|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:01:01:00 | WinXP | 211.215.13.167 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.197:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com CN:88.perfectexe.com CN:60.190.223.75:88 |
135 | pcap | raw alerts ruleset |
irc 180 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 36 of 41 |
533d15b5ce NEW a8d5f22a14 NEW |
c67adf46e2 [0] none [none] |
ASM:Graph none:none |
tElock| none|none |
lines=126 embedded dns none |
trace none |
| T:01:30:00 | WinXP | 219.124.28.21 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
5bbb57c115 NEW 75ac189d9e NEW |
03e5cb3c4a [0] 705dbaa801[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| 01:52:00 | WinXP | 178.25.37.109 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:08:00 | WinXP | 213.66.164.142 (TELIA.COM): TELIA NETWORK SERVICES, DANDERYD, STOCKHOLMS LAN, SE. (DSL) |
n/a | RU:siliconfireware.ru RU:auction.nic.ru :www.google-analytics.com RU:domain-parking.ru GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 40 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 6c21e2c88b NEW |
none[none] | none:none |
none|none | none | none |
| T:02:25:00 | WinXP | 98.190.183.102 (COX.NET): COX COMMUNICATIONS, GAINESVILLE, FLORIDA, US. (DSL) |
60.190.222.139:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com CN:88.perfectexe.com CN:60.190.223.75:88 |
135 | pcap | raw alerts ruleset |
irc 140 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 42 none |
220c0b183d NEW 40a82f045f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:27:00 | WinXP | 184.74.71.220 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 53bfe15e91 NEW |
1473091351 [0] | ASM:Graph |
tElock| | lines=75 embedded dns |
trace |
| T:02:37:00 | WinXP | 24.155.45.5 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS WACO, WOODWAY, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:44:00 | WinXP | 113.210.147.169 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:02:45:00 | WinXP | 178.150.45.129 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:moscow-advokat.ru :brussels.be.eu.undernet.org :london.uk.eu.undernet.org DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 246f38a76e NEW |
none[none] | none:none |
none|none | none | none |
| T:03:48:00 | Win2K-f | 122.49.244.141 (CCNET-AI.NE.JP): COMMUNITY NETWORK CENTER INC, TOYOKAWA, AICHI, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
none:none ASM:Graph |
Armadillo| tElock| |
lines=90 lines=75 embedded dns |
trace trace |
| T:04:32:00 | WinXP | 222.230.153.158 (VECTANT.NE.JP): SEIKA CORPORATION, YOKOHAMA, KANAGAWA, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
none[0] | none:none |
none|none | lines=60 | trace | |
| T:05:03:00 | Win2K-f | 24.109.82.88 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SIDNEY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1002 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 41 | 43b8f21924 NEW |
none[3] | none:none |
none|none | none | trace | |
| T:06:21:00 | WinXP | 88.29.127.207 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), MADRID, MADRID, ES. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 2d18e13f9e NEW |
none[none] | none:none |
none|none | none | none |
| T:06:40:00 | WinXP | 94.248.141.236 (KABELNET.HU): VIDANET CABLE TELEVISION PROVIDER LTD, HU. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| 06:58:00 | WinXP | 94.248.141.236 (KABELNET.HU): VIDANET CABLE TELEVISION PROVIDER LTD, HU. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:38:00 | WinXP | 114.48.215.214 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:07:54:00 | Win2K-f | 69.205.71.25 (RR.COM): ROAD RUNNER HOLDCO LLC, WATERLOO, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:08:05:00 | WinXP | 123.194.20.237 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 42 | 33ffb2cb88 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:21:00 | WinXP | 121.120.27.226 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 42 | fa18d66b7d NEW |
none[none] | none:none |
none|none | none | none |
| T:08:38:00 | WinXP | 121.120.219.39 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:08:57:00 | WinXP | 46.202.255.123 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | c049e988f2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:03:00 | WinXP | 121.120.147.101 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | 8a19ca9eea NEW |
none[none] | none:none |
none|none | none | none |
| T:09:12:00 | Win2K-f | 120.138.189.14 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 40 of 41 |
6a1dc43309 NEW 94e49d5627 NEW |
522dace6c1 [0] 777259292a[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:10:01:00 | WinXP | 180.176.8.6 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 0c5162a78e NEW |
none[none] | none:none |
none|none | none | none |
| T:10:03:00 | WinXP | 114.51.174.67 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 0c6e68a348 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:03:00 | Win2K-f | 110.13.227.72 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
83.133.119.197:65520 | US:microsoft.com CN:proxima.ircgalaxy.pl CN:88.perfectexe.com CN:60.190.223.75:88 |
135 | pcap | raw alerts ruleset |
irc 125 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 29 of 32 |
99b248336f NEW 9d677c3f70 NEW |
c64bd1a776 [0] 77e75ff10f[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=120 embedded dns |
trace trace |
| T:10:15:00 | WinXP | 24.103.60.176 (RR.COM): ROAD RUNNER HOLDCO LLC, KINGSTON, NEW YORK, US. (DSL) |
n/a | :gg.arrancar.org | 135 | pcap | raw alerts ruleset |
other 158 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 51a03793ab NEW |
429f7618d3 [0] | ASM:Graph |
none|none | lines=546 | trace |
| T:11:10:00 | Win2K-f | 64.179.204.127 (SPEAKEASY.NET): ALTAMONTE SPRINGS, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 440 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | 0e31a4cd01 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:16:00 | WinXP | 121.120.182.192 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 420b1a76c4 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:18:00 | WinXP | 110.227.179.110 (59.AIRTELBROADBAND.IN): BHARTI AIRTEL LTD, GURGAON, HARYANA, IN. (DSL) |
n/a | DE:citi-bank.ru :cikmayedekparca.com US:brucegarrod.com :cbbasimevi.com US:brandaoematos.com.br :caglarteknik.com :bharatisangli.in BR:cacs.org.br RO:butacm.go.ro EU:boyabateml.k12.tr :casbygroup.com DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:11:36:00 | WinXP | 111.188.42.84 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:12:03:00 | WinXP | 189.49.216.202 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BELO HORIZONTE, MINAS GERAIS, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | dc467897c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:15:00 | Win2K-f | 118.83.27.126 (HTOJ.J-CNET.JP): JCN-HTMNET, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 NEW e4ed4df0f0 NEW |
5fe761661a [0] de471fc380[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:13:07:00 | WinXP | 174.39.151.251 (WINDSTREAM.NET): ALLTEL MIP CUSTOMERS - OMAHA, NORTH PLATTE, NEBRASKA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
53aa804019 NEW 95ddd4a823 NEW |
29c6cdbf45 [0] 9e78315a6d[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:13:55:00 | Win2K-f | 65.79.250.71 (NMAX.NET): NMAX, MIFFLINTOWN, PENNSYLVANIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 258 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 43 | 0afff56a4c NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:39:00 | Win2K-f | 174.116.60.221 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:54:00 | WinXP | 164.132.102.141 (-): IUNET S.P.A, MILANO, LOMBARDIA, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 0f77d6439f NEW |
none[none] | none:none |
none|none | none | none |
| T:15:09:00 | WinXP | 92.251.225.25 (NETWORK-IE.NET): PROVIDER LOCAL REGISTRY, IE. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | dc467897c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:35:00 | WinXP | 109.53.118.200 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | d6997f4bc2 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:22:00 | WinXP | 95.83.199.97 (-): O2 IRELAND MOBILE BROADBAND OPEN.INTERNET APN, DUBLIN, DUBLIN, IE. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
43 of 43 | 9d0e1cdb4a NEW |
none[none] | none:none |
none|none | none | none |
| T:16:26:00 | WinXP | 65.36.72.182 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS NETWORKS INC, SAN MARCOS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:16:29:00 | Win2K-f | 65.50.4.11 (BILTMORECOMMUNICATIONS.NET): DIRECPATH LLC, ATLANTA, GEORGIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 37 of 40 |
5d445c59d8 NEW 8a54950abb NEW |
892e12db7b [0] f6b9e43917[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| T:16:44:00 | Win2K-f | 70.65.249.149 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 16:56:00 | WinXP | 189.119.35.185 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 NEW |
none[0] | none:none |
PolyEnE| | lines=65 | trace |
| T:17:17:00 | WinXP | 64.183.255.173 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 43 | 4e2690d61d NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:19:00 | WinXP | 114.48.130.227 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 5e8ccc4190 NEW |
8d5f86583f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:51:00 | Win2K-f | 24.155.168.155 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS, ARLINGTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:52:00 | WinXP | 187.82.107.26 (CAMPUSEAI.ORG): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | d11b1f56f9 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:28:00 | Win2K-f | 98.103.25.153 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 42 37 of 41 |
359d245014 NEW 3d25e55087 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:07:00 | Win2K-f | 203.196.77.74 (SPACELAN.NE.JP): KANAZAWA CABLE TELEVISION NET CO. LTD, KANAZAWA, ISHIKAWA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
2fc89991b2 NEW 7bdf45b79a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:31:00 | WinXP | 121.121.250.75 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 1096ba143e NEW |
none[none] | none:none |
none|none | none | none |
| T:22:50:00 | WinXP | 113.210.176.192 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:56:00 | Win2K-f | 50.81.7.85 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 40 38 of 40 |
474acf88e5 NEW 68f0c14692 NEW |
1f53944b24 [0] ccc1b24d53[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| 23:17:00 | Win2K-f | 87.97.207.167 (PL.EKK.BG): EKK CATV PLOVDIV, PLOVDIV, PLOVDIV, BG. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk :www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 EU:78.40.35.134:80 EU:91.198.22.70:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
4 of 37 | 8ce32ded17 NEW |
none[3] | none:none |
Armadillo| | none | trace |
| T:23:19:00 | WinXP | 66.54.121.155 (DIGICELBROADBAND.COM): DIGICEL CAYMAN, KY. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 39 35 of 38 |
2205443cc8 NEW b9297745a1 NEW |
04ce1ed773 [none] 4294884d84[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=64 embedded dns |
none trace |
| T:23:34:00 | Win2K-f | 24.106.224.238 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
0563ea7af7 NEW 7e1532574f NEW |
bc2e11a802 [0] e6930769d0[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=65 embedded dns lines=91 |
trace trace |
| T:23:42:00 | WinXP | 183.82.198.208 (-): . |
n/a | DE:citi-bank.ru :bitermi.com US:casamusicaldelgado.com :berkanenow.com DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 42 | 33ffb2cb88 NEW |
none[none] | none:none |
none|none | none | none |