|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 01:32:00 | Win2K-f | 78.136.126.131 (-): BROADBAND COSTABLANCA S.L.U, BARCELONA, CATALONIA, ES. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:39:00 | Win2K-f | 190.124.96.13 (-): . |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:46:00 | Win2K-f | 58.64.134.48 (RT-SYSTEM.COM): NEW WORLD TELECOM LTD. HONG KONG, HK. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:54:00 | Win2K-f | 217.79.17.84 (VIS.RU): JSC VOLGOINFORMNET RUSSIA, MOSCOW, MOSCOW CITY, RU. (DIAL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:01:00 | Win2K-f | 37.4.155.7 (-): . |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:17:00 | Win2K-f | 110.77.176.55 (-): CAT TELECOM PUBLIC COMPANY LTD CAT, TH. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 22 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:25:00 | Win2K-f | 95.172.49.30 (-): LIMITED LIABILITY COMPANY MEGA-NN, RU. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:33:00 | Win2K-f | 114.34.31.66 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:40:00 | Win2K-f | 187.59.174.205 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:47:00 | Win2K-f | 211.60.79.157 (BORA.NET): BORANET-NET, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:54:00 | Win2K-f | 189.113.228.134 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 03:01:00 | Win2K-f | 201.43.121.106 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 03:22:00 | Win2K-f | 190.3.63.1 (TECHTELNET.NET): TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A, AR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:27:00 | Win2K-f | 186.247.153.10 (-): . |
n/a | US:www.yahoo.com :odehg.com :qyyts.org :aqzmqyfbpa.com :odoqvr.org US:ekvoflefb.biz US:nhqtdp.biz :cpmlkuxb.com US:qyvvhcg.biz :pjhuty.info US:upqblihe.biz :xzcvwwrpkxe.info :dtgzlh.info :iiiaxdk.org :hqivfdcssi.com :zwbnzyqb.net :xgumjzzd.org :jasdyassasx.com :uvbbct.com US:tgtixpnolbc.biz :jvbtty.info :yqhao.org US:jzjbfpfz.biz :hjceyg.info US:msoshqxtywl.biz US:nwuemkbp.biz :zwwhnvzmcxf.info US:kqytlc.biz US:owbvsg.biz :gxbddqdb.org :vjkiwccurhe.com US:149.20.56.32:80 US:204.152.184.139:80 98.138.253.109:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:11:00 | Win2K-f | 31.176.156.235 (-): . |
n/a | :www.maxmind.com US:checkip.dyndns.org 174.36.207.186:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:06:00 | Win2K-f | 62.248.29.46 (-): TURKSAT UYDU HABERLESME KABLO TV VE ISLETME A.S, GAZIANTEP, GAZIANTEP, TR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:12:00 | Win2K-f | 87.120.210.83 (UNEXBG.COM): NETERRA-POINTTOPOINT2-NET, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:19:00 | Win2K-f | 113.162.208.166 (LOCALHOST): VIETNAM POST AND TELECOM CORPORATION, VN. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:25:00 | Win2K-f | 81.24.242.28 (-): REMOTE DATA SERVICES LIMITED, UK. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:32:00 | Win2K-f | 114.37.60.133 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:39:00 | Win2K-f | 189.47.53.182 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:46:00 | Win2K-f | 114.44.190.118 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:rwptnbsk.biz :acwlqgbgdih.com :yinfcahlvam.com :asxdm.net :dkzajcls.net :libxngvr.org :mfejx.net :yejkj.net :hlkpum.info :lchchhvs.com :klgic.net US:egluhgi.biz US:hqtxbslmwu.biz :nckennyvjh.info :okbzzjueu.com US:ronocg.biz :bdjdmnogfzc.com :mkykqkxze.com :ofbkhttd.org :kuytsihp.net :lsqxjhznur.net :ngepldbd.org :btqfhxzv.org :gxrxwyks.org :dmtqx.info :igoedu.net :gcdkxzmcbl.net :ddtwsy.net :xqwmpndrnav.com :livueyrizx.org US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:53:00 | Win2K-f | 200.62.25.58 (-): DKP CA, VALENCIA, CARABOBO, VE. (100Mbps) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:00:00 | Win2K-f | 111.241.129.45 (-): . |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:07:00 | Win2K-f | 96.24.128.62 (CLEARWIRE-DNS.NET): CLEARWIRE US LLC, CHARLOTTE, NORTH CAROLINA, US. (100Mbps) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:14:00 | Win2K-f | 190.148.74.50 (INTELNET.NET.GT): TELGUA, GUATEMALA, GUATEMALA, GT. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:21:00 | Win2K-f | 61.19.244.132 (-): CAT TELECOM DATA COMM. DEPT IDC OFFICE, BANGKOK, KRUNG THEP, TH. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:27:00 | Win2K-f | 212.63.206.77 (-): NETINFO-NET, STOCKHOLM, STOCKHOLMS LAN, SE. (100Mbps) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 22 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:34:00 | Win2K-f | 125.230.131.139 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:42:00 | Win2K-f | 123.30.9.14 (LOCALHOST): VIETNAM DATA COMMUNICATION COMPANY (VDC), HO CHI MINH CITY, HO CHI MINH, VN. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:49:00 | Win2K-f | 186.218.136.69 (-): . |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 21 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:57:00 | Win2K-f | 79.121.49.208 (KABELNET.HU): VIDANET CABLETELEVISION PROVIDER LTD, HU. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 24 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:04:00 | Win2K-f | 178.20.230.102 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:48:00 | Win2K-f | 211.155.29.6 (SRT.COM.CN): GUANGZHOU CSTEL COMPANY, GUANGZHOU, GUANGDONG, CN. (DSL) |
n/a | EE:www.starman.ee US:microsoft.com FI:www.if.ee FI:194.215.38.135:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:11:00 | Win2K-f | 87.157.222.115 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, DRESDEN, SACHSEN, DE. (DIAL) |
n/a | :www.maxmind.com :getmyip.co.uk EU:checkip.dyndns.org 174.36.207.186:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |