|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:47:00 | WinXP | 117.108.21.243 (KCN.NE.JP): KCN-NET INTERNET SERVICE PROVIDER, TOKYO, TOKYO, JP. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:01:12:00 | WinXP | 61.222.0.158 (HINET.NET): JIN JER CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:00:00 | WinXP | 222.230.153.154 (VECTANT.NE.JP): SEIKA CORPORATION, YOKOHAMA, KANAGAWA, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:27:00 | WinXP | 95.57.125.114 (-): JSC KAZAKHTELECOM KARAGANGA AFFILIATE, ALMATY, ALMATY CITY, KZ. (DSL) |
n/a | DE:citi-bank.ru :www.eri.edu.pk UA:fourline.com.tr :eylenirik.biz CZ:fotbalbaska.yc.cz :eskimovie.com :esteticaespacobemestar.com.br DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:28:00 | WinXP | 123.99.49.11 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:53:00 | WinXP | 123.99.49.11 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none trace trace none |
| 02:58:00 | WinXP | 113.210.139.114 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none trace trace none |
| 03:08:00 | Win2K-f | 201.116.205.53 (PROD-INFINITUM.COM.MX): GESTIN DE DIRECCIONAMIENTO UNINET, ZAPOPAN, JALISCO, MX. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk US:checkip.dyndns.org :www.getmyip.org US:208.43.124.51:80 EU:78.40.35.134:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 9 of 38 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW e1a2e3980d NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none none trace trace trace trace none |
| T:03:16:00 | WinXP | 121.121.27.226 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:17:00 | Win2K-f | 201.116.205.53 (PROD-INFINITUM.COM.MX): GESTIN DE DIRECCIONAMIENTO UNINET, ZAPOPAN, JALISCO, MX. (DSL) |
n/a | US:www.maxmind.com EU:checkip.dyndns.org |
445 | pcap | raw alerts ruleset |
http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 04:00:00 | WinXP | 95.68.111.5 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 40 of 41 34 of 36 none 42 of 43 40 of 43 40 of 42 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 39 of 41 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 9 of 38 33 of 35 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1096ba143e NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5277ad4102 NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a3c82ff952 NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW e1a2e3980d NEW e9fcd6f257 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [3] 2e05bc2272[0] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none ASM:Graph none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| UPX| PolyEnE| none|none |
none none none none none none none none none none none none none none lines=68 none none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none lines=68 none |
none none none none none none none none none none none none none none trace none none none none none none trace none none none none trace none none trace trace trace trace trace none |
| T:04:11:00 | WinXP | 46.134.203.222 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:31:00 | WinXP | 27.133.252.141 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:35:00 | WinXP | 203.81.208.66 (WORLDCALL.NET.PK): WORLDCALL MULTIMEDIA LTD, KARACHI, SINDH, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 39 of 41 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 9 of 38 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a3c82ff952 NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW e1a2e3980d NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none none |
none none none none none none none none none none none none trace none none none none none none trace none none none none trace none none trace trace trace trace none |
| 04:36:00 | WinXP | 113.210.47.67 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none trace trace none |
| 05:02:00 | Win2K-f | 122.225.53.238 (163DATA.COM.CN): CHINANET-ZJ JIAXING NODE NETWORK, BEIJING, BEIJING, CN. (DSL) |
n/a | US:www.maxmind.com EU:checkip.dyndns.org :www.getmyip.org EU:getmyip.co.uk US:208.43.124.51:80 EU:78.40.35.134:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none trace trace none |
| T:05:11:00 | Win2K-f | 122.225.53.238 (163DATA.COM.CN): CHINANET-ZJ JIAXING NODE NETWORK, BEIJING, BEIJING, CN. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org :checkip.dyndns.org |
445 | pcap | raw alerts ruleset |
http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:22:00 | WinXP | 46.134.201.110 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:29:00 | WinXP | 58.146.10.85 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:35:00 | Win2K-f | 173.28.212.241 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:48:00 | Win2K-f | 1.226.105.83, 222.170.127.203 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
n/a | DE:irc.zief.pl US:microsoft.com CN:lb.mainpage.cc CN:w.mainpage.cc CN:2b.mainpage.cc CN:ck.perfectexe.com CN:hn.yigeyuming.com US:indiamonkey.com US:searchportal.information.com :cdn.dsultra.com 208.93.137.180:80 |
135 | pcap | raw alerts ruleset |
irc http 341 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:54:00 | WinXP | 112.205.117.217 (PLDT.NET): IPG, PH. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:06:00 | WinXP | 117.104.35.103 (THN.NE.JP): TOKAI CORPORATION, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:07:00 | Win2K-f | 218.169.205.79 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:bankingmodel.com US:as.casalemedia.com :images.ddc.com US:64.210.61.99:80 CA:74.122.140.23:80 75.101.212.227:80 96.16.200.74:80 |
445 | pcap | raw alerts ruleset |
http 28 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:24:00 | Win2K-f | 91.194.198.109 (TRONIC.PL): P.H.U. TRONIC, PL. (DSL) |
n/a | CN:ck.perfectexe.com CN:w.mainpage.cc US:bankingmodel.com US:as.casalemedia.com :images.ddc.com US:domdex.com US:p.chango.com CA:idcs.interclick.com :a.collective-media.net US:ib.adnxs.com :segment-pixel.invitemedia.com :b.collective-media.net :ad.doubleclick.net :r.turn.com US:leadback.advertising.com :www.googleadservices.com US:64.236.85.181:80 74.125.155.96:80 |
445 | pcap | raw alerts ruleset |
http 55 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:29:00 | WinXP | 83.221.245.147 (KM3.DE): KM3 TELEDIENST CABLEMODEMS, BERLIN, BERLIN, DE. (DSL) |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:30:00 | Win2K-f | 188.18.208.92 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. (DSL) |
n/a | US:asiaarizona.com US:searchportal.information.com :cdn.dsultra.com US:ad.trafficmp.com US:b3.mookie1.com US:ak1.abmr.net US:anrtx.tacoda.net US:protectionvirus.net US:foodaddiitive.net US:materialincentive.com CN:w.mainpage.cc DE:irc.zief.pl US:flashdrag.com US:shoppingearning.com CN:ck.perfectexe.com |
445 | pcap | raw alerts ruleset |
http 42 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:33:00 | Win2K-f | 210.0.207.190 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1002 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:21:00 | WinXP | 117.99.162.35 (59.AIRTELBROADBAND.IN): BHARTI AIRTEL LTD, NEW DELHI, DELHI, IN. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:54:00 | WinXP | 151.83.68.178 (SER-PR2-MAX.IUNET.IT): INFOSTRADA, IT. (DSL) |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none none trace trace trace none |
| T:09:05:00 | WinXP | 121.94.178.83 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:06:00 | Win2K-f | 69.40.180.151 (WINDSTREAM.NET): EXPORT INTERNET POP - DYNAMIC DSL POOL, EXPORT, PENNSYLVANIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:45:00 | WinXP | 91.215.159.60 (NACKSYSTEM.NET): EU-ZZ, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 704 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:11:00 | Win2K-f | 184.74.84.96 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:13:00 | WinXP | 93.102.40.148 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, MAIA, PORTO, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:21:00 | WinXP | 213.133.10.75 (-): MTEL RESID.USERS, ME. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 40 of 41 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 39 of 41 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 9 of 38 33 of 35 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1096ba143e NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a3c82ff952 NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW e1a2e3980d NEW e9fcd6f257 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [3] 2e05bc2272[0] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none ASM:Graph none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| UPX| PolyEnE| none|none |
none none none none none none none none none none none none none lines=68 none none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none lines=68 none |
none none none none none none none none none none none none none trace none none none none none none trace none none none none trace none none trace trace trace trace trace none |
| T:10:30:00 | WinXP | 14.96.188.133 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:47:00 | WinXP | 4.253.115.171 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KNOX, INDIANA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:54:00 | Win2K-f | 211.124.226.158 (ZAQ.NE.JP): K CABLE TELEVISION CORPORATION INC, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:55:00 | WinXP | 89.204.195.71 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:46:00 | WinXP | 24.79.195.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1006 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:50:00 | Win2K-f | 65.36.89.94 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS NETWORKS INC, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:53:00 | WinXP | 193.248.188.106 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:37:00 | WinXP | 72.251.104.108 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:11:00 | WinXP | 70.62.136.100 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:35:00 | WinXP | 98.124.92.23 (HOMESC.COM): HOME TELEPHONE COMPANY INC, MONCKS CORNER, SOUTH CAROLINA, US. (100Mbps) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:49:00 | Win2K-f | 70.184.154.87 (COX.NET): COX COMMUNICATIONS, YUKON, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:52:00 | WinXP | 188.176.70.222 (DSL.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:54:00 | WinXP | 204.111.183.73 (SHENTEL.NET): SHENTEL SERVICE COMPANY, BLACKSBURG, VIRGINIA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 40 of 41 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 39 of 41 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 9 of 38 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1096ba143e NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a3c82ff952 NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW e1a2e3980d NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| UPX| none|none |
none none none none none none none none none none none none none lines=68 none none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none none |
none none none none none none none none none none none none none trace none none none none none none trace none none none none trace none none trace trace trace trace none |
| T:15:13:00 | WinXP | 113.254.187.99 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:14:00 | WinXP | 98.124.92.23 (HOMESC.COM): HOME TELEPHONE COMPANY INC, MONCKS CORNER, SOUTH CAROLINA, US. (100Mbps) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 40 of 41 34 of 36 none 42 of 43 40 of 43 40 of 42 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 39 of 41 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 9 of 38 33 of 35 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1096ba143e NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5277ad4102 NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a3c82ff952 NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW e1a2e3980d NEW e9fcd6f257 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [3] 2e05bc2272[0] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none ASM:Graph none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| UPX| PolyEnE| none|none |
none none none none none none none none none none none none none none lines=68 none none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none lines=68 none |
none none none none none none none none none none none none none none trace none none none none none none trace none none none none trace none none trace trace trace trace trace none |
| T:17:24:00 | Win2K-f | 69.40.180.151 (WINDSTREAM.NET): EXPORT INTERNET POP - DYNAMIC DSL POOL, EXPORT, PENNSYLVANIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:34:00 | WinXP | 115.80.64.178 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:45:00 | Win2K-f | 66.66.20.97 (RR.COM): ROAD RUNNER HOLDCO LLC, WILLIAMSON, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:48:00 | WinXP | 4.252.134.101 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, IOWA CITY, IOWA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:05:00 | Win2K-f | 216.4.108.238 (XO.NET): XO COMMUNICATIONS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:50:00 | WinXP | 177.31.215.158 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:03:00 | WinXP | 177.31.215.158 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 none 39 of 41 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d757badfe5 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] none [none] d683995e84[0] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none none:none ASM:Graph ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none none|none PolyEnE| UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none none lines=73 lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none none trace trace trace none |
| T:19:16:00 | Win2K-f | 222.232.228.159, 222.170.127.203 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
91.193.194.67:65520 | US:microsoft.com DE:proxim.ircgalaxy.pl CN:lb.mainpage.cc CN:w.mainpage.cc CN:2b.mainpage.cc CN:ck.perfectexe.com CN:hn.yigeyuming.com US:holidays-football.info US:zoo.parkingspa.com :a.95622.com CN:218.10.17.178:888 |
135 | pcap | raw alerts ruleset |
irc http 161 lines |
Yeah : 1.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:32:00 | Win2K-f | 216.211.243.84, 222.170.127.203 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
83.133.119.197:65520 | US:homesantiques.com US:onlineloveaffair.net US:surveymmonkey.com :a.95622.com US:premium-insurance.net :graphicprocessor.com CN:w.mainpage.cc CN:2b.mainpage.cc US:zoo.parkingspa.com DE:proxim.ircgalaxy.pl CN:s5.perfectexe.com US:i.nuseek.com :www.google-analytics.com US:freecreditreport211.com CN:lb.mainpage.cc US:sedoparking.com US:72.52.4.90:80 |
445 | pcap | raw alerts ruleset |
http irc 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:35:00 | WinXP | 58.146.18.29 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:57:00 | WinXP | 115.83.63.211 (TAIWANMOBILE.NET): TAIWAN MOBILE CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:05:00 | WinXP | 125.230.99.213 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none 28 of 43 38 of 42 none 39 of 40 34 of 36 none 42 of 43 40 of 43 41 of 41 none none 26 of 28 39 of 41 42 of 43 42 of 43 none 42 of 43 32 of 32 40 of 42 42 of 43 43 of 43 40 of 41 34 of 34 40 of 40 39 of 41 3 of 37 3 of 37 41 of 43 |
072c77e79f NEW 08a6c74166 NEW 0d1eb4df79 NEW 0f0af70577 NEW 0f74a58af4 NEW 1595515522 NEW 251aea3477 NEW 2c94e3fd00 NEW 2e1de2483f NEW 5c6df5141d NEW 74c3c1ec4f NEW 7553f999a8 NEW 7d99b0e910 NEW 866ac9b262 NEW 88f3393e20 NEW 95d1a78f0d NEW a75e6ddfd3 NEW b269b15ffd NEW b502f83a7c NEW beb4580c06 NEW c19c8a2776 NEW c318ecb80c NEW d11b1f56f9 NEW d20f157117 NEW d6997f4bc2 NEW d8040f84d4 NEW d9cb288f31 NEW dc331fb791 NEW fb486908b0 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [none] none [0] none [none] none [none] none [none] none [none] none [none] 28f5be93b0[0] none [none] none [none] none [none] none [none] 738f555183[0] none [none] d683995e84[0] 45603a001c[0] none [3] none [none] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none none:none ASM:Graph none:none none:none none:none none:none ASM:Graph none:none ASM:Graph ASM:Graph none:none none:none |
none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none none|none PolyEnE| none|none none|none none|none none|none PolyEnE| none|none PolyEnE| UPX| UPX| none|none |
none none none none none none none none none none none none lines=68 none none none none none lines=73 none none none none lines=68 none lines=73 lines=174 embedded dns none none |
none none none none none none none none none none none none trace none none none none none trace none none none none trace none trace trace trace none |
| T:20:06:00 | WinXP | 121.120.130.65 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:36:00 | WinXP | 24.79.215.196 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:36:00 | WinXP | 121.120.58.78 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:55:00 | Win2K-f | 174.116.60.221 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:23:00 | WinXP | 24.123.254.149 (RR.COM): ROAD RUNNER HOLDCO LLC, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 222 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:33:00 | WinXP | 211.76.77.108 (UBBN.NET): TAIWAN NETWORK INFORMATION CENTER, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:05:00 | Win2K-f | 76.186.52.196 (RR.COM): ROAD RUNNER HOLDCO LLC, FLOWER MOUND, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:10:00 | Win2K-f | 65.50.52.192 (BILTMORECOMMUNICATIONS.NET): DIRECPATH LLC, ATLANTA, GEORGIA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:10:00 | WinXP | 112.110.23.101 (-): GPRS VAS SERVICES, DELHI, DELHI, IN. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:58:00 | WinXP | 188.176.69.251 (DSL.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |