|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:29:00 | WinXP | 115.80.227.7 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 00:36:00 | WinXP | 50.9.214.202 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:00:41:00 | Win2K-f | 4.234.6.238 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOCA RATON, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:00:00 | WinXP | 117.20.131.225 (-): STARHUB HSPA, SINGAPORE, SINGAPORE, SG. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:01:25:00 | WinXP | 155.253.15.156 (LAMBRATE.INAF.IT): CONSIGLIO NAZIONALE DELLE RICERCHE, MILANO, LOMBARDIA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 8015c2d45f NEW |
749cbc2739 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:39:00 | WinXP | 109.52.207.53 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:48:00 | WinXP | 119.154.75.207 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, LAHORE, PUNJAB, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | 65db8c1d0d NEW |
none[none] | none:none |
none|none | none | none |
| T:02:02:00 | WinXP | 58.123.167.216 (HANANET.NET): HANARO TELECOM INC, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 41 33 of 33 |
8b41cb7a41 NEW 97fef473b9 NEW |
ef18d720f3 [0] ff4e7d6992[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=90 lines=64 embedded dns |
trace trace |
| T:02:26:00 | WinXP | 180.177.157.177 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | d1b3b1de91 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:17:00 | WinXP | 174.107.181.236 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:18:00 | WinXP | 118.168.243.148 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:25:00 | WinXP | 115.82.225.217 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:03:58:00 | WinXP | 87.205.217.95 (INETIA.PL): INTERNETIA, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | e1b13a07d7 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:01:00 | WinXP | 66.72.68.94 (AMERITECH.NET): AT&T INTERNET SERVICES, NASHVILLE, INDIANA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 32 | d88d8a987a NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:24:00 | WinXP | 98.134.178.40 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - LITTLE ROCK, WEST MONROE, LOUISIANA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
| 04:25:00 | WinXP | 115.82.225.217 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:04:39:00 | WinXP | 121.121.117.201 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:04:42:00 | WinXP | 193.248.97.186 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. (DSL) |
n/a | RU:siliconfireware.ru RU:auction.nic.ru :www.google-analytics.com RU:domain-parking.ru RU:ebookfinaltrash.ru :www.epartner.ru EU:erotds.net :eropod.com :google.com :www.google.com :clients1.google.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 126 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 29 | 3ce8dd4359 NEW |
cb80a979e8 [0] | ASM:Graph |
ASPack| | lines=2 | trace |
| T:04:47:00 | WinXP | 151.83.178.148 (SER-PR2-MAX.IUNET.IT): INFOSTRADA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:04:51:00 | Win2K-f | 59.115.27.92 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:05:13:00 | WinXP | 180.218.124.244 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | 751685117f NEW |
none[none] | none:none |
none|none | none | none |
| T:05:19:00 | WinXP | 188.176.68.186 (DSL.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:05:24:00 | WinXP | 115.80.210.248 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | d1b3b1de91 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:30:00 | Win2K-f | 122.49.244.141 (CCNET-AI.NE.JP): COMMUNITY NETWORK CENTER INC, TOYOKAWA, AICHI, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 33 of 33 |
26ba4fd8e8 NEW 53bfe15e91 NEW |
none[none] 1473091351[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=75 embedded dns |
none trace |
| T:05:34:00 | WinXP | 95.74.180.226 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:58:00 | WinXP | 4.159.167.107 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MINNEAPOLIS, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:00:00 | WinXP | 64.130.182.229 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 0114824891 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:23:00 | WinXP | 109.52.37.140 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 76bdf840c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:47:00 | WinXP | 178.36.67.172 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:11:00 | WinXP | 155.253.15.156 (LAMBRATE.INAF.IT): CONSIGLIO NAZIONALE DELLE RICERCHE, MILANO, LOMBARDIA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 8015c2d45f NEW |
749cbc2739 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:14:00 | WinXP | 206.126.122.94 (KARIBCABLE.COM): KARIB CABLE, KINGSTOWN, SAINT GEORGE, VC. (DSL) |
n/a | RU:siliconfireware.ru RU:auction.nic.ru :www.google-analytics.com RU:domain-parking.ru GB:welcome3.smile.co.uk :wpad RU:193.232.159.145:80 GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 38 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | b415d4fbfc NEW |
none[none] | none:none |
none|none | none | none |
| T:07:19:00 | WinXP | 114.198.161.66 (-): GLOBALVIEW CATV CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:07:42:00 | Win2K-f | 64.183.247.4 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 42 | 8971a9b750 NEW |
none[none] | none:none |
none|none | none | none | |
| T:08:03:00 | WinXP | 189.53.120.11 (EMBRATEL.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:08:08:00 | WinXP | 66.81.175.91 (O1.COM): O1 DIALUP SERVICES, SACRAMENTO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:08:40:00 | WinXP | 89.41.93.66 (HOST-STATIC-89-41-127-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 6e6fde936f NEW |
none[none] | none:none |
none|none | none | none |
| T:08:43:00 | WinXP | 81.198.16.68 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:22:00 | WinXP | 115.80.209.104 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 420b1a76c4 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:25:00 | WinXP | 71.23.249.123 (CLEARWIRE-DNS.NET): CLEARWIRE US LLC, KIRKLAND, WASHINGTON, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:54:00 | WinXP | 92.40.28.196 (THREE.CO.UK): MOBILE BROADBAND SERVICE, MANCHESTER, ENGLAND, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:07:00 | WinXP | 186.210.2.111 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:13:00 | WinXP | 79.149.21.198 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2008113582), MADRID, MADRID, ES. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:20:00 | WinXP | 151.83.188.210 (SER-PR2-MAX.IUNET.IT): INFOSTRADA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 6455904435 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:41:00 | WinXP | 79.162.175.54 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:42:00 | WinXP | 151.83.29.117 (SER-PR2-MAX.IUNET.IT): INFOSTRADA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:45:00 | WinXP | 95.88.4.87 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BERLIN, BERLIN, DE. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:48:00 | WinXP | 120.138.173.112 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
210.127.253.90:3305 | EU:cx10man.weedns.com JP:fx010413.whyI.org IT:gynoman.weedns.com JP:g.0x20.biz :c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be 114.207.244.143:3305 FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 783 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
| 11:05:00 | WinXP | 89.41.93.66 (HOST-STATIC-89-41-127-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 6e6fde936f NEW |
none[none] | none:none |
none|none | none | none |
| T:11:14:00 | WinXP | 186.180.15.149 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:11:26:00 | Win2K-f | 116.123.99.137, 173.192.153.178 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
60.190.222.139:65520 | CN:proxima.ircgalaxy.pl US:microsoft.com :image.perfectexe.com GB:www.derquda.com :streqa.com CN:exe3.perfectexe.com EU:bestkind.ru CN:lb.perfectexe.com EU:anotherdomainname.in :sb.perfectexe.com CN:122.224.6.48:255 US:66.240.171.36:443 |
135 | pcap | raw alerts ruleset |
irc http 163 lines |
Yeah : 1.8 profile |
none | summary tarball |
13 of 42 29 of 43 15 of 43 26 of 43 26 of 41 14 of 43 39 of 41 41 of 43 31 of 33 15 of 43 |
16581ff3a1 NEW 278df56902 NEW 3e90ae8532 NEW 5ee6911378 NEW 654f6f25df NEW 827e44840a NEW ab9c4b5f21 NEW b4afa1df1d NEW d789c8d157 NEW d802244b8f NEW |
none[none] none [none] none [none] none [none] none [none] none [none] 5fe48b2dcc[0] none [none] 5f6572479f[0] none [none] |
none:none none:none none:none none:none none:none none:none ASM:Graph none:none ASM:Graph none:none |
none|none none|none none|none none|none none|none none|none Armadillo| none|none PolyEnE| none|none |
none none none none none none lines=42 none lines=113 embedded dns none |
none none none none none none trace none trace none |
| T:11:31:00 | Win2K-f | 66.195.238.26 (TWTELECOM.NET): TW TELECOM HOLDINGS INC, DAYTON, OHIO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 42 | fa9dfa8179 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:33:00 | Win2K-f | 109.86.78.126 (JWS.COM): EU-ZZ, UK. (DSL) |
194.8.251.67:65520 | CN:lb.perfectexe.com CN:exe3.perfectexe.com EU:bestkind.ru CN:proxima.ircgalaxy.pl :image.perfectexe.com GB:www.derquda.com EU:anotherdomainname.in CN:122.224.6.48:255 CN:122.224.6.48:88 GB:194.8.251.114:80 US:63.223.117.12:443 EU:91.217.162.104:80 |
445 | pcap | raw alerts ruleset |
http irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 43 26 of 43 26 of 41 |
23e02d8dc8 NEW 5ee6911378 NEW 654f6f25df NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:11:50:00 | WinXP | 189.119.155.217 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BELO HORIZONTE, MINAS GERAIS, BR. (DSL) |
83.133.119.206:65520 | DE:proxim.ircgalaxy.pl DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 43 | e158a924e8 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:25:00 | WinXP | 63.246.125.200 (ALTUSCGI.NET): PRIVATE CABLE ISP SUBSCRIBER (GEORGETOWN SC MARKET), GEORGETOWN, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:03:00 | WinXP | 24.234.237.249 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:12:00 | WinXP | 151.83.247.147 (SER-PR2-MAX.IUNET.IT): INFOSTRADA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:49:00 | WinXP | 93.156.164.139 (CM-93-156-163-10.TELECABLE.ES): TELECABLE, BARCELONA, CATALONIA, ES. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:13:51:00 | WinXP | 89.194.197.179 (-): ORANGE HIGH SPEED INTERNET, LONDON, ENGLAND, UK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 0114824891 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:17:00 | WinXP | 89.204.232.0 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:14:42:00 | WinXP | 218.210.73.28 (SPARQNET.NET): TAIWANFAREASTERNGEANTCO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
210.127.253.90:3305 | FR:cx10man.weedns.com KR:fx010413.whyI.org EU:gynoman.weedns.com KR:g.0x20.biz :c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be 114.207.244.143:3305 FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 810 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 41 | ac9e84c925 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:58:00 | WinXP | 121.73.97.187 (TELSTRACLEAR.NET): TELSTRACLEAR WELLINGTON CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | 02b2b6af5f NEW |
none[none] | none:none |
none|none | none | none |
| T:15:01:00 | Win2K-f | 75.57.51.129 (-): DENNIS LEGERE DBA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:28:00 | WinXP | 68.145.58.127 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
270559591a NEW b3ae886db6 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 15:40:00 | Win2K-f | 200.42.208.188 (TRICOM.NET): TRICOM, SANTO DOMINGO, DISTRITO NACIONAL, DO. (DSL) |
n/a | US:www.maxmind.com EU:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:15:46:00 | Win2K-f | 70.63.94.43 (RR.COM): ROAD RUNNER HOLDCO LLC, JACKSONVILLE, NORTH CAROLINA, US. (DSL) |
210.127.253.90:3305 | JP:cx10man.weedns.com IT:fx010413.whyI.org FR:gynoman.weedns.com :c010x1.co.cc :commgr.co.cc FR:g.0x20.biz KR:telephone.dd.blueline.be 114.207.244.143:3305 FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 650 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 40 | 70ec5c4b3f NEW |
f697adabdd [0] | none:none |
StarForce| | none | trace |
| T:15:49:00 | Win2K-f | 200.42.208.188 (TRICOM.NET): TRICOM, SANTO DOMINGO, DISTRITO NACIONAL, DO. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:15:53:00 | WinXP | 186.180.38.70 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 866ac9b262 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:59:00 | WinXP | 151.83.161.172 (SER-PR2-MAX.IUNET.IT): INFOSTRADA, IT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | bf6d8c0115 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:57:00 | WinXP | 65.25.24.60 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:09:00 | Win2K-f | 208.54.185.218 (CENTENNIALPR.NET): CENTENNIAL DE PUERTO RICO, SAN JUAN, PUERTO RICO, PR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
68b5e580f0 NEW b475ce7c0b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:12:00 | Win2K-f | 98.155.194.227 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:34:00 | WinXP | 24.155.63.218 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS CORPUS CHRISTI HUB, CORPUS CHRISTI, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:38:00 | WinXP | 115.81.9.216 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:42:00 | WinXP | 74.160.38.44 (BELLSOUTH.NET): BELLSOUTH.NET INC, LAWRENCEVILLE, GEORGIA, US. (DSL) |
n/a | :moscow-advokat.ru :lia.zanet.net SE:qis.md.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:20:00 | WinXP | 74.160.38.44 (BELLSOUTH.NET): BELLSOUTH.NET INC, LAWRENCEVILLE, GEORGIA, US. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:24:00 | Win2K-f | 208.82.42.43 (ENERGIZE.NET): PULASKI ELECTRIC SYSTEM, PULASKI, TENNESSEE, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:19:38:00 | WinXP | 186.40.226.23 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 6455904435 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:25:00 | WinXP | 67.66.49.72 (SWBELL.NET): AT&T INTERNET SERVICES, HOUSTON, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| T:20:52:00 | Win2K-f | 211.40.96.220 (BORA.NET): BORANET-NET, SUWON, KYONGGI-DO, KR. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:20:57:00 | WinXP | 180.64.32.98 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:59:00 | WinXP | 121.120.88.113 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | ff95ab4410 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:13:00 | Win2K-f | 71.98.205.233 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CLEARWATER, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 459d2bddeb NEW |
10fac04dd2 [0] | ASM:Graph |
none|none | lines=546 | trace | |
| T:22:27:00 | WinXP | 190.58.2.150 (TSTT.NET.TT): TELECOMMUNICATION SERVICES OF TRINIDAD AND TOBAGO, ARIMA, ARIMA, TT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:22:48:00 | WinXP | 188.17.92.186 (PERMONLINE.RU): OJSC URALSVYAZINFORM, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:23:22:00 | Win2K-f | 76.204.141.30 (SBCGLOBAL.NET): CAPTAIN MIKE S SHRIMP, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:23:32:00 | Win2K-f | 65.36.51.3 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS NETWORKS INC, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:39:00 | WinXP | 98.155.194.227 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |