Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

07 February 2013
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

01:14:00 Win2K-f 87.121.27.43 (TELECABLENET.COM):
NETERRA-TELECABLENET2-NET,
SOFIA, GRAD SOFIYA, BG. (DSL) n/a EE:www.starman.ee
EE:www.online.if.ee
FI:www.if.ee
EE:195.50.195.10:443
EE:62.65.192.24:80 445 pcap raw alerts
ruleset http
8 lines Argh : 0.3
profile none summary
tarball none none none none none none none

01:19:00 Win2K-f 95.30.101.102 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a
FI:194.215.38.135:80
EE:195.50.195.10:443 445 pcap raw alerts
ruleset http
6 lines Argh : 0.3
profile none summary
tarball none none none none none none none

01:34:00 Win2K-f 212.225.151.222 (PTVTELECOM.COM):
ES-PROCONO-AS,
CóRDOBA, ANDALUCIA, ES. (DSL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

04:14:00 Win2K-f 186.92.128.45 (-):
. n/a :www.google.com
:ozasqvcy.com
:kysvhia.com
:jggopmpw.org
US:gaswbs.biz
:iafqfyaewi.org
:zoxtvybd.info
US:oqzbhv.biz
:aggvq.info
:nzziobgd.org
:comhglok.org
:rxlsjulobtc.net
US:bztzsyve.biz
:xpinmbsw.org
:zuuqmlm.net
:mnwhhmxqhah.net
US:mmtixxct.biz
:zlqugk.net
:cyivjwvj.org
US:abvruerm.biz
:ognqpespr.info
:hckecf.org
US:nvtgfkxsqag.biz
:fbvvpuzk.net
:cqctanzixn.org
:shqjhob.org
:kxgkcgrabz.com
:tavikyqombq.org
US:emvrpoh.biz
:dfqrydspn.org
US:gcrlf.biz
:hkaioylj.com
:gpzmpvasvh.net
US:tlhafzns.biz
US:udbimfrz.biz
:crhjyavm.info
:udxjej.org
US:fhzyqqwi.biz
:vndlvv.com
US:spwdxxp.biz
:hmabuqhk.net
:meamylmvxm.net
:psrxdjzwere.net
US:crgugsyk.biz
US:qvsbj.biz
US:aepxcipvja.biz
:rslqxk.com
:tpgcioqgm.info
:onpaepedwhs.org
US:rlauezos.biz
:aqfvicvf.net
:tyjrxmd.info
:ysmjnvqvg.info
:yeraue.info
:wmddbnn.info
:qwnuewnlt.org
:elnqz.org
:hgnqlws.com
:vqwflrdro.org
US:awbrruooxp.biz
US:nehrabro.biz
:dvmtrcmtaya.com
:lgsyhrlhvjy.net
:zubyiabmyan.com
:lvozrrtizq.org
US:dvcojzrpy.biz
:qdkiztkk.net
:itbaguiqv.org
:exlyswjmzo.com
:lzuopagq.net
:tsycbdxlp.info
EE:www.starman.ee
FI:www.if.ee
EE:www.online.if.ee
EE:195.50.195.10:443
US:204.152.184.139:80
EE:62.65.192.24:80 445 pcap raw alerts
ruleset http
8 lines Argh : 0.3
profile none summary
tarball none bcc74ed7d9
NEW none[none] none:none
none|none none none

06:27:00 Win2K-f 201.189.54.164 (-):
. n/a EE:www.online.if.ee
EE:www.starman.ee
US:trafficconverter.biz 445 pcap raw alerts
ruleset http
15 lines Argh : 0.3
profile none summary
tarball none none none none none none none

06:32:00 Win2K-f 95.253.123.123 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA WIRELINE SERVICES,
ROME, LAZIO, IT. (DSL) n/a FI:www.if.ee
EE:www.starman.ee 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

06:42:00 Win2K-f 78.92.203.170 (T-ONLINE.HU):
T-ONLINE CATV CLIENT POOL,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

06:52:00 Win2K-f 62.68.59.114 (LTTNET.NET):
AFRINIC,
TRIPOLI, TARABULUS, LY. (DSL) n/a US:trafficconverter.biz 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

06:57:00 Win2K-f 95.29.9.88 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (100Mbps) n/a EE:www.starman.ee
EE:www.online.if.ee
FI:194.215.38.135:80
EE:195.50.195.10:443 445 pcap raw alerts
ruleset http
7 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:02:00 Win2K-f 117.232.7.226 (10/24.BSNL.IN):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:07:00 Win2K-f 200.168.69.38 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a EE:www.online.if.ee
EE:www.starman.ee
FI:194.215.38.135:80
EE:195.50.195.10:443 445 pcap raw alerts
ruleset http
9 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:12:00 Win2K-f 106.67.96.99 (-):
. n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:17:00 Win2K-f 77.112.18.84 (PLUS.PL):
POLKOMTEL S.A,
BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) n/a EE:www.online.if.ee
EE:www.starman.ee
:www.google.com
:aywfrboakzm.info
:kxgkcgrabz.com
:cpouixkm.com
:pgugqxpr.org
:dowlqzy.com
:hnwuvuegs.net
:hkaioylj.com
:udxjej.org
:ysxuc.com
:vuasuhzy.com
US:hkxkzpohkr.biz
US:pjaxepdk.biz
:jkqawvzyc.net
:xqogvq.org
:klvebx.org
:psrxdjzwere.net
:onpaepedwhs.org
:jzhnbdv.com
:tsycbdxlp.info
:rxaisl.org
:mnwhhmxqhah.net
:yaculw.com
:zkddd.info
:rqermi.org
US:ozlsvdvucwx.biz
US:kkhxsm.biz
:ognqpespr.info
:tdwhpjrx.net
:rxlsjulobtc.net
:xnhhhuss.org
:mruupk.com
:rslqxk.com
US:iphudnvo.biz
:hmabuqhk.net
:glcgnqzl.org
:lljeax.net
:cbvkeytto.org
US:gcagoa.biz
:yeraue.info
:xavaogqin.info
US:lhrwnccx.biz
:yhipurfb.com
:qyegglmde.org
US:bztzsyve.biz
:lzuopagq.net
:psouwabwit.net
US:izpitsb.biz
US:gcrlf.biz
US:awbrruooxp.biz
:crhjyavm.info
EE:195.50.195.10:443 445 pcap raw alerts
ruleset http
6 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:22:00 Win2K-f 187.11.16.111 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:27:00 Win2K-f 64.79.93.102 (-):
. n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:32:00 Win2K-f 181.0.21.135 (-):
. n/a EE:www.starman.ee
FI:www.if.ee 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:37:00 Win2K-f 220.167.52.35 (163DATA.COM.CN):
CHINANET SICHUAN PROVINCE NETWORK,
CHENGDU, SICHUAN, CN. (DSL) n/a 139 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:42:00 Win2K-f 176.61.187.98 (-):
. n/a EE:www.starman.ee
FI:www.if.ee
FI:194.215.38.135:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:47:00 Win2K-f 60.251.122.199 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:52:00 Win2K-f 46.55.159.60 (-):
. n/a FI:www.if.ee
EE:www.starman.ee
US:trafficconverter.biz 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

07:57:00 Win2K-f 175.157.242.247 (-):
. n/a US:trafficconverter.biz 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:02:00 Win2K-f 128.72.154.129 (TERMBILLING.COM):
VARIOUS REGISTRIES,
UK. (DSL) n/a FI:www.if.ee
EE:www.starman.ee 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:07:00 Win2K-f 91.225.22.51 (NACKSYSTEM.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset http
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:12:00 Win2K-f 206.174.56.143 (GCI.NET):
GENERAL COMMUNICATION INC,
FAIRBANKS, ALASKA, US. (DSL) n/a EE:www.starman.ee
FI:www.if.ee
FI:194.215.38.135:80
EE:62.65.192.24:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:17:00 Win2K-f 200.84.131.60 (CANTV.NET):
CANTV SERVICIOS VENEZUELA,
CARACAS, DISTRITO FEDERAL, VE. (DSL) n/a EE:www.starman.ee
EE:www.online.if.ee
FI:www.if.ee
FI:194.215.38.135:80
EE:195.50.195.10:443 445 pcap raw alerts
ruleset http
26 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:08:20:00 WinXP 121.91.90.147 (ISEEK.COM.AU):
ISEEK COMMUNICATIONS,
BRISBANE, QUEENSLAND, AU. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 42 22340630ac
NEW none[none] none:none
none|none none none

08:22:00 Win2K-f 120.140.176.98 (-):
PACKET ONE NETWORKS (M) SDN,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a FI:www.if.ee
EE:www.starman.ee
FI:194.215.38.135:80
EE:62.65.192.24:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:27:00 Win2K-f 95.25.46.141 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a EE:www.starman.ee
EE:www.online.if.ee
FI:194.215.38.135:80
EE:195.50.195.10:443 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

08:32:00 Win2K-f 46.164.206.31 (-):
. n/a EE:www.starman.ee
FI:www.if.ee
FI:194.215.38.135:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:08:49:00 WinXP 188.255.63.178 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) n/a PT:siliconfireware.ru
:wpad
GB:welcome3.smile.co.uk
RU:www.masterbank.ru 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
NEW none[0] none:none
ASPack| lines=298
embedded dns trace

T:10:51:00 Win2K-f 72.77.239.227 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
SARASOTA, FLORIDA, US. (100Mbps) n/a EE:www.starman.ee
US:microsoft.com
FI:194.215.38.135:80
EE:62.65.192.24:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

11:12:00 Win2K-f 202.43.110.49 (-):
DTS COMMUNICATION TECHNOLOGIES CORPORATION,
VN. (DSL) n/a US:www.yahoo.com
:wvsjmbqg.org
:ojqlr.net
:ceuhsgn.info
:nzziobgd.org
:gcanpccp.info
:gvdhcaw.info
US:dvcojzrpy.biz
US:izpitsb.biz
US:bkybbuac.biz
:wszopuhvxl.info
:crhjyavm.info
US:wrffi.biz
:cqctanzixn.org
US:emvrpoh.biz
:xtfcaduk.com
:elnqz.org
US:ozlsvdvucwx.biz
:qasdyxt.com
US:hkxkzpohkr.biz
:fxhsol.info
:ofohv.org
US:pssgjmrni.biz
:vwwrqqs.net
:ocptzyamoha.net
:cyivjwvj.org
:fxojaflwrco.org
:ozasqvcy.com
:ncvvyejh.net
:foioymjrwgb.org
:dvmtrcmtaya.com
:itobseoq.com
:skbfifjyd.info
:smmer.net
:npyixp.com
US:kwrnhfj.biz
US:crgugsyk.biz
:hckecf.org
:ysxuc.com
:mcsayfe.org
:kwajhtpzhzr.net
:lxnsaz.com
:yjxsjsnr.com
:lrclfw.org
:rlphcxyxc.net
:lljeax.net
:jzhnbdv.com
:eapdephxnar.org
:psrxdjzwere.net
:kyetif.net
:dfqrydspn.org
:uytoetti.com
:yhipurfb.com
:xqogvq.org
:gjoxmzypup.info
:etcxvar.com
:lofpih.com
:zubyiabmyan.com
:hnwuvuegs.net
:aywfrboakzm.info
:ognqpespr.info
:hkaioylj.com
:zsnhhbyexk.info
:mruupk.com
:ovykddsl.net
:yeraue.info
US:pjaxepdk.biz
:lhbpcjwguf.com
US:awbrruooxp.biz
US:bvjivq.biz
US:gaswbs.biz
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
9 lines Argh : 0.3
profile none summary
tarball none none none none none none none

13:28:00 Win2K-f 190.203.97.186 (CANTV.NET):
CANTV SERVICIOS VENEZUELA,
CARACAS, DISTRITO FEDERAL, VE. (DSL) n/a :www.google.com
:rgntateib.org
:xqowliyy.org
US:pxfotkfd.biz
:qdkiztkk.net
US:aepxcipvja.biz
:lhbpcjwguf.com
:shqjhob.org
:jggopmpw.org
:yeraue.info
:nxmkwnbq.info
:qwnuewnlt.org
:byatvdhmc.com
:hzxuyvql.net
US:mmtixxct.biz
:yaculw.com
:xscjngur.info
:tqnwxlu.org
:wxpbnyd.net
US:mqddlwd.biz
:gjoxmzypup.info
:crhjyavm.info
:rxaisl.org
US:qutai.biz
:fbvvpuzk.net
:mkryuu.info
:cvcakhd.info
:xavaogqin.info
:nzziobgd.org
:gcanpccp.info
:zosypfff.org
:ncvvyejh.net
:nnsruiap.info
US:awbrruooxp.biz
US:lqcbeqyw.biz
:npyixp.com
US:149.20.56.32:80
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

15:45:00 Win2K-f 114.34.74.178 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:checkip.dyndns.org 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

19:08:00 Win2K-f 122.170.103.127 (122.AIRTELBROADBAND.IN):
ABTS-WEST-DSL-MUM,
MUMBAI, MAHARASHTRA, IN. (DSL) n/a :www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
:www.getmyip.org
DE:131.220.6.26:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:23:05:00 WinXP 178.137.213.62 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 42 22340630ac
NEW none[none] none:none
none|none none none

T:23:59:00 WinXP 109.191.74.129 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 213.155.14.161:80 DE:citi-bank.ru
CA:jewellerybazaar.net
BR:casaebar.com.br
:canossadhule.in
:cansesiasknefesi.com
DE:how2gethazanat.ho.funpic.de
:www.evishop.de
:chihuahuaupinghome.com
IN:dehaspas.com 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 42 8689eac5d3
NEW none[none] none:none
none|none none none