
83.133.119.206:65520 | CN:proxim.ircgalaxy.pl GB:www.derquda.com :streqa.com EU:bestkind.ru EU:anotherdomainname.in 178.63.107.194:9782 178.63.96.68:6467 184.82.18.196:443 US:209.222.0.219:443 US:63.223.117.12:443 EU:91.204.48.97:80 |
445 | pcap | raw alerts ruleset |
http irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 43 0 of 41 42 of 43 14 of 43 25 of 43 |
2deb2753bb NEW 2f9cc78e7b NEW 38d8f594cd NEW 827e44840a NEW b6a0b73e41 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:18:19:00 | Win2K-f | 24.109.237.246 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, THUNDER BAY, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f NEW e53a9ea82e NEW |
1d6b20137d [0] none [0] |
ASM:Graph none:none |
PolyEnE| Armadillo| |
lines=64 embedded dns lines=90 |
trace trace |
| 18:21:00 | WinXP | 89.195.197.247 (-): ORANGE HIGH SPEED INTERNET, LONDON, ENGLAND, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | 68e76ac69b NEW |
none[none] | none:none |
none|none | none | none |
| T:18:33:00 | WinXP | 70.184.154.87 (COX.NET): COX COMMUNICATIONS, YUKON, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 38 of 41 |
53bfe15e91 NEW 97437a0627 NEW |
1473091351 [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=75 embedded dns none |
trace none |
| T:18:47:00 | Win2K-f | 173.28.128.212 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, DAVENPORT, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 39 of 41 |
10759405e0 NEW d08e00dfaf NEW |
292d343248 [0] 854c49d8c4[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:19:10:00 | Win2K-f | 174.6.21.151 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 19:21:00 | WinXP | 111.83.97.34 (HINET.NET): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:19:58:00 | Win2K-f | 64.175.160.91 (PACBELL.NET): AT&T INTERNET SERVICES, CARLSBAD, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:20:34:00 | Win2K-f | 98.26.241.206 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENSBORO, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
53aa804019 NEW 95ddd4a823 NEW |
29c6cdbf45 [0] 9e78315a6d[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:20:51:00 | WinXP | 121.123.50.241 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 43 | d416684873 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:52:00 | WinXP | 92.46.212.110 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM ATYRAU AFFILIATE, ALMATY, ALMATY CITY, KZ. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 8e8fff0d13 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:49:00 | WinXP | 117.254.214.63 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 42 | e18a983c20 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:24:00 | WinXP | 24.49.84.204 (-): WINDJAMMER COMMUNICATIONS LLC, TONAWANDA, NEW YORK, US. (DSL) |
n/a | RU:siliconfireware.ru RU:auction.nic.ru :www.google-analytics.com RU:domain-parking.ru :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 38 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | db03c02347 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:29:00 | WinXP | 219.85.122.169 (SO-NET.NET.TW): SONY NETWORK TAIWAN LIMITED, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:41:00 | WinXP | 24.76.37.247 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 42 39 of 42 |
a1fac31325 NEW c018e17b5b NEW |
0fd057b5e2 [0] 8caee80d88[0] |
none:none none:none |
Armadillo| StarForce| |
none none |
trace trace |
| T:23:04:00 | WinXP | 70.69.1.134 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:gg.arrancar.org US:69.43.160.145:555 |
135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | 45885d17fa NEW |
none[none] | none:none |
none|none | none | none |
| T:23:06:00 | WinXP | 12.74.157.49 (ATT.NET): AT&T WORLDNET SERVICES, LITTLE ROCK, ARKANSAS, US. (DIAL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:23:08:00 | WinXP | 188.28.152.130 (THREE.CO.UK): HUTCHISON 3G UK LIMITED, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:38:00 | Win2K-f | 118.87.218.70 (HTOJ.J-CNET.JP): JCN-HTMNET, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 NEW e4ed4df0f0 NEW |
5fe761661a [0] de471fc380[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |