|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:14:00 | Win2K-f | 173.28.212.141 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:00:31:00 | WinXP | 203.114.106.149 (-): BAMNETNARONGWITAYAKOMSCHOOL, BANGKOK, KRUNG THEP, TH. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 167 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:00:41:00 | WinXP | 121.120.213.90 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | 74bda90399 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:41:00 | Win2K-f | 72.48.216.109 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS WACO HUB, HEWITT, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:58:00 | Win2K-f | 61.222.0.158 (HINET.NET): JIN JER CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:00:58:00 | WinXP | 61.228.152.50 (PRESTONAUTO.COM): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:00:00 | WinXP | 65.36.21.193 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS ODESSA HUB, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:06:00 | WinXP | 193.93.110.216 (GRAT.NET.UA): GRAT NETWORK INTERNET SERVICE PROVIDER, KIEV, KYYIV, UA. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 1d0ce31c6d NEW |
none[none] | none:none |
none|none | none | none |
| 01:13:00 | WinXP | 61.228.152.50 (PRESTONAUTO.COM): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:43:00 | Win2K-f | 222.11.136.112 (DION.NE.JP): DION (KDDI CORPORATION), JP. (DSL) |
62.193.249.122:3305 | KR:cx10man.weedns.com FR:fx010413.whyI.org FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 608 lines |
Yeah : 1.8 profile |
none | summary tarball |
43 of 43 | 27b8ca6a46 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:37:00 | Win2K-f | 70.69.1.134 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 43 42 of 43 |
26e222d45c NEW 31bbc6b8cc NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:02:45:00 | WinXP | 121.121.100.238 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 1f6bcbaaef NEW |
none[none] | none:none |
none|none | none | none |
| T:03:47:00 | Win2K-f | 96.8.180.249 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 40 of 42 |
377ae8c2fd NEW 7cfdf42414 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:48:00 | WinXP | 93.102.90.107 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, COIMBRA, COIMBRA, PT. (DSL) |
n/a | US:www.altavista.com :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda NEW |
none[3] | none:none |
tElock| | none | trace |
| T:03:59:00 | Win2K-f | 199.85.238.237 (-): COLUMBUS COMMUNICATIONS GRENADA LTD, ST. GEORGE'S, SAINT GEORGE, GD. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 158 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 51a03793ab NEW |
429f7618d3 [0] | ASM:Graph |
none|none | lines=546 | trace | |
| T:04:10:00 | WinXP | 93.102.98.184 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, COIMBRA, COIMBRA, PT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:04:16:00 | WinXP | 93.102.154.122 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. (DSL) |
n/a | US:www.altavista.com :jbeegvia.ru US:www.viruslist.com US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru :kargai.ru :kfwfceki.ru :crime-research.ru :nhuwxyuw.ru :udluzuq.ru RU:alfabank.ru :fiazpvnne.ru RU:prodexteam.net :ppxuub.ru :lvwgdhwlj.ru :raxeqajrf.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 17028f1eda NEW |
none[3] | none:none |
tElock| | none | trace |
| T:04:25:00 | WinXP | 111.88.33.36 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, PK. (DSL) |
213.155.0.224:80 | GB:ilo.brenz.pl DE:citi-bank.ru DE:83.133.119.206:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 43 | bea3d4c486 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:40:00 | Win2K-f | 220.216.50.51 (THN.NE.JP): TOKAI CORPORATION, SHIZUOKA, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
6a6aaa5b73 NEW 8bde6dd126 NEW |
63889c9976 [0] 885c68f500[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:04:43:00 | WinXP | 186.180.12.86 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 866ac9b262 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:05:00 | WinXP | 121.121.48.171 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:31:00 | Win2K-f | 70.60.189.203 (RR.COM): ROAD RUNNER HOLDCO LLC, MEMPHIS, TENNESSEE, US. (DSL) |
210.127.253.90:3305 | IT:cx10man.weedns.com FR:fx010413.whyI.org EU:gynoman.weedns.com KR:g.0x20.biz :c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be 114.207.244.143:3305 FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 695 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 41 | deffdf68e8 NEW |
2b011e15ba [0] | ASM:Graph |
StarForce| | lines=3122 embedded dns |
trace |
| T:05:39:00 | WinXP | 79.162.165.227 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | b680a4af65 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:06:00 | WinXP | 89.218.169.248 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM ATYRAU AFFILIATE, ALMATY, ALMATY CITY, KZ. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 8e8fff0d13 NEW |
none[none] | none:none |
none|none | none | none |
| 06:06:00 | WinXP | 178.92.146.245 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:06:12:00 | WinXP | 115.83.44.81 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 420b1a76c4 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:19:00 | WinXP | 85.180.79.85 (ALICEDSL.DE): HANSENET-ADSL, KARLSRUHE, BADEN-WÜRTTEMBERG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 3693a3a4a4 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:20:00 | WinXP | 79.163.85.79 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 5c6df5141d NEW |
none[none] | none:none |
none|none | none | none |
| T:06:31:00 | WinXP | 121.121.22.112 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | e8180dbc02 NEW |
none[none] | none:none |
none|none | none | none |
| 06:33:00 | WinXP | 59.103.209.147 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:06:44:00 | Win2K-f | 95.57.3.135 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM KARAGANDA AFFILIATE, KARAGANDA, WEST KAZAKHSTAN, KZ. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | 78ea9c9c57 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:45:00 | WinXP | 114.26.130.154 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
74.117.174.82:16667 | CA:bbs.moiservice.com US:attacke.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc http 1084 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 43 41 of 42 11 of 43 |
2bf9f2e9f0 NEW 34c3301609 NEW 7b8b829af2 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:06:45:00 | WinXP | 84.224.91.194 (PGSM.HU): PANNON GSM TELECOMMUNICATIONS INC, BUDAPEST, BUDAPEST, HU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | b80f1c24c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:45:00 | WinXP | 145.236.32.175 (TELEKOM.HU): HUNGARIAN TELECOMMUNICATIONS COMPANY LIMITED, BUDAPEST, BUDAPEST, HU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:06:00 | WinXP | 89.123.179.238 (ROMTELECOM.NET): ROMTELECOM DATA NETWORK, BUCHAREST, BUCURESTI, RO. (DSL) |
n/a | DE:citi-bank.ru **:absurdistan.unas.cz US:communityrespondalarm.com TR:acibademinsaat.com |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
37 of 42 | 6351b1f921 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:17:00 | WinXP | 123.195.182.243 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | eaa3585053 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:20:00 | Win2K-f | 117.104.11.23 (THN.NE.JP): TOKAI CORPORATION, SHIZUOKA, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
6a6aaa5b73 NEW 8bde6dd126 NEW |
63889c9976 [0] 885c68f500[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:07:47:00 | WinXP | 63.246.127.30 (ALTUSCGI.NET): PRIVATE CABLE ISP SUBSCRIBER (GEORGETOWN SC MARKET), GEORGETOWN, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 41 of 43 |
02c8f02035 NEW 0e395f5cf9 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:52:00 | WinXP | 80.244.137.123 (TNP.PL): DIV.PL HOSTING SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 5818023061 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:07:52:00 | WinXP | 111.88.43.165 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:08:29:00 | WinXP | 188.47.198.101 (-): IDEA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | eb25acadb0 NEW |
none[none] | none:none |
none|none | none | none |
| 08:39:00 | WinXP | 89.204.244.250 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:09:16:00 | Win2K-f | 199.85.238.214 (-): COLUMBUS COMMUNICATIONS GRENADA LTD, ST. GEORGE'S, SAINT GEORGE, GD. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 09:42:00 | WinXP | 89.123.179.238 (ROMTELECOM.NET): ROMTELECOM DATA NETWORK, BUCHAREST, BUCURESTI, RO. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 42 | 6351b1f921 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:47:00 | WinXP | 81.198.179.235 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 9d38d43309 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:04:00 | WinXP | 4.224.141.82 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:11:31:00 | Win2K-f | 64.178.151.174 (-): BONNYVILLE CPE, COLD LAKE, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:11:34:00 | WinXP | 124.241.150.81 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:11:43:00 | WinXP | 95.74.210.160 (-): TELECOM ITALIA MOBILE, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| 12:00:00 | WinXP | 95.74.210.160 (-): TELECOM ITALIA MOBILE, IT. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| T:12:11:00 | WinXP | 92.40.76.239 (THREE.CO.UK): MOBILE BROADBAND SERVICE, MANCHESTER, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | a50984219e NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:15:00 | WinXP | 95.74.238.4 (-): TELECOM ITALIA MOBILE, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:12:21:00 | WinXP | 50.9.203.238 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 13:08:00 | WinXP | 50.9.203.238 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:13:20:00 | WinXP | 212.152.114.168 (-): TIM HELLAS TELECOMMUNICATIONS S.A, ATHENS, ATTIKI, GR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| T:13:28:00 | WinXP | 151.81.168.79 (51-151.NET24.IT): IUNET-BNET, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:35:00 | WinXP | 115.186.124.7 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, KARACHI, SINDH, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | a3c82ff952 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:14:00 | Win2K-f | 173.168.162.214 (RR.COM): ROAD RUNNER HOLDCO LLC, CLEARWATER, FLORIDA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:26:00 | WinXP | 190.132.112.111 (ANTELDATA.NET.UY): ANCEL, UY. (DIAL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:14:57:00 | Win2K-f | 24.211.83.23 (RR.COM): ROAD RUNNER HOLDCO LLC, HARTSVILLE, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:15:03:00 | Win2K-f | 67.203.215.150 (CENTENNIALPR.NET): CENTENNIAL DE PUERTO RICO, SAN JUAN, PUERTO RICO, PR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
68b5e580f0 NEW b475ce7c0b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:16:34:00 | Win2K-f | 76.204.141.30 (SBCGLOBAL.NET): CAPTAIN MIKE S SHRIMP, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:17:41:00 | WinXP | 64.138.255.68 (SCCOAST.NET): HTC COMMUNICATIONS LLC, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | DE:irc.zief.pl DE:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | b849ca50e1 NEW |
none[none] | none:none |
none|none | none | none |
| 17:44:00 | WinXP | 64.138.255.68 (SCCOAST.NET): HTC COMMUNICATIONS LLC, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | DE:irc.zief.pl DE:citi-bank.ru DE:213.155.0.224:80 DE:83.133.119.206:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | b849ca50e1 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:02:00 | WinXP | 69.85.101.78 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:19:21:00 | WinXP | 92.41.140.161 (THREE.CO.UK): MOBILE BROADBAND SERVICE, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 95d1a78f0d NEW |
none[none] | none:none |
none|none | none | none |
| 19:37:00 | Win2K-f | 149.75.199.183 (TRILOGYBEHC.ORG): TRILOGY INC, AUSTIN, TEXAS, US. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org US:checkip.dyndns.org US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:19:51:00 | WinXP | 186.141.99.192 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 19:59:00 | WinXP | 121.123.15.43 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 0393e25f86 NEW |
51aaf10e18 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:25:00 | WinXP | 182.233.178.144 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:20:29:00 | WinXP | 121.120.239.103 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:20:36:00 | Win2K-f | 58.122.244.57, 173.192.153.178 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
194.8.251.67:65520 | GB:proxim.ircgalaxy.pl :image.perfectexe.com GB:www.derquda.com CN:exe3.perfectexe.com :streqa.com EU:bestkind.ru EU:anotherdomainname.in CN:lb.perfectexe.com :sb.perfectexe.com CN:122.224.6.48:255 184.82.18.196:443 US:63.223.117.12:443 EU:91.204.48.97:80 |
139 | pcap | raw alerts ruleset |
irc http 140 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 42 29 of 43 25 of 41 15 of 43 41 of 43 26 of 43 26 of 41 23 of 42 14 of 43 41 of 43 30 of 42 |
16581ff3a1 NEW 278df56902 NEW 36bb7118f0 NEW 3e90ae8532 NEW 575b5938e1 NEW 5ee6911378 NEW 654f6f25df NEW 7ab76b4b8e NEW 827e44840a NEW b4afa1df1d NEW c05a0a77d7 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none none none none none |
none none none none none none none none none none none |
| 20:37:00 | WinXP | 186.97.174.128 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | e52504d836 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:45:00 | Win2K-f | 121.123.67.208, 173.192.153.178 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
83.133.119.206:65520 | CN:lb.perfectexe.com EU:bestkind.ru CN:exe3.perfectexe.com EU:anotherdomainname.in GB:proxim.ircgalaxy.pl :sb.perfectexe.com CN:2b.yigeyuming.com :image.perfectexe.com GB:www.derquda.com :streqa.com CN:122.224.6.48:255 EU:91.204.48.97:80 |
445 | pcap | raw alerts ruleset |
http irc 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 42 29 of 43 15 of 43 38 of 43 26 of 41 23 of 42 14 of 43 15 of 42 41 of 43 |
16581ff3a1 NEW 278df56902 NEW 3e90ae8532 NEW 3ef3c2ad56 NEW 654f6f25df NEW 7ab76b4b8e NEW 827e44840a NEW 9a62bf410a NEW b4afa1df1d NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none none none |
none none none none none none none none none |
| 20:49:00 | WinXP | 58.122.244.57 (HANANET.NET): HANARO TELECOM INC, KR. (DSL) |
60.190.222.139:65520 | GB:proxim.ircgalaxy.pl :image.perfectexe.com GB:www.derquda.com :streqa.com 178.63.78.23:34526 DE:83.133.119.206:65520 96.9.146.149:25612 |
139 | pcap | raw alerts ruleset |
irc http 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 43 15 of 43 26 of 41 23 of 42 14 of 43 |
278df56902 NEW 3e90ae8532 NEW 654f6f25df NEW 7ab76b4b8e NEW 827e44840a NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:21:29:00 | WinXP | 121.120.203.171 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 1151018547 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:30:00 | Win2K-f | 61.218.205.52 (HINET.NET): TAIWAN PROVINCE TAP-WATER CO. LTD, KAOHSIUNG, T'AI-WAN, TW. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:38:00 | WinXP | 122.30.214.38 (OCN.NE.JP): OPEN COMPUTER NETWORK, YOKOSUKA, KANAGAWA, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| T:21:51:00 | WinXP | 122.146.81.195 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 21:57:00 | WinXP | 95.58.228.129 (DIAL.ONLINE.KZ): JSC KAZAKHTELECOM ZHAMBYL AFFILIATE, KZ. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
37 of 43 | b6060dd570 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:03:00 | WinXP | 4.224.141.183 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:22:10:00 | Win2K-f | 113.253.214.8 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
70.107.249.167:7000 | US:dns.aswend.com | 135 | pcap | raw alerts ruleset |
irc 429 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | 88730549bb NEW |
none[none] | none:none |
none|none | none | none |
| T:23:52:00 | WinXP | 121.120.20.103 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 6e6fde936f NEW |
none[none] | none:none |
none|none | none | none |