Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

07 March 2011
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:21:00 WinXP 112.68.85.53 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:00:25:00 Win2K-f 65.31.49.154 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SPRINGFIELD, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:00:29:00 Win2K-f 123.194.5.108 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:00:00 Win2K-f 70.168.127.213 (COX.NET):
COX COMMUNICATIONS,
WICHITA, KANSAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1008 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:49:00 WinXP 213.66.164.142 (TELIA.COM):
TELIA NETWORK SERVICES,
DANDERYD, STOCKHOLMS LAN, SE. (DSL) 		n/a RU:siliconfireware.ru
RU:auction.nic.ru
:www.google-analytics.com
RU:domain-parking.ru
RU:ebookfinaltrash.ru
:www.epartner.ru
RU:s.holm.ru
RU:s.agava.ru
RU:igrayvmeste.ru
RU:www.megastock.ru
RU:counter.yadro.ru
RU:counter.rambler.ru
RU:top100-images.rambler.ru
:wpad
RU:80.93.56.71:80 		445 pcap raw alerts
ruleset 		http
http
http
369 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:57:00 WinXP 121.123.25.231 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:58:00 WinXP 95.68.181.20 (ESOO.RU):
OJSC VOLGATELECOM,
RU. (DSL) 		213.155.0.224:80 DE:citi-bank.ru
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:02:21:00 WinXP 121.120.94.229 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:43:00 WinXP 61.61.228.141 (UBBN.NET):
UNION BROADBAND NETWORK,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:04:00 Win2K-f 219.112.185.33 (THN.NE.JP):
TOKAI CORPORATION,
SHIZUOKA, SHIZUOKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:03:16:00 WinXP 79.133.128.169 (-):
ADSL USERS,
RU. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:03:42:00 WinXP 151.80.209.76 (51-151.NET24.IT):
IUNET-BNET,
PERUGIA, UMBRIA, IT. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:50:00 WinXP 173.200.73.19 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:04:57:00 WinXP 95.58.17.86 (DIAL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:07:00 WinXP 121.120.215.239 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:25:00 Win2K-f 219.124.28.208 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:05:56:00 Win2K-f 202.122.27.89 (CTS.NE.JP):
SOUTH TOKYO CABLE TELEVISION,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:06:21:00 Win2K-f 113.254.149.2 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
183 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:06:34:00 Win2K-f 61.218.205.52 (HINET.NET):
TAIWAN PROVINCE TAP-WATER CO. LTD,
KAOHSIUNG, T'AI-WAN, TW. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:06:37:00 WinXP 195.34.119.207 (LOZEN.ORG):
ARTALEX LTD,
SOFIA, GRAD SOFIYA, BG. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:11:00 WinXP 217.252.243.80 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
BERLIN, BERLIN, DE. (DIAL) 		n/a DE:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:19:00 WinXP 115.165.82.205 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
KAWASAKI, KANAGAWA, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:07:53:00 WinXP 99.194.217.37 (CENTURYTEL.NET):
CENTURYTEL INTERNET HOLDINGS INC,
HINESVILLE, GEORGIA, US. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:55:00 WinXP 83.221.245.147 (KM3.DE):
KM3 TELEDIENST CABLEMODEMS,
BERLIN, BERLIN, DE. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:08:35:00 WinXP 41.213.88.91 (TELKOMADSL.CO.ZA):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:09:22:00 WinXP 123.193.209.146 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
09:29:00 Win2K-f 61.185.8.9 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
SHANGHAI, SHANGHAI, CN. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.getmyip.org
:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:35:00 WinXP 67.14.211.51 (ARTELCO.COM):
WORLD LYNX,
MAGAZINE, ARKANSAS, US. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:11:01:00 WinXP 95.75.117.186 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:03:00 WinXP 98.124.93.78 (HOMESC.COM):
HOME TELEPHONE COMPANY INC,
MONCKS CORNER, SOUTH CAROLINA, US. (100Mbps) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:11:16:00 Win2K-f 173.16.6.125 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
ANGOLA, INDIANA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:17:00 WinXP 173.29.142.45 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:19:00 Win2K-f 61.218.244.5 (HINET.NET):
JIN KUEN SHIN IE CO. LTD,
KAOHSIUNG, T'AI-WAN, TW. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:13:51:00 WinXP 109.52.28.159 (JWS.COM):
EU-ZZ,
UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:14:21:00 Win2K-f 46.162.199.125 (-):
. 		n/a :gg.arrancar.org 135 pcap raw alerts
ruleset 		other
300 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:14:37:00 WinXP 109.52.128.86 (JWS.COM):
EU-ZZ,
UK. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:05:00 WinXP 211.20.90.193 (HINET.NET):
TAOYUAN JING KAO COMMUNITY,
TAOYUAN, T'AI-WAN, TW. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
15:19:00 WinXP 95.83.225.180 (O2.IE):
DIGIFONE ONLINE,
DUBLIN, DUBLIN, IE. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:26:00 WinXP 65.36.23.253 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS ODESSA HUB,
SAN MARCOS, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
16:15:00 WinXP 93.102.96.14 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
COIMBRA, COIMBRA, PT. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:04:00 WinXP 24.92.144.233 (SPEAKEASY.NET):
LAWRENCEVILLE, GEORGIA, US. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:27:00 WinXP 4.253.114.227 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KNOX, INDIANA, US. (DIAL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:35:00 WinXP 24.92.144.233 (SPEAKEASY.NET):
LAWRENCEVILLE, GEORGIA, US. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:54:00 WinXP 187.80.248.38 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:19:42:00 WinXP 63.245.38.67 (LIBERTYPR.NET):
LIBERTY CABLEVISION OF PUERTO RICO INC,
CAGUAS, PUERTO RICO, PR. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
20:26:00 WinXP 115.81.15.212 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:26:00 WinXP 123.193.209.146 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:27:00 WinXP 211.75.159.211 (KENNY.COM.TW):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:21:15:00 WinXP 24.50.75.28 (-):
. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:32:00 WinXP 114.149.162.177 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:33:00 Win2K-f 61.221.65.60 (-):
HE MEI BUSINESS CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:30:00 Win2K-f 24.106.163.138 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:05:00 Win2K-f 4.159.161.209 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MINNEAPOLIS, MINNESOTA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:10:00 WinXP 119.154.127.145 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none