Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

13 October 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:11:00 WinXP 172.162.60.142 (AOL.COM):
AMERICA ONLINE,
US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
184 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:00:59:00 WinXP 213.66.164.142 (TELIA.COM):
TELIA NETWORK SERVICES,
DANDERYD, STOCKHOLMS LAN, SE. (DSL) n/a :siliconfireware.ru
:www.proxy-socks.net
:wpad 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:57:00 Win2K-f 180.207.245.65 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:03:22:00 WinXP 119.154.16.156 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:25:00 WinXP 88.31.133.200 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
SEVILLA, ANDALUCIA, ES. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:04:22:00 WinXP 173.200.73.19 (-):
. n/a 135 pcap raw alerts
ruleset other
61 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:04:58:00 WinXP 101.12.150.230 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:11:00 WinXP 120.138.173.181 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:37:00 Win2K-f 72.48.216.113 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO HUB,
HEWITT, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
119 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:11:28:00 WinXP 64.213.112.87 (GBLX.NET):
GLOBAL CROSSING,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:11:34:00 Win2K-f 67.198.111.92 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS NETWORKS INC,
HARLINGEN, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:12:09:00 Win2K-f 24.234.229.17 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:03:00 WinXP 189.117.169.252 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:24:00 WinXP 2.109.131.66 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:38:00 WinXP 109.54.244.174 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:46:00 WinXP 79.163.14.6 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:14:51:00 WinXP 46.153.82.130 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

16:02:00 WinXP 201.172.114.24 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
42 of 42
38 of 42
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
40 of 43
7 of 37
29 of 29
32 of 32
42 of 42
4 of 41
1 of 43
35 of 43
39 of 40
41 of 42
39 of 43
41 of 43
37 of 43
12 of 43
43 of 43
38 of 44
31 of 32
1 of 43
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
20 of 43
29 of 29
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 38
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
0c3e031d4a
NEW
0d1eb4df79
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
36b7b47613
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
4aa9b2104a
NEW
4be1c730de
NEW
4c0fe7d4b8
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
67a1741edf
NEW
67db574df4
NEW
69f32b85f1
NEW
6e34a6cd4e
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
75c23365eb
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
9f1fc91786
NEW
a12cab51ef
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e1a2e3980d
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [3]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
ASPack|
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
lines=60
none
none
none
none
none
none
none
none
lines=73
none
none
none
none
none
lines=68
none
none
none
none
none
none
none
lines=61
none
lines=68
lines=93
embedded dns
none
none
none
none
none
none
lines=281
embedded dns
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none
none none
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
trace
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
none
trace
trace
none
none
none
none
none
none
trace
none
none
none
trace
none
none
trace
trace
trace
trace
none
none
none
none
none
none
none

17:31:00 WinXP 186.180.73.236 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
42 of 42
38 of 42
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
40 of 43
7 of 37
29 of 29
32 of 32
42 of 42
4 of 41
1 of 43
35 of 43
39 of 40
41 of 42
39 of 43
41 of 43
37 of 43
12 of 43
43 of 43
38 of 44
31 of 32
1 of 43
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
20 of 43
29 of 29
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 38
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
0c3e031d4a
NEW
0d1eb4df79
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
36b7b47613
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
4aa9b2104a
NEW
4be1c730de
NEW
4c0fe7d4b8
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
67a1741edf
NEW
67db574df4
NEW
69f32b85f1
NEW
6e34a6cd4e
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
75c23365eb
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
9f1fc91786
NEW
a12cab51ef
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e1a2e3980d
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [3]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
ASPack|
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
lines=60
none
none
none
none
none
none
none
none
lines=73
none
none
none
none
none
lines=68
none
none
none
none
none
none
none
lines=61
none
lines=68
lines=93
embedded dns
none
none
none
none
none
none
lines=281
embedded dns
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none
none none
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
trace
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
none
trace
trace
none
none
none
none
none
none
trace
none
none
none
trace
none
none
trace
trace
trace
trace
none
none
none
none
none
none
none

T:18:05:00 WinXP 4.159.163.100 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HASTINGS, MINNESOTA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:19:34:00 WinXP 124.241.146.168 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:19:58:00 WinXP 114.44.126.73 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:03:00 Win2K-f 220.130.253.73 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

20:05:00 Win2K-f 186.110.127.242 (-):
. n/a US:www.maxmind.com
US:208.43.124.51:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43
1 of 43
42 of 42
38 of 42
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
40 of 43
7 of 37
29 of 29
32 of 32
42 of 42
4 of 41
1 of 43
35 of 43
39 of 40
41 of 42
39 of 43
41 of 43
37 of 43
12 of 43
43 of 43
38 of 44
31 of 32
1 of 43
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
20 of 43
29 of 29
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 38
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
0c3e031d4a
NEW
0d1eb4df79
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
36b7b47613
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
4aa9b2104a
NEW
4be1c730de
NEW
4c0fe7d4b8
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
67a1741edf
NEW
67db574df4
NEW
69f32b85f1
NEW
6e34a6cd4e
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
75c23365eb
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
9f1fc91786
NEW
a12cab51ef
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e1a2e3980d
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [3]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
ASPack|
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
lines=60
none
none
none
none
none
none
none
none
lines=73
none
none
none
none
none
lines=68
none
none
none
none
none
none
none
lines=61
none
lines=68
lines=93
embedded dns
none
none
none
none
none
none
lines=281
embedded dns
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none
none none
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
trace
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
none
trace
trace
none
none
none
none
none
none
trace
none
none
none
trace
none
none
trace
trace
trace
trace
none
none
none
none
none
none
none

21:32:00 Win2K-f 200.47.115.43 (NET.AR):
COMSAT ARGENTINA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset http
12 lines Argh : 0.3
profile none summary
tarball 41 of 43
1 of 43
42 of 42
38 of 42
40 of 41
39 of 41
29 of 29
38 of 43
22 of 43
1 of 43
none
35 of 43
15 of 42
40 of 43
7 of 37
29 of 29
32 of 32
42 of 42
4 of 41
1 of 43
35 of 43
39 of 40
41 of 42
39 of 43
41 of 43
37 of 43
12 of 43
43 of 43
38 of 44
31 of 32
1 of 43
26 of 28
25 of 25
37 of 42
38 of 42
1 of 43
38 of 41
38 of 44
20 of 43
29 of 29
43 of 43
1 of 43
38 of 43
32 of 32
42 of 43
40 of 43
34 of 34
39 of 41
3 of 37
9 of 38
9 of 42
36 of 43
41 of 41
26 of 43
41 of 42
16 of 44
41 of 43 04d4170d3b
NEW
0a5f0b13d6
NEW
0c3e031d4a
NEW
0d1eb4df79
NEW
1096ba143e
NEW
169a5d5c84
NEW
1a2c0e6130
NEW
1e46eb92be
NEW
258c957144
NEW
2dbc977045
NEW
2f6cab0a72
NEW
3129f5662b
NEW
3420de55b8
NEW
36b7b47613
NEW
3862324588
NEW
3ae357d17b
NEW
488d27fe97
NEW
4aa9b2104a
NEW
4be1c730de
NEW
4c0fe7d4b8
NEW
595430f951
NEW
5e8ccc4190
NEW
63d3d93432
NEW
67a1741edf
NEW
67db574df4
NEW
69f32b85f1
NEW
6e34a6cd4e
NEW
6ffc4847e4
NEW
71395792c5
NEW
741e3b03b3
NEW
75c23365eb
NEW
7d99b0e910
NEW
7f60162c2c
NEW
88edab3d8b
NEW
8a2553433c
NEW
8dcd3108b5
NEW
9276456bf8
NEW
994930c79a
NEW
9f1fc91786
NEW
a12cab51ef
NEW
ab147c2b58
NEW
ac238609b7
NEW
af614537c1
NEW
b502f83a7c
NEW
c66d771507
NEW
c8d42bea74
NEW
d20f157117
NEW
d8040f84d4
NEW
d9cb288f31
NEW
e1a2e3980d
NEW
e4240d7958
NEW
e9117180db
NEW
e9667ba9e6
NEW
e9a62d4b65
NEW
ecc40fb127
NEW
f593071f74
NEW
fb486908b0
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [3]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
8d5f86583f[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [0]
none [none]
none [none]
none [none]
28f5be93b0[0]
none [none]
none [none]
738f555183[0]
d683995e84[0]
45603a001c[0]
none [3]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
UPX|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
PolyEnE|
PolyEnE|
none|none
none|none
none|none
none|none
none|none
none|none
ASPack|
none|none
none|none
none|none
PolyEnE|
none|none
none|none
PolyEnE|
PolyEnE|
UPX|
UPX|
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
lines=60
none
none
none
none
none
none
none
none
lines=73
none
none
none
none
none
lines=68
none
none
none
none
none
none
none
lines=61
none
lines=68
lines=93
embedded dns
none
none
none
none
none
none
lines=281
embedded dns
none
none
none
lines=73
none
none
lines=68
lines=73
lines=174
embedded dns
none
none
none
none
none
none
none
none none
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
trace
none
none
none
none
none
trace
none
none
none
none
none
none
none
trace
none
trace
trace
none
none
none
none
none
none
trace
none
none
none
trace
none
none
trace
trace
trace
trace
none
none
none
none
none
none
none

T:22:12:00 WinXP 220.213.66.254 (WAKWAK.NE.JP):
XEPHION-CIDR-BLK,
KYOTO, KYOTO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:22:19:00 WinXP 76.11.216.214 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
TAYLORVILLE, ILLINOIS, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:27:00 Win2K-f 208.88.70.103 (-):
BBW 4 ACES TOWER CUSTOMER SUBNET,
SHREVEPORT, LOUISIANA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:58:00 WinXP 76.190.216.105 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BEACHWOOD, OHIO, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball none none none none none none none