Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

10 January 2013
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

02:31:00 Win2K-f 89.38.13.18 (TVSATRM.RO):
SC TV SAT 2002 SRL,
BUCHAREST, BUCURESTI, RO. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
23 lines Argh : 0.3
profile none summary
tarball none none none none none none none

02:39:00 Win2K-f 83.243.38.240 (STANSAT.PL):
STANSAT TELEWIZJA KABLOWA,
WARSAW, WARSZAWA, PL. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
24 lines Argh : 0.3
profile none summary
tarball none none none none none none none

02:46:00 Win2K-f 187.52.168.207 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a US:trafficconverter.biz
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
23 lines Argh : 0.3
profile none summary
tarball none none none none none none none

02:54:00 Win2K-f 111.240.89.200 (-):
. n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
24 lines Argh : 0.3
profile none summary
tarball none none none none none none none

03:01:00 Win2K-f 111.93.179.154 (-):
TATA TELESERVICES ISP,
IN. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
24 lines Argh : 0.3
profile none summary
tarball none none none none none none none

03:08:00 Win2K-f 95.27.147.69 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. (DSL) n/a :www.maxmind.com
:getmyip.co.uk
:www.getmyip.org
US:checkip.dyndns.org
174.36.207.186:80
US:204.152.184.139:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
7 lines Argh : 0.3
profile none summary
tarball none none none none none none none

06:55:00 Win2K-f 46.214.208.131 (-):
. n/a US:trafficconverter.biz
:www.google.com
:snmrpl.com
US:ggyqdsip.biz
:nxfeew.info
:whlpktue.org
:qvnic.net
:gcemwfgg.com
:bxlcp.net
:uovfetpqlny.com
:ozfgpc.info
:hddhoudaib.net
US:shblah.biz
US:agzzgdc.biz
:jsxexwywtr.com
:wmvwbnsqv.info
:mffbubvjx.info
:eimhqtx.net
:covwrfi.com
:odgjb.net
:zecyo.org
US:flvmjzgajfi.biz
:dznyrz.info
:exhlza.org
US:tvmdclxtr.biz
:ljinjridvmk.org
:uymnbiwv.net
US:yyukredusod.biz
:mcanqrz.net
US:yrhfelxs.biz
US:vjwmy.biz
:qxzpxaonbxw.org
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:07:19:00 WinXP 46.117.120.39 (-):
. 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:50:00 WinXP 89.145.131.32 (-):
HOME ETHERNET NETWORK,
RU. (DSL) n/a DE:citi-bank.ru
:albat.somee.com
**:boemaclasic.ro
TH:www2.bpp.go.th
:caetanojrecruz.adv.br
DE:buyukfirsat.bu.funpic.org
GB:www.bsnlondon.co.uk
GR:dincermakinasanayi.com.tr
:parex-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 94227c2434
NEW none[none] none:none
none|none none none

T:09:53:00 WinXP 46.162.198.180 (-):
. n/a DE:moscow-advokat.ru
:gaspode.zanet.org.za
:lulea.se.eu.undernet.org
SE:ozbytes.dal.net
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
SE:qis.md.us.dal.net
NL:broekhuisjuweliers.nl
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
TH:btech.ac.th
:london.uk.eu.undernet.org
TR:btr.gen.tr
TR:burakasansor.com
ES:bytegraf.com
:lia.zanet.net
SE:broadway.ny.us.dal.net
TH:nt.go.th
:cizreemlak.net
NL:brussels.be.eu.undernet.org
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 048b720afe
NEW none[none] none:none
none|none none none

10:00:00 Win2K-f 95.180.52.109 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) n/a US:www.w3.org
:hdowcagpxds.net
US:ypcxpqcte.biz
:jwvypytawt.org
:padfs.info
:naacs.info
:btlhlnev.net
:zxenyzi.info
:covwrfi.com
US:gpyyxwwgde.biz
AU:ouroz.com
:jsxexwywtr.com
:jpnjcyp.info
:ewhjolfk.com
:oodrozztad.com
US:domdgupogkb.biz
US:mgochftvnq.biz
:sdqkjpud.org
:cqltexju.org
:aqhvptukp.org
:fqnttqkg.net
US:149.20.56.32:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
21 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:10:10:00 Win2K-f 81.183.207.111 (EMITEL.HU):
EMITEL,
BUDAPEST, BUDAPEST, HU. (DSL) n/a EE:www.starman.ee
FI:www.if.ee
:cx10man.weedns.com
:c010x1.co.cc
AP:g.0x20.biz
:telephone.dd.blueline.be
FI:194.215.38.135:80
EE:62.65.192.24:80
EE:62.65.192.25:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

12:34:00 Win2K-f 91.98.248.93 (PARSONLINE.NET):
PARS,
TEHRAN, ESFAHAN, IR. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

13:05:00 Win2K-f 186.55.44.171 (-):
. n/a CN:www.baidu.com
US:xejssax.biz
:kmikxl.info
:xayfavqelsk.org
US:ekafgzcu.biz
US:vfxuhsjyrqs.biz
:ikogccqe.org
:lhoclohc.com
:zzzunkpn.info
:pszyeruwyh.info
:wpkus.net
US:ppiautci.biz
:exhlza.org
US:dptuzwog.biz
:iohlteafl.net
:gmmwcebwfpn.com
:vwvta.info
:wtbgvphm.info
:hktulwqsnjn.net
:bnivjduzmb.org
:igewict.com
US:cywxanry.biz
:bjqefxuy.com
:fqnttqkg.net
US:jjxsmlfh.biz
US:mgochftvnq.biz
:qsnanx.org
US:ykcdnoln.biz
:cxoxbsrx.net
:lknrbds.info
:rmblmo.info
:hdopnccjayh.org
:phfpqdxcja.org
:bxlcp.net
:mcanqrz.net
:mpnbwa.net
:rchlbbln.info
:dgjkvkohp.net
:oodrozztad.com
:elqoennabfj.net
:qcpif.com
:lxcxd.info
:cszzbzg.com
:ghxcaucz.net
:jwvypytawt.org
US:yrhfelxs.biz
US:wujxpfe.biz
US:aprbkzwgbat.biz
:zecyo.org
:cibzeoahfx.com
:btlhlnev.net
US:149.20.56.32:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
9 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:13:32:00 Win2K-f 72.94.201.25 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WEST GROVE, PENNSYLVANIA, US. (DSL) n/a GB:phonelogin.dnip.net
KR:koopa.dnip.net
EE:www.starman.ee
FI:www.if.ee
:cx10man.weedns.com
US:microsoft.com
:commgr.co.cc
TW:g.0x20.biz
EE:62.65.192.24:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

14:21:00 Win2K-f 90.196.124.242 (SKY.COM):
SKY BROADBAND,
UK. (DSL) n/a :www.maxmind.com
:getmyip.co.uk
:www.getmyip.org
US:checkip.dyndns.org
174.36.207.186:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:16:07:00 WinXP 95.92.57.213 (-):
TVCABO PORTUGAL S.A,
PT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 bdb53fb863
NEW d9d20eabcf [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:09:00 WinXP 184.0.12.0 (EMBARQHSD.NET):
EMBARQ CORPORATION,
US. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

17:31:00 WinXP 173.80.34.97 (SUDDENLINK.NET):
SUDDENLINK COMMUNICATIONS,
TYLER, TEXAS, US. (100Mbps) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 618eb5ba49
NEW none[none] none:none
none|none none none

17:55:00 Win2K-f 46.49.42.66 (-):
. n/a US:www.ask.com
:bpbij.org
US:vxhzseig.biz
:whkgj.org
:lmmfjdqh.com
US:wayjpngyuj.biz
:qsduja.org
US:velffgv.biz
:uhrocotu.info
:kucokhcv.info
:bcepfzgq.org
:safyzyjn.info
:xekuuyudv.net
:uygdmhagn.com
:pfzetoyw.org
:ghfagkpx.com
US:ploaelfc.biz
:gsmqkteiwbd.com
:mpgbxn.net
:vboyptbeg.info
US:vvhyjjfl.biz
:izkfsh.com
US:vurup.biz
:rvetwgjd.info
:wfzxv.net
:sozfdg.info
US:gmgjvczto.biz
US:ykbupvbv.biz
:bdtvpr.net
US:ddivans.biz
:duinstk.info
:kizysmkun.org
:osrnqaz.net
:oueewjsblpt.info
:jdaltvp.org
:dpmgxjhbvkr.com
:uhseifbuq.com
:jliqftx.org
:qowgtgdwdn.org
:mqqkwbbk.net
:xwjaspg.net
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
4 lines Argh : 0.3
profile none summary
tarball none none none none none none none

21:01:00 Win2K-f 206.107.222.118 (EMBARQHSD.NET):
SPRINT DSL NETWORK FL,
LAS VEGAS, NEVADA, US. (DSL) n/a :www.google.com
:acsfrwkc.info
:wytlobqbq.com
:laowvllf.net
:ahfsplek.com
US:gmgjvczto.biz
:yxgvq.org
:omfafuew.com
:ehmjetafhya.info
:qowgtgdwdn.org
:qcljls.org
:qtyqn.info
:bqkdplyw.com
:xjlqgmlk.net
:kgxzkw.net
:epcflqmonkw.org
US:bmmgm.biz
:sfvmbmk.info
US:velffgv.biz
:lcdpzz.org
US:bfwydt.biz
:tqmqje.com
:bcepfzgq.org
:tnkubpgw.net
:mbxipvzvv.net
:izkfsh.com
:vczgfnnww.org
US:ldsfnfemev.biz
:lhxmsatsdv.com
:dbzeayrjrw.org
:uhseifbuq.com
US:149.20.56.32:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:21:00 Win2K-f 101.111.204.92 (-):
. n/a :cx10man.weedns.com
:fx010413.whyI.org
:gynoman.weedns.com
:c010x1.co.cc
:commgr.co.cc
AP:g.0x20.biz
EE:www.starman.ee
FI:www.if.ee
:telephone.dd.blueline.be
:phonewire.dd.blueline.be
:phonelogin.dd.blueline.be
JP:ufospace.etowns.net 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none