Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

07 January 2013
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:07:00 WinXP 46.237.37.241 (-):
. n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 267b33fd90
NEW none[none] none:none
none|none none none

00:37:00 Win2K-f 108.129.186.82 (-):
. n/a :www.maxmind.com
EU:checkip.dyndns.org
174.36.207.186:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:00:51:00 WinXP 109.102.138.169 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 94227c2434
NEW none[none] none:none
none|none none none

04:12:00 Win2K-f 200.46.214.131 (-):
CAMPAGNANI BBDO,
PANAMA CITY, PANAMA, PA. (100Mbps) n/a :www.google.com
:dkyzpiuxu.org
:vlnmrog.net
:xrqtefpxb.com
:qseohrfr.com
:btrpqnstfw.net
:wdkris.net
US:gkivaa.biz
:swuvqltgoiq.info
:jiwqqkg.info
US:dnvvhekl.biz
US:lhwffgu.biz
:oqoblpy.info
:bizakuzw.org
:yhuwjugqy.org
:znjyzadxls.info
:cgeiblr.org
:maeenjc.org
:vbkfzwp.net
:rojarxj.info
:zzhgigh.org
:ytgdkg.org
:gihbuzvr.info
:gbedmy.info
:wfrqjplgwje.net
:nsuiltge.com
:wtfvfz.net
:wtfqdkmv.info
:hcmvg.com
:ytijppub.net
:qfqigfu.info
:viwlbgebew.info
US:qcskqcv.biz
:mkurptiq.net
:jfifyecb.info
:bkzgc.org
:chqpddkyslk.org
:ioekuuvp.info
:wtfvfugah.com
:lamumevx.com
:olewiv.org
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

07:17:00 Win2K-f 200.232.163.65 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a US:www.w3.org
:aphuahmm.org
:uwxsae.com
:sttfboyukcc.net
:gbedmy.info
:qwsjvwd.net
:ckvwbpesu.info
:zqoipzybx.com
US:wnnrzbx.biz
:yuzwgdafgfh.net
:dufvfvew.net
:xkeonxrnih.info
:laevw.info
:hmgzzsqi.com
:dnetyz.com
:ytijppub.net
:chqpddkyslk.org
:ffxlttsu.info
:btrpqnstfw.net
:egaokczibq.net
:kfwxcy.info
:cmbqlwa.com
:tgaykv.info
US:ghgcicsrq.biz
:sokppplgv.com
US:qpwefh.biz
:wtfvfz.net
US:jxkraao.biz
:uzjssvlrr.org
:fkbcbsgga.com
:bjtylta.com
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
19 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:07:58:00 WinXP 87.2.156.118 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
BERGAMO, LOMBARDIA, IT. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

07:58:00 Win2K-f 109.224.58.132 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:08:00:00 WinXP 31.63.191.28 (-):
. n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 9ebcc2e373
NEW none[none] none:none
none|none none none

08:32:00 WinXP 31.63.191.28 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 0fe98504ca
NEW none[none] none:none
none|none none none

T:10:06:00 WinXP 5.79.196.168 (-):
. 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 94227c2434
NEW none[none] none:none
none|none none none

10:22:00 Win2K-f 89.179.94.174 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a :www.google.com
:wtfqdkmv.info
:wfrqjplgwje.net
US:mxrrx.biz
:qmdhsgpu.org
US:jszfhxokygh.biz
:ydfswwipd.info
:ytijppub.net
:phmvwrsysyg.net
:bkzgc.org
:xkeonxrnih.info
:pljytehzuwl.net
:heafejgqx.info
:hchthcuqi.org
:tjxpo.com
:olewiv.org
:zawuklyg.net
:jlrgemsygu.net
:dnisekoojp.org
US:esfptyyzigh.biz
:iqbkili.com
US:lnvoxutsz.biz
:wdkris.net
:zlbrboru.info
:jrjkgcycquy.org
:aaysazbe.net
:chqpddkyslk.org
:dufvfvew.net
:vbkfzwp.net
:cgeiblr.org
:fwmojcogo.info
:yhfhqxkl.info
US:uqkeecjhee.biz
:xrqtefpxb.com
:yhuwjugqy.org
:pkefw.info
:ckvwbpesu.info
:vyvzrzq.org
:drcpt.net
:tmxkwi.com
:atxtybump.com
:mrovpwyho.net
:yhhhgxgvrwc.net
:fzpum.net
US:gkivaa.biz
:xzbitfdmvfw.net
:tvxtsjek.info
:iadnrtxvq.info
:njxirnk.org
:ioekuuvp.info
:vkgtrnsi.org
:rauptvy.com
:nclbrsfgbc.info
:cptofz.net
:fafbcdih.net
:nztjz.org
US:gijmi.biz
US:xeppe.biz
:egaokczibq.net
:bjtylta.com
:qqdbt.info
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none 8baef7f487
NEW none[none] none:none
none|none none none

T:10:32:00 Win2K-f 118.83.90.194 (HTOJ.J-CNET.JP):
JCN-HTMNET,
JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
122 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0b951c2832
NEW
e4ed4df0f0
NEW 5fe761661a [0]
de471fc380[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:11:35:00 Win2K-f 223.19.223.41 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:56:00 WinXP 31.200.166.203 (-):
. n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 38 of 42 0d1eb4df79
NEW none[none] none:none
none|none none none

13:28:00 Win2K-f 46.196.138.141 (-):
. n/a :www.maxmind.com
DE:131.220.6.26:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:15:48:00 WinXP 87.15.135.25 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MILANO, LOMBARDIA, IT. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 42 d1e8440870
NEW none[none] none:none
none|none none none

T:15:53:00 WinXP 173.81.9.117 (SUDDENLINK.NET):
SUDDENLINK COMMUNICATIONS,
TYLER, TEXAS, US. (100Mbps) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:17:27:00 Win2K-f 72.48.163.159 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS LANTANA,
ARGYLE, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:55:00 Win2K-f 95.180.104.131 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) n/a US:www.ask.com
US:trafficconverter.biz
:lioeiztb.net
:nlblqrjtcs.info
US:xykfclpe.biz
US:rjhrmdump.biz
:dyetbmtgzt.org
:jjsavy.org
:ngxwbpnq.org
US:ovswlxsf.biz
:xylyn.org
:zwnmtgwinz.info
:cvferlul.com
US:yvogpomg.biz
US:fkqcdfrj.biz
US:plygig.biz
:poxwblx.org
:tyydzgpw.org
:hwocgqcmm.org
:sqqecs.com
:igbvty.info
:bzjbhmmnw.info
US:bvbffsjx.biz
US:cmkduxwu.biz
:wqbeoi.com
:vghufhgy.org
:aakfwcei.com
US:vyeuzavbsn.biz
:vdzehf.net
:rbjzgu.net
:koyslwkc.org
:kiwvntbapl.org
US:neayujgplyc.biz
:oprqlax.net
:fvojex.info
:ykhcadee.info
US:ebvuvl.biz
US:cqwyty.biz
:onzzmbt.info
:mmzfylxackr.com
:kgzsl.com
:atslses.org
:tbkqanob.info
:jfqttdce.net
:ahzgl.com
:ywgorfozy.org
US:mqoxtslom.biz
:jaunuqzspa.org
US:pobin.biz
:ecdjycmc.info
:sciisx.net
:klxfpxl.org
:sjwfjbazkmy.net
:vfrol.net
:mcakldj.com
US:jsrjw.biz
:pyjxjnhv.org
:qtxnzfteauw.com
:bsghqon.info
:hivgqydq.net
:iqrvrac.com
:asrmmbmd.info
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

21:00:00 Win2K-f 60.196.24.211 (-):
DACOM INTERNET SERVICE PROVIDER SEOUL KOREA,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a :www.google.com
:omniqaze.com
:fljosog.info
:whbvsiynqs.org
:wuaxnptbg.org
:uvxjhxbh.org
:eibdek.info
:dzjxkdomjxw.info
:jxulropzrf.info
US:mqoxtslom.biz
:ngxwbpnq.org
:yerdmoiu.org
US:escxi.biz
:mrmbsfn.info
US:flxxigt.biz
US:cqwyty.biz
:sfpbcs.info
:idufbe.net
:clvokcrbr.info
:vmnvmqmmii.com
:rdiabfr.org
:atslses.org
US:axpcfuss.biz
:oiotgr.net
:jilofzhmprz.info
US:teycii.biz
:tyydzgpw.org
:tsuidjhi.org
:lmlqkmvh.org
US:yvogpomg.biz
:sqpseasvxrf.org
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:25:00 WinXP 94.240.175.43 (FLAGMAN.ZP.UA):
UA-FLAGMAN,
KIEV, KYYIV, UA. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball none 94227c2434
NEW none[none] none:none
none|none none none

T:23:29:00 Win2K-f 126.70.65.210 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
KOBE, HYOGO, JP. (DSL) n/a EE:www.starman.ee
FI:194.215.38.135:80
EE:62.65.192.24:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none