|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | WinXP | 173.247.8.188 (-): . |
n/a | US:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | 0e186d31c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:31:00 | Win2K-f | 219.124.19.44 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
5bbb57c115 NEW 75ac189d9e NEW |
03e5cb3c4a [0] 705dbaa801[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:01:34:00 | WinXP | 46.117.251.101 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 408a70e2ee NEW |
none[none] | none:none |
none|none | none | none |
| T:01:36:00 | Win2K-f | 211.124.230.249 (ZAQ.NE.JP): K CABLE TELEVISION CORPORATION INC, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:01:50:00 | Win2K-f | 202.177.102.84 (MB-ICTV.JP): IRUMA CABLE TV, TOKYO, TOKYO, JP. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 483460df96 NEW |
none[none] | none:none |
none|none | none | none | |
| T:02:18:00 | WinXP | 60.248.155.224 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:03:53:00 | WinXP | 95.57.127.132 (-): JSC KAZAKHTELECOM KARAGANGA AFFILIATE, ALMATY, ALMATY CITY, KZ. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | d24e438fc9 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:38:00 | WinXP | 151.20.162.105 (20-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, BOLOGNA, EMILIA-ROMAGNA, IT. (DIAL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:57:00 | WinXP | 91.66.92.59 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, BAYREUTH, BAYERN, DE. (DSL) |
n/a | DE:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 1511a3f219 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:10:00 | WinXP | 220.150.178.48 (YOURNET.NE.JP): FREEBIT CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:05:29:00 | Win2K-f | 27.98.10.34 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
6a6aaa5b73 NEW 8bde6dd126 NEW |
63889c9976 [0] 885c68f500[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
| T:05:58:00 | WinXP | 72.251.24.35 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
43 of 43 | 3a7a43199e NEW |
none[none] | none:none |
none|none | none | none |
| 06:08:00 | Win2K-f | 122.176.63.103 (59.AIRTELBROADBAND.IN): BHARTI AIRTEL LTD, NEW DELHI, DELHI, IN. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk :www.getmyip.org :checkip.dyndns.org US:208.43.124.51:80 EU:78.40.35.134:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:06:17:00 | Win2K-f | 122.176.63.103 (59.AIRTELBROADBAND.IN): BHARTI AIRTEL LTD, NEW DELHI, DELHI, IN. (DSL) |
n/a | US:www.maxmind.com :www.getmyip.org US:checkip.dyndns.org |
445 | pcap | raw alerts ruleset |
http 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:06:21:00 | WinXP | 109.82.155.214 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:07:19:00 | Win2K-f | 113.210.14.236 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
91.193.194.67:65520 | US:microsoft.com DE:proxima.ircgalaxy.pl CN:88.perfectexe.com EU:www.derquda.com CN:w.perfectexe.com CN:ck.perfectexe.com US:scienceofmarkets.info CN:hn.yigeyuming.com US:zoo.parkingspa.com :a.95622.com 174.123.157.154:80 EU:91.193.194.114:80 |
135 | pcap | raw alerts ruleset |
irc http 177 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 42 none 39 of 41 29 of 43 31 of 33 21 of 40 |
8809b6417c NEW 9aed35b536 NEW ab9c4b5f21 NEW b34e640329 NEW d789c8d157 NEW f7df702b31 NEW |
none[none] none [none] 5fe48b2dcc[0] none [none] 5f6572479f[0] none [none] |
none:none none:none ASM:Graph none:none ASM:Graph none:none |
none|none none|none Armadillo| none|none PolyEnE| none|none |
none none lines=42 none lines=113 embedded dns none |
none none trace none trace none |
| T:07:42:00 | Win2K-f | 60.250.199.56 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | CN:s5.perfectexe.com US:financial-internet.info :1.95622.com US:consumerorgs.com US:ecommerceage.com :as.casalemedia.com US:landing.trafficz.com US:activex.microsoft.com US:codecs.microsoft.com US:images01.tzimg.com US:yeasavings.com US:domdex.com :i.nuseek.com US:38.125.36.11:80 |
135 | pcap | raw alerts ruleset |
http irc 41 lines |
Yeah : 1.3 profile |
none | summary tarball |
9 of 42 none |
e4240d7958 NEW f06c20fd74 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:50:00 | Win2K-f | 90.188.97.251 (TOMSKNET.RU): OJSC SIBIRTELECOM, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | :citiesbuilding.com US:ad.yieldmanager.com :www.google-analytics.com :cookex.amp.yahoo.com 174.120.120.170:80 US:68.180.172.33:80 |
445 | pcap | raw alerts ruleset |
http irc 54 lines |
Argh : 0.3 profile |
none | summary tarball |
none | 5ef9252e72 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:53:00 | WinXP | 190.227.146.57 (NET.AR): TELECOM PERSONAL BS AS, AR. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 488d27fe97 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:58:00 | Win2K-f | 173.19.1.234 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, US. (DSL) |
83.133.119.197:65520 | CN:88.perfectexe.com US:fitnesstestings.com US:zoo.parkingspa.com CN:w.perfectexe.com :hifcorporate.com :i.nuseek.com :www.google-analytics.com CN:hn.yigeyuming.com CA:newyorkapartmentsforrent.info :p.chango.com US:0.r.msn.com US:vertebrateanimals.com :freepolicies.com |
135 | pcap | raw alerts ruleset |
irc http 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 3202407d22 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:05:00 | WinXP | 83.97.155.61 (CM-83-97-159-10.TELECABLE.ES): TELECABLE, BARCELONA, CATALONIA, ES. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:08:49:00 | WinXP | 92.46.251.175 (DIAL.ONLINE.KZ): JSC KAZAKHTELECOM WEST KAZAKHSTAN AFFILIATE, ALMATY, ALMATY CITY, KZ. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:10:01:00 | WinXP | 151.66.57.218 (51-151.NET24.IT): IUNET-BNET, PAVIA, LOMBARDIA, IT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:12:00 | WinXP | 201.238.127.178 (TSTT.NET.TT): TELECOMMUNICATION SERVICES OF TRINIDAD AND TOBAGO, TT. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:12:00 | WinXP | 219.84.218.166 (SO-NET.NET.TW): SONY NETWORK TAIWAN LIMITED, TAIPEI, T'AI-PEI, TW. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:21:00 | WinXP | 46.203.106.114 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | c049e988f2 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:23:00 | WinXP | 63.84.89.253 (HARLANONLINE.NET): HARLAN COMMUNITY TELEVISION, BUFFALO, NEW YORK, US. (DSL) |
n/a | US:www.altavista.com :jbeegvia.ru US:www.worldbank.org SE:www.kavkazcenter.com :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru EU:www.viruslist.com :pwvbfz.ru RU:alfabank.ru :nuzbcp.ru :bqpuqt.ru :crutop.nu :okskyyn.ru :pnlkria.ru :kargai.ru GB:www.candidateverifier.com :kfwfceki.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda NEW |
none[3] | none:none |
tElock| | none | trace |
| T:10:51:00 | WinXP | 2.54.166.4 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 1096ba143e NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:08:00 | Win2K-f | 174.39.179.15 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, NORTH PLATTE, NEBRASKA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
53aa804019 NEW 95ddd4a823 NEW |
29c6cdbf45 [0] 9e78315a6d[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:12:44:00 | WinXP | 94.253.178.209 (XNET.HR): BNET HRVATSKA, HR. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 6e6fde936f NEW |
none[none] | none:none |
none|none | none | none |
| T:14:02:00 | WinXP | 217.201.58.198 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 14:45:00 | WinXP | 139.55.174.199 (WINDSTREAM.NET): WINDSTREAM COMMUNICATIONS INC, LINCOLN, NEBRASKA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:05:00 | Win2K-f | 174.130.196.100 (WINDSTREAM.NET): WINDSTREAM COMMUNICATIONS INC, EXPORT, PENNSYLVANIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:15:19:00 | WinXP | 81.81.72.34 (WWW.E-COW.IT): WIND TELECOMUNICAZIONI S.P.A, ROME, LAZIO, IT. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 95d1a78f0d NEW |
none[none] | none:none |
none|none | none | none |
| T:16:15:00 | WinXP | 115.186.115.174 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, KARACHI, SINDH, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | a3c82ff952 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:18:00 | Win2K-f | 24.106.224.238 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
0563ea7af7 NEW 7e1532574f NEW |
bc2e11a802 [0] e6930769d0[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=65 embedded dns lines=91 |
trace trace |
| T:17:41:00 | Win2K-f | 68.193.60.226 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), HOBOKEN, NEW JERSEY, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:05:00 | Win2K-f | 24.155.102.78 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS WACO, WACO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:20:00 | Win2K-f | 60.248.45.175 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 39 35 of 38 |
2205443cc8 NEW b9297745a1 NEW |
04ce1ed773 [none] 4294884d84[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=64 embedded dns |
none trace |
| T:18:45:00 | Win2K-f | 58.146.10.85 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:47:00 | WinXP | 178.167.248.118 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | dc467897c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:52:00 | WinXP | 186.180.30.97 (-): . |
n/a | DE:moscow-advokat.ru DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | ff851345d8 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:56:00 | WinXP | 24.50.75.28 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:18:58:00 | WinXP | 69.26.16.232 (WESTRIV.COM): WEST RIVER TELECOMMUNICATIONS, HAZEN, NORTH DAKOTA, US. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru :parex-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 46112c6cd7 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:22:00 | WinXP | 113.210.177.19 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 NEW |
none[none] | none:none |
none|none | none | none |
| 20:25:00 | WinXP | 24.50.75.28 (-): . |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
d683995e84 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:20:38:00 | WinXP | 113.210.193.69 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 24137d8412 NEW |
73a916deb4 [0] | none:none |
PolyEnE| | none | trace |
| T:21:14:00 | Win2K-f | 61.197.114.166 (NTTPC.NE.JP): INFOSPHERE (NTTPC COMMUNICATIONS INC.), AKASHI, HYOGO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:07:00 | Win2K-f | 24.78.183.216 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | ec90ec15db NEW |
7b0ab2b387 [0] | ASM:Graph |
none|none | lines=546 | trace | |
| T:22:21:00 | WinXP | 111.81.51.92 (HINET.NET): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 420b1a76c4 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:26:00 | Win2K-f | 208.88.70.103 (-): BBW 4 ACES TOWER CUSTOMER SUBNET, SHREVEPORT, LOUISIANA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:22:29:00 | Win2K-f | 220.157.202.2 (ASAHI-NET.OR.JP): ASAHI NET INC, TOKYO, TOKYO, JP. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
10c560fc02 NEW 1b8d146832 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:34:00 | WinXP | 189.119.137.167 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 0f77d6439f NEW |
none[none] | none:none |
none|none | none | none |
| T:22:47:00 | WinXP | 93.102.128.87 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, COIMBRA, COIMBRA, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 1f6bcbaaef NEW |
none[none] | none:none |
none|none | none | none |
| T:23:29:00 | WinXP | 202.144.214.180 (-): VIBO TELECOM INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |