|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:09:00 | Win2K-f | 61.61.228.141 (UBBN.NET): UNION BROADBAND NETWORK, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 32 of 36 |
2d686c9a36 NEW 3aff9129ca NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:13:00 | Win2K-f | 24.103.10.122 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:28:00 | WinXP | 119.154.41.6 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | c19c8a2776 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:40:00 | WinXP | 112.78.95.100 (-): VIBO TELECOM INC, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:01:09:00 | Win2K-f | 124.241.171.93 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:29:00 | WinXP | 27.97.215.243 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 42 | 4c1e03dd5e NEW |
none[none] | none:none |
none|none | none | none |
| T:01:40:00 | WinXP | 182.164.225.107 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | 7b313206a2 NEW |
0c866c8cce [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:01:46:00 | Win2K-f | 202.70.242.218 (ONINET.NE.JP): OKAYAMA NETWORK INC, OKAYAMA, OKAYAMA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 01:52:00 | WinXP | 27.97.215.243 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 42 | 4c1e03dd5e NEW |
none[none] | none:none |
none|none | none | none |
| T:02:18:00 | Win2K-f | 72.45.25.39 (ATLANTICBB.NET): ATLANTIC BROADBAND, SMYRNA, DELAWARE, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:37:00 | Win2K-f | 211.75.159.211 (KENNY.COM.TW): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 03:00:00 | WinXP | 121.121.162.174 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 NEW |
none[none] | none:none |
none|none | none | none | |
| T:03:17:00 | WinXP | 174.116.2.75 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:54:00 | WinXP | 91.205.252.227 (-): JSC ROSTOV-ON-DON CELLULAR TELEPHONE, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:56:00 | WinXP | 91.64.139.52 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BERLIN, BERLIN, DE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:05:10:00 | WinXP | 121.120.212.65 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 1a7eb7e257 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:15:00 | Win2K-f | 203.95.48.11 (THN.NE.JP): TOKAI CORPORATION, FUJI, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
| T:05:24:00 | WinXP | 109.229.100.87 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru :kukutrustnet777.info |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 622f232702 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:34:00 | WinXP | 121.121.193.13 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | de4624560d NEW |
none[none] | none:none |
none|none | none | none |
| T:05:40:00 | WinXP | 59.113.96.210 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:05:42:00 | Win2K-f | 60.250.36.114 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| 05:48:00 | WinXP | 92.243.103.154 (92-243-104-010.NTS.SU): NEW TELESYSTEMS LTD, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 05:53:00 | WinXP | 59.113.96.210 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:05:53:00 | WinXP | 112.205.117.217 (PLDT.NET): IPG, PH. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 43 | 2e1de2483f NEW |
none[none] | none:none |
none|none | none | none |
| T:06:29:00 | Win2K-f | 203.193.135.11 (SOFT.NET): SOFTWARE TECHNOLOGY PARKS OF INDIA, PONDICHERRY, PONDICHERRY, IN. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
2fc89991b2 NEW 7bdf45b79a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:30:00 | WinXP | 92.251.138.50 (-): H3G IRELAND SUBSCRIBERS, IE. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 06:47:00 | WinXP | 180.207.200.20 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:07:20:00 | WinXP | 113.10.101.143 (-): STARHUB HSDPA SG, SG. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | cd544936b3 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:26:00 | WinXP | 113.210.176.167 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | de4624560d NEW |
none[none] | none:none |
none|none | none | none |
| T:07:36:00 | Win2K-f | 182.209.21.230, 222.170.127.203 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
83.133.119.197:65520 195.234.103.80:5500 | EU:proxim.ircgalaxy.pl US:microsoft.com CN:lb.mainpage.cc EU:www.derquda.com EU:ii.derquda.com EU:justnewleft.ru CN:w.mainpage.cc CN:2b.mainpage.cc AT:yo.utoyr.ru EU:91.217.162.97:80 |
135 | pcap | raw alerts ruleset |
irc http 180 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 43 37 of 43 22 of 42 17 of 41 30 of 33 29 of 43 31 of 33 30 of 43 36 of 43 |
12f3842842 NEW 3fb928fb27 NEW 426ecca5d8 NEW 751c32670c NEW 87bd0a062f NEW b34e640329 NEW c7d6018f97 NEW d333d088fc NEW eb2c861fea NEW |
none[none] none [none] none [none] none [none] dc70d9623a[0] none [none] 5c1d8bbd5b[0] none [none] none [none] |
none:none none:none none:none none:none ASM:Graph none:none ASM:Graph none:none none:none |
none|none none|none none|none none|none Armadillo| none|none tElock| none|none none|none |
none none none none lines=91 none lines=125 embedded dns none none |
none none none none trace none trace none none |
| T:07:44:00 | Win2K-f | 220.246.75.63, 222.170.127.203 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
n/a | CN:w.mainpage.cc :a.95622.com CN:2b.mainpage.cc CN:2b.yigeyuming.com CN:s5.perfectexe.com :1.95622.com US:changinghands.net US:highpopularity.com US:searchportal.information.com US:spi.domainsponsor.com US:microsoft.com :techsummer.com CN:sb.perfectexe.com US:yellowcardunion.com 174.133.57.141:80 |
135 | pcap | raw alerts ruleset |
http irc 36 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 43 28 of 42 1 of 43 11 of 42 9 of 42 |
3ef3c2ad56 NEW 8809b6417c NEW cb01ded6a0 NEW d705b391f5 NEW e4240d7958 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:07:51:00 | WinXP | 109.94.105.69 (JWS.COM): EU-ZZ, UK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:08:00:00 | Win2K-f | 75.97.11.43 (PTD.NET): PENTELEDATA INC. - CABLE, PALMERTON, PENNSYLVANIA, US. (100Mbps) |
n/a | :ustradepennystocks.com US:i.nuseek.com :www.google-analytics.com US:955434.r.msn.com US:www.cashflowheaven.com :a.95622.com US:countrynregion.com US:as.casalemedia.com CA:www.searchnut.com CN:w.mainpage.cc EU:justnewleft.ru US:activex.microsoft.com US:p.chango.com US:codecs.microsoft.com EU:proxim.ircgalaxy.pl CN:60.190.222.139:65520 |
445 | pcap | raw alerts ruleset |
http 68 lines |
Argh : 0.3 profile |
none | summary tarball |
1 of 43 | 67e13813e9 NEW |
none[none] | none:none |
none|none | none | none |
| 08:31:00 | WinXP | 212.192.237.235 (MSU.RU): MOSCOW STATE UNIVERSITY, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
43 of 43 | 928f4e82e3 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:05:00 | WinXP | 121.120.185.13 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | 118b884494 NEW |
none[none] | none:none |
none|none | none | none |
| 09:23:00 | WinXP | 218.168.228.59 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:27:00 | WinXP | 121.120.47.72 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 42 | 69e7479380 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:52:00 | WinXP | 4.88.54.108 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, COLUMBIA, SOUTH CAROLINA, US. (DIAL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:15:00 | WinXP | 123.193.224.96 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | 60c4a8055b NEW |
none[none] | none:none |
none|none | none | none |
| 10:16:00 | WinXP | 92.251.138.50 (-): H3G IRELAND SUBSCRIBERS, IE. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 10:25:00 | WinXP | 95.59.18.239 (DIAL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:11:28:00 | WinXP | 121.120.70.233 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | CN:ilo.brenz.pl DE:citi-bank.ru EU:91.193.194.67:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 41 | 1397b7b3cf NEW |
none[none] | none:none |
none|none | none | none |
| T:11:34:00 | WinXP | 91.149.121.131 (SKYLINK.RU): SKYLINK VLADIMIR, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
43 of 43 | 778253b513 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:41:00 | Win2K-f | 65.19.251.75 (VNET-INC.COM): TRIANGLE TELEPHONE, ENNIS, MONTANA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:42:00 | WinXP | 70.45.15.43 (ONELINKPR.NET): SAN JUAN CABLE LLC, SAN JUAN, PUERTO RICO, PR. (100Mbps) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:43:00 | Win2K-f | 4.173.253.37 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ROCKVILLE CENTRE, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:11:48:00 | WinXP | 71.23.101.19 (CLEARWIRE-DNS.NET): CLEARWIRE US LLC, KIRKLAND, WASHINGTON, US. (DSL) |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:08:00 | WinXP | 112.205.117.217 (PLDT.NET): IPG, PH. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:12:00 | WinXP | 70.45.15.43 (ONELINKPR.NET): SAN JUAN CABLE LLC, SAN JUAN, PUERTO RICO, PR. (100Mbps) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
738f555183 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:25:00 | Win2K-f | 24.103.10.122 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:47:00 | WinXP | 79.98.194.248 (CUSTOMERS.TELELET.DK): TELELET, DK. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:12:52:00 | WinXP | 121.121.249.66 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:14:00 | WinXP | 4.224.66.44 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ZANESVILLE, OHIO, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 194 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:56:00 | Win2K-f | 211.72.66.133 (HINET.NET): REUTERS LIMITED TAIWAN BRAUCH, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:14:03:00 | WinXP | 98.135.41.23 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, LITTLE ROCK, ARKANSAS, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:10:00 | WinXP | 190.213.176.163 (LJW.CO.TT): COLUMBUS COMMUNICATIONS TRINIDAD LIMITED, TT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:14:50:00 | Win2K-f | 173.26.20.179 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, BETTENDORF, IOWA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 38 of 40 |
474acf88e5 NEW 68f0c14692 NEW |
1f53944b24 [0] ccc1b24d53[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:16:39:00 | WinXP | 74.60.113.36 (CLEARWIRE-DNS.NET): CLEARWIRE US LLC, CHICAGO, ILLINOIS, US. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:18:33:00 | WinXP | 186.180.55.27 (-): . |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 36e142aa0b NEW |
none[none] | none:none |
none|none | none | none |
| T:18:35:00 | Win2K-f | 211.23.48.44 (-): LAN CHEN CAR CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 37 of 40 |
5d445c59d8 NEW 8a54950abb NEW |
892e12db7b [0] f6b9e43917[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| 18:51:00 | WinXP | 186.180.55.27 (-): . |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | ff851345d8 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:52:00 | Win2K-f | 117.104.46.34 (T-COM.NE.JP): TOKAI CORPORATION, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
6a6aaa5b73 NEW 8bde6dd126 NEW |
63889c9976 [0] 885c68f500[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:18:56:00 | WinXP | 66.249.152.141 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, MONTEGO BAY, SAINT JAMES, JM. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 39 35 of 38 |
2205443cc8 NEW b9297745a1 NEW |
04ce1ed773 [none] 4294884d84[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=64 embedded dns |
none trace |
| T:19:20:00 | WinXP | 63.22.149.133 (UU.NET): UUNET TECHNOLOGIES INC, CAMBRIDGE, MASSACHUSETTS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
43931fa708 NEW 823a36df01 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:26:00 | WinXP | 175.112.215.120, 222.170.127.203 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
60.190.222.139:65520 195.234.103.80:5500 | EU:proxim.ircgalaxy.pl US:microsoft.com CN:lb.mainpage.cc CN:w.mainpage.cc EU:www.derquda.com CN:2b.mainpage.cc EU:justnewleft.ru AT:yo.utoyr.ru :stonegrouphotels.com CA:zynga.com :fbcdn.net :evnvu.in CN:218.10.17.178:888 |
135 | pcap | raw alerts ruleset |
irc http 221 lines |
Yeah : 1.8 profile |
none | summary tarball |
37 of 43 22 of 42 17 of 41 16 of 43 40 of 43 29 of 43 41 of 43 30 of 43 40 of 43 |
3fb928fb27 NEW 426ecca5d8 NEW 751c32670c NEW 7f7700227c NEW 92b7f99e20 NEW b34e640329 NEW b4afa1df1d NEW d333d088fc NEW ec7cec691c NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none none none |
none none none none none none none none none |
| 19:28:00 | Win2K-f | 190.50.87.49 (COM.AR): TELEFONICA DE ARGENTINA, MAR DEL PLATA, BUENOS AIRES, AR. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org EU:getmyip.co.uk US:checkip.dyndns.org US:208.43.124.51:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:19:37:00 | Win2K-f | 190.50.87.49 (COM.AR): TELEFONICA DE ARGENTINA, MAR DEL PLATA, BUENOS AIRES, AR. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org EU:getmyip.co.uk US:www.vouchercodes.net EU:checkip.dyndns.org US:217.160.239.39:80 |
445 | pcap | raw alerts ruleset |
http 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:19:44:00 | WinXP | 186.184.201.194 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 43 | 6753eafdbe NEW |
none[none] | none:none |
none|none | none | none |
| T:19:52:00 | WinXP | 121.121.233.198 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 6e9e655f3c NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 20:07:00 | WinXP | 121.121.233.198 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 6e9e655f3c NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:20:34:00 | WinXP | 124.241.151.46 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 21:11:00 | Win2K-f | 149.75.199.73 (TRILOGYBEHC.ORG): TRILOGY INC, AUSTIN, TEXAS, US. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org EU:checkip.dyndns.org US:208.43.124.51:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:21:20:00 | Win2K-f | 149.75.199.73 (TRILOGYBEHC.ORG): TRILOGY INC, AUSTIN, TEXAS, US. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org EU:getmyip.co.uk US:www.vouchercodes.net :checkip.dyndns.org US:217.160.239.39:80 |
445 | pcap | raw alerts ruleset |
http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 21:51:00 | WinXP | 27.97.85.131 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:22:33:00 | WinXP | 4.181.109.252 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CARMICHAEL, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 23:04:00 | WinXP | 113.210.193.7 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:23:08:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:28:00 | WinXP | 113.210.213.209 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:55:00 | WinXP | 59.104.151.74 (SEED.NET.TW): SEEDNET-KAOHSIUNGDP-S, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 41 of 43 |
301a7165b8 NEW bd1b8418cb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |