|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:01:10:00 | WinXP | 211.124.238.114 (ZAQ.NE.JP): K CABLE TELEVISION CORPORATION INC, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:02:07:00 | Win2K-f | 202.60.72.249 (INTERVOLVE.NET.AU): DEDICATED SERVERS, BRISBANE, QUEENSLAND, AU. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 39 40 of 41 |
aafda2f28f NEW ab4e3226c4 NEW |
none[none] c2d0313e73[0] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:02:12:00 | WinXP | 113.210.203.39 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 420b1a76c4 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:43:00 | WinXP | 1.225.123.110 (-): . |
n/a | DE:irc.zief.pl US:microsoft.com EU:ii.derquda.com EU:www.derquda.com EU:justnewleft.ru US:get.whitesmoke.com US:c0007083.cdn2.cloudfiles.rackspacecloud.com US:track.zugo.com US:components.zugo.com CN:lb.perfectexe.com CN:exe4.perfectexe.com CN:122.224.6.48:666 EU:91.193.194.98:80 |
135 | pcap | raw alerts ruleset |
irc http 1230 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 43 37 of 41 40 of 41 2 of 43 21 of 42 5 of 43 0 of 42 35 of 42 5 of 43 22 of 42 |
1b8d9f2929 NEW 34cd9e2f76 NEW 376a6b6ecd NEW b2c1ecbb4e NEW bff5fecfbb NEW cadf04a620 NEW d031238d4a NEW dadbc4d266 NEW e41e5e38a5 NEW fe100c25d4 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none none none none |
none none none none none none none none none none |
| T:03:29:00 | Win2K-f | 96.10.248.194 (RR.COM): ROAD RUNNER HOLDCO LLC, GOLDSBORO, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 40 of 42 |
377ae8c2fd NEW 7cfdf42414 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:15:00 | Win2K-f | 173.165.162.205 (COMCASTBUSINESS.NET): COMCAST BUSINESS COMMUNICATIONS INC, MT. LAUREL, NEW JERSEY, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:04:32:00 | WinXP | 202.162.219.218 (ICONPLN.NET.ID): PT INDONESIA COMNETS PLUS, SEMARANG, JAWA TENGAH, ID. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:08:00 | WinXP | 92.48.12.24 (-): SA-ETTIHADETISALAT, RIYADH, AR RIYAD, SA. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
43 of 43 | 820ca7d7bd NEW |
none[none] | none:none |
none|none | none | none |
| T:06:37:00 | Win2K-f | 63.23.7.212 (UU.NET): UUNET TECHNOLOGIES INC, COLUMBUS, OHIO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 219 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 40 of 41 |
0e410bca53 NEW d828346f91 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:06:42:00 | WinXP | 114.40.217.121 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| 06:58:00 | WinXP | 98.105.164.197 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - MATTHEWS, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:07:27:00 | WinXP | 121.58.204.168 (CCTLL.COM): COMCLARK-BROADBAND-NETWORK, MANILA, MANILA, PH. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:37:00 | Win2K-f | 76.189.154.103 (RR.COM): ROAD RUNNER HOLDCO LLC, CLEVELAND, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 42 33 of 33 |
359d245014 NEW 53bfe15e91 NEW |
none[none] 1473091351[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=75 embedded dns |
none trace |
| T:07:38:00 | WinXP | 200.165.199.42 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 9e4ae2619f NEW |
none[none] | none:none |
none|none | none | none |
| T:08:23:00 | WinXP | 121.120.43.102 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | e9fcd6f257 NEW |
2e05bc2272 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:06:00 | WinXP | 117.97.63.174 (-): GPRS-SUBSCRIBERS-IN-SOUTH, BANGALORE, KARNATAKA, IN. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:09:17:00 | WinXP | 59.103.202.169 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:20:00 | WinXP | 92.46.83.113 (DIAL.ONLINE.KZ): JSC KAZAKHTELECOM ASTANA AFFILIATE, KZ. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 3b524aa127 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:23:00 | WinXP | 46.102.55.72 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:28:00 | WinXP | 49.14.92.61 (-): . |
n/a | DE:citi-bank.ru :kidos-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
43 of 43 | f6214c480f NEW |
none[none] | none:none |
none|none | none | none |
| T:09:33:00 | WinXP | 121.121.124.137 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru :parex-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:57:00 | WinXP | 79.163.5.42 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:10:32:00 | WinXP | 186.26.200.116 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 42 | 94f7fe0057 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:45:00 | WinXP | 178.137.177.1 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | 6df27102eb NEW |
none[none] | none:none |
none|none | none | none |
| T:10:50:00 | Win2K-f | 64.179.141.244 (IW.NET): PRAIRIEWAVE CABLE MODEM DHCP, LUVERNE, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 38 of 40 |
67f1a33096 NEW 724cf0dc37 NEW |
148e04eaab [0] 901dd267d4[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:10:51:00 | WinXP | 92.251.214.175 (NETWORK-IE.NET): PROVIDER LOCAL REGISTRY, IE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 10:51:00 | Win2K-f | 87.97.207.167 (PL.EKK.BG): EKK CATV PLOVDIV, PLOVDIV, PLOVDIV, BG. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk :checkip.dyndns.org :www.getmyip.org US:208.43.124.51:80 EU:78.40.35.134:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
4 of 37 | 8ce32ded17 NEW |
none[3] | none:none |
Armadillo| | none | trace |
| 10:55:00 | WinXP | 92.251.214.175 (NETWORK-IE.NET): PROVIDER LOCAL REGISTRY, IE. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:11:52:00 | WinXP | 59.103.222.187 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:09:00 | WinXP | 115.80.92.189 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 488d27fe97 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:02:00 | Win2K-f | 87.97.207.167 (PL.EKK.BG): EKK CATV PLOVDIV, PLOVDIV, PLOVDIV, BG. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk US:www.vouchercodes.net :www.getmyip.org US:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
4 of 37 0 of 43 |
8ce32ded17 NEW cf92e5ea49 NEW |
none[3] none [none] |
none:none none:none |
Armadillo| none|none |
none none |
trace none |
| T:13:07:00 | WinXP | 184.74.74.92 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:24:00 | WinXP | 217.246.176.137 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, FRANKFURT, HESSEN, DE. (DIAL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 NEW |
none[0] | none:none |
PolyEnE| | lines=54 | trace |
| T:13:58:00 | WinXP | 87.4.59.143 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, BRESCIA, LOMBARDIA, IT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| 14:18:00 | WinXP | 46.109.102.102 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 42 | efdb61e0c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:35:00 | WinXP | 114.46.192.101 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:14:36:00 | WinXP | 164.132.120.116 (-): IUNET S.P.A, MILANO, LOMBARDIA, IT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:15:10:00 | Win2K-f | 70.183.164.197 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:40:00 | WinXP | 201.162.3.148 (CABLEXTREMO.COM.MX): CABLEVISION DE SALTILLO SA DE CV, MX. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:47:00 | WinXP | 115.80.92.189 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 488d27fe97 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:55:00 | WinXP | 173.17.50.213 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, WINSTED, MINNESOTA, US. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:08:00 | WinXP | 109.82.101.223 (JWS.COM): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
43 of 43 | 820ca7d7bd NEW |
none[none] | none:none |
none|none | none | none |
| T:16:16:00 | WinXP | 24.80.170.219 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | DE:irc.zief.pl EU:ii.derquda.com US:gg.arrancar.org CN:lb.perfectexe.com CN:exe4.perfectexe.com CN:hn.yigeyuming.com :a.95622.com :www.lddwj.com :vipclassrecipes.com :wpad US:i.nuseek.com US:64.145.88.114:80 US:69.43.160.145:555 |
135 | pcap | raw alerts ruleset |
http 377 lines |
Yeah : 1.3 profile |
none | summary tarball |
7 of 43 28 of 42 34 of 40 29 of 43 22 of 42 |
5ae85921cb NEW 8809b6417c NEW a72398081f NEW b34e640329 NEW fe100c25d4 NEW |
none[none] none [none] 3f0ad45d1c[0] none [none] none [none] |
none:none none:none ASM:Graph none:none none:none |
none|none none|none tElock| none|none none|none |
none none lines=10 none none |
none none trace none none |
| T:17:58:00 | WinXP | 64.33.132.125 (AIRSTREAMCOMM.NET): TRI COUNTY TELEPHONE, WISCONSIN, US. (DIAL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0cfab99612 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:18:40:00 | Win2K-f | 65.36.73.165 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS NETWORKS INC, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:47:00 | Win2K-f | 70.184.249.110 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. (DSL) |
60.190.222.139:65520 | EU:proxim.ircgalaxy.pl EU:ii.derquda.com CN:lb.perfectexe.com CN:exe4.perfectexe.com CN:hn.yigeyuming.com CN:60.190.222.139:65520 EU:91.193.194.98:80 |
135 | pcap | raw alerts ruleset |
irc http 307 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 42 29 of 43 |
abc24c052d NEW b34e640329 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:53:00 | WinXP | 121.120.153.169 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 24137d8412 NEW |
73a916deb4 [0] | none:none |
PolyEnE| | none | trace |
| T:20:13:00 | WinXP | 113.10.127.71 (-): STARHUB HSDPA SG, SG. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 88f3393e20 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:32:00 | WinXP | 98.135.183.160 (WINDSTREAM.NET): ALLTEL SIP CUSTOMERS - OMAHA, PIERRE, SOUTH DAKOTA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:40:00 | Win2K-f | 65.36.51.3 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS NETWORKS INC, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 21:23:00 | WinXP | 121.121.167.195 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:27:00 | WinXP | 202.107.247.8 (CNINFO.NET): CHINANET-ZJ QUZHOU NODE NETWORK, QUZHOU, ZHEJIANG, CN. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:59:00 | WinXP | 121.58.203.107 (CCTLL.COM): COMCLARK-BROADBAND-NETWORK, MANILA, MANILA, PH. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | cb6cf950fc NEW |
none[none] | none:none |
none|none | none | none |