|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 02:29:00 | Win2K-f | 31.162.27.109 (-): . |
n/a | :rghzh.info :ezmeiyzu.org US:hvhamet.biz :kajcvsojnvk.net :pgirvztaxxc.net :qaeydizzgzb.net :itfnms.org :xrbdlh.net :ocgolshtp.com :sdbywf.org :vfecx.info RU:ecmos.net :ztneste.info :htatwnhl.net US:iaxbrcdbcqq.biz :wlcqbkkc.com :phfbcikgu.org :pykoiss.net :gsdqgdizxn.org :zmoxiutcv.org :cmxnt.info :lkyieni.org :kkkcs.org :dedxgp.info :tcjrkovu.org US:gwizoxej.biz :midlpovj.info :aovyn.net :ctdqtchdgi.org :xpuelehkbd.com :rqrketx.com :jwtnqqcz.org :fawfsyh.net :ywefquowu.com :obocty.net :csrkesgeykn.info :fredcxvl.com :suholdbu.com :fivikez.com :djqlilurl.com :rlspxvsk.org :zadzzwb.net :veghrx.org :xhgeu.com :qbbispzv.info :cdksgnrns.info :sbsoaqshpv.net :nlxnwjaudqk.com :jhwxb.info :yghfmagv.com US:wtowcvyhti.biz :irdlqkb.info :ayvswjtduh.net :zltdheux.info :ojgnrybwu.com :wfxretblxuw.info :oylbdmmxhqt.info :uxxoklcqww.com US:lzsmeiowm.biz :yowneqkdzxp.net US:149.20.56.32:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:33:00 | WinXP | 91.66.118.120 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, LANDAU, RHEINLAND-PFALZ, DE. (DSL) |
n/a | DE:moscow-advokat.ru SE:ced.dal.net :lulea.se.eu.undernet.org :flanders.be.eu.undernet.org SE:vancouver.dal.net SE:ozbytes.dal.net :lia.zanet.net :gaspode.zanet.org.za :london.uk.eu.undernet.org SE:viking.dal.net SE:coins.dal.net :los-angeles.ca.us.undernet.org SE:broadway.ny.us.dal.net NL:brussels.be.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 1511a3f219 NEW |
none[none] | none:none |
none|none | none | none |
| 06:02:00 | Win2K-f | 124.226.153.100 (163DATA.COM.CN): CHINANET GUANGXI PROVINCE NETWORK, NANNING, GUANGXI, CN. (DSL) |
n/a | CN:www.baidu.com :jnpsuf.org :aovyn.net :jbyswxwkxa.org :ujzxia.com :pkidtkkhjgh.net :qdxpxx.info US:bicax.biz :pservlhh.info :veghrx.org US:jzjewvewbta.biz US:lzsmeiowm.biz :yauqxa.net :oylbdmmxhqt.info :abenaafd.net :mptofula.com :kgpueagnayd.org :mzwvdxl.com :rqrketx.com :rlspxvsk.org :fredcxvl.com :rmdprsol.org :ojgnrybwu.com :irdlqkb.info :pjltkwspenm.info :zltdheux.info US:oydabpme.biz :nbdxahby.org US:mhcjf.biz :bewaifhh.com :veuccbjt.info :bfmev.info :xhgeu.com :dgwfuxykooi.info :nrapnhmh.net :ojwkgjpj.net :pjrfq.net :slckngmjta.org :pcnak.org US:npsips.biz :obocty.net :suholdbu.com :ugfxrdcl.com :lkyieni.org :ioswpoximo.com :xocpf.org :hlhabq.net :johyalku.com US:wthrvygy.biz :fivikez.com :qorkiughmf.info US:149.20.56.34:80 US:204.152.184.139:80 CN:220.181.111.147:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:56:00 | Win2K-f | 91.66.118.120 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, LANDAU, RHEINLAND-PFALZ, DE. (DSL) |
n/a | :www.maxmind.com EU:checkip.dyndns.org 174.36.207.186:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:08:00 | Win2K-f | 92.36.216.8 (NET.BA): BH TELECOM D.D. SARAJEVO, SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:37:00 | Win2K-f | 81.235.231.141 (TELIA.COM): TELIA NETWORK SERVICES, STOCKHOLM, STOCKHOLMS LAN, SE. (DSL) |
n/a | US:bicax.biz :kkkcs.org US:hvhamet.biz :hfrbstnlcp.org US:hhdboqazof.biz :bglnfldn.com :fawfsyh.net :bdnfeyawyl.net :kuefzk.info :jbyswxwkxa.org :htatwnhl.net :hjhmngxrre.com :ocgolshtp.com :jddtypsa.org US:cwatiruro.biz :qdxpxx.info :joyuomtzmq.com :fuhjxcn.org :midlpovj.info :vyjxlznet.org :rqrketx.com :rzugytnf.info US:jzjewvewbta.biz :oollxtw.info :pffxhammuv.net :ioxyfabz.org :zqvsxqianep.info :xhqwgukcw.info :dmzgkmk.org US:rxlyr.biz US:alrgktmq.biz :pnuaooxmn.net US:ayawlfcv.biz :cdksgnrns.info :nrapnhmh.net US:kwuhsempkvc.biz US:wthrvygy.biz :yauqxa.net :akanojjh.net :otpzofvkqx.info US:lzsmeiowm.biz :rsqjquzqhl.org :eyepqrvhrh.info :bewaifhh.com :ntzkwaxx.org :eddviemlnr.org :mptofula.com US:rhwye.biz :vxbgypyn.org :tfuxdvo.org :jdnvleecn.org :yghfmagv.com :zltdheux.info :suholdbu.com :jrrbfegr.com :kgpueagnayd.org :ugfxrdcl.com :whvcwnm.org :qkywmytmzr.com :phfbcikgu.org :txxbqdsgbt.info :ebghcthww.info US:pzyidhx.biz :pservlhh.info :irdlqkb.info :ueskptiy.net US:wtowcvyhti.biz :estjncfo.com :knjrlakczs.com US:swmjqbug.biz :aovyn.net :dgwfuxykooi.info :xhgeu.com :ojwkgjpj.net :rmdprsol.org :nbdxahby.org :vnhzieey.org US:wasiojxi.biz :nijom.info :gexxuddpn.net EE:www.starman.ee EE:www.online.if.ee FI:www.if.ee EE:195.50.195.10:443 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
lanman http 35 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:53:00 | Win2K-f | 94.156.20.211 (TELECABLENET.COM): NETERRA-TELECABLENET-NET, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:23:00 | Win2K-f | 93.113.146.43 (-): SC C.O.CO SRL, RO. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:28:00 | Win2K-f | 211.112.57.44 (ELIM.NET): ELIMNET CO. LTD, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
n/a | EE:www.starman.ee :www.google.com :kzdtvmci.com :vwhvbtjqr.info :otpzofvkqx.info :lwrkyowm.com :xhgeu.com :tcjrkovu.org :ciluuffp.info :nbdxahby.org :qdxpxx.info :sxfwvzon.org :nrapnhmh.net :qprdjuuuqt.info :sssadqftm.info US:lmpqgjpkyme.biz :qkywmytmzr.com :pservlhh.info :ctdqtchdgi.org :veghrx.org :ebghcthww.info US:rhwye.biz :rmdprsol.org :cmxnt.info :gmvntgw.info :pykoiss.net :phfbcikgu.org :kuefzk.info :rpmgphcp.net :kghjwxhy.org US:jrijirc.biz :eyepqrvhrh.info :qbyqtfbg.net US:tqykynlorg.biz :akanojjh.net US:gldva.biz :xtdmd.info :oylbdmmxhqt.info :xxmtjh.info :slckngmjta.org :pcnak.org :ojwkgjpj.net FI:194.215.38.135:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:50:00 | Win2K-f | 216.249.90.237 (SMITHVILLEDSL.NET): SMITHVILLE TELEPHONE COMPANY, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | EE:www.starman.ee US:trafficconverter.biz FI:194.215.38.135:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:43:00 | Win2K-f | 14.102.94.50 (-): . |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 US:204.152.184.139:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:51:00 | Win2K-f | 37.17.140.95 (-): . |
n/a | EE:www.starman.ee FI:www.if.ee FI:194.215.38.135:80 US:204.152.184.139:80 EE:62.65.192.24:80 |
139 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:58:00 | Win2K-f | 186.36.1.242 (CHILESAT.NET): TELMEX SERVICIOS EMPRESARIALES S.A, CL. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee FI:194.215.38.135:80 EE:62.65.192.24:80 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:03:00 | Win2K-f | 62.101.104.138 (IP.FASTWEBNET.IT): TECHOSP SPA VIA MANZONI 56 20089 ROZZANO (MI), MILANO, LOMBARDIA, IT. (100Mbps) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 US:204.152.184.139:80 EE:62.65.192.24:80 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:08:00 | Win2K-f | 46.214.174.8 (-): . |
n/a | EE:www.starman.ee FI:www.if.ee EE:62.65.192.24:80 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:13:00 | Win2K-f | 109.87.58.21 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | EE:www.online.if.ee EE:www.starman.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:18:00 | Win2K-f | 79.124.92.68 (PC010093.AIRBITES.BG): AIR BITES BULGARIA, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee FI:194.215.38.135:80 EE:62.65.192.24:80 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:35:00 | Win2K-f | 87.251.151.47 (-): NETWORK FOR VIPINET, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | US:www.ask.com :bkzsuyoi.info :ujzxia.com US:smsodd.biz :gpirewrg.net :ioxyfabz.org :wlcqbkkc.com :hlbkeqzs.org :pfugrek.info :zmdrxanxwmp.net :slckngmjta.org :ipkvzgn.com :nvfhtkb.org :wfxretblxuw.info :bfcrkwntaiu.com :sssadqftm.info :kzdtvmci.com :cmxnt.info :dmzgkmk.org :kzgywxci.org :ojwkgjpj.net :htywezxoabg.com :ntzkwaxx.org :qbbispzv.info :rzugytnf.info :bglnfldn.com US:cwatiruro.biz US:alrgktmq.biz :veghrx.org :yauqxa.net :ciluuffp.info :qkywmytmzr.com :jddtypsa.org US:lmpqgjpkyme.biz US:tqykynlorg.biz :oollxtw.info :kajcvsojnvk.net :dylztou.com :ruuqg.net :htatwnhl.net :hjhmngxrre.com :gmvntgw.info US:jrijirc.biz :sdbywf.org :estjncfo.com :otpzofvkqx.info :dedxgp.info :trshh.net :nlxnwjaudqk.com :rlspxvsk.org :itfnms.org :midlpovj.info :jdnvleecn.org :qaeydizzgzb.net :jwtnqqcz.org :yowneqkdzxp.net :vxbgypyn.org :dezzgy.org :jrrbfegr.com :fhwvjhuyhd.info US:mhcjf.biz :mjcvxswj.com :sirrrecvv.info :gsdqgdizxn.org :tfuxdvo.org US:rhwye.biz :ojgnrybwu.com :ueskptiy.net US:swmjqbug.biz :rpmgphcp.net :lgeljlorj.net US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:16:29:00 | WinXP | 69.42.10.8 (ASTOUND.NET): ASTOUND BROADBAND, WALNUT CREEK, CALIFORNIA, US. (DSL) |
213.155.14.161:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 | bcb3ec60f2 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:53:00 | WinXP | 178.137.214.183 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
213.155.14.161:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 42 | 22340630ac NEW |
none[none] | none:none |
none|none | none | none |
| T:18:06:00 | WinXP | 49.124.225.187 (-): . |
n/a | DE:citi-bank.ru DK:bem.dk US:banboon.com MY:bdb.com.my TH:baulaung.org IR:bazyar-arya.com :barlikinsaat.com.tr TR:basamakhalisi.com DE:213.155.14.161:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 57d9829b6a NEW |
none[none] | none:none |
none|none | none | none |
| 18:51:00 | Win2K-f | 31.13.233.173 (-): . |
n/a | FI:www.if.ee EE:www.starman.ee FI:194.215.38.135:80 US:204.152.184.139:80 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:45:00 | Win2K-f | 101.109.167.134 (-): . |
n/a | CN:www.baidu.com :annbpzas.com :snurydd.com US:espzaauho.biz :iaxmt.com :tmzsurxb.com :aykez.net :mcnhjs.net :mymjj.com US:mmtto.biz :spbxxkfoiap.net :wfepqq.net :vgmji.org :npsavcxj.com :mnoajfpnj.net :zsnltjfjit.org :qezlq.com :jvkfbq.info :yjdswhojpwp.com :lwzacr.org :dhhonqwwijm.com US:jpqpmr.biz :nhrxwedzhv.net US:gfwyxcwq.biz :czhoka.org :rvazcnzslry.info :abamw.info :ebnbrsqtib.com :qqbskobh.net :niquadtfw.info :hsdaf.com :fmtqq.org :hzibgl.com :ftwqjmihxfy.org US:jvhqta.biz :akvwy.net :bbiuxr.com :mvtccnzrhm.com :qedlxw.org :qhyifepi.org US:obyehxntkyf.biz :dmidism.com :tsqvnpap.info :ammvhiuw.info US:zwsimeipu.biz :sdyamloy.net US:iekerrlu.biz :nmwqybx.org :pdvezhoczi.info :babkuao.net :uauynvnxwrb.info :ocqqykqk.org :lsjxbozd.info :guixlfttjpp.com US:nzlzoxgcjy.biz :irdibv.info :ekdgtbul.net US:wzltgndh.biz :hgavs.org :vkliqtvoi.info :cupvqm.com :mffoarff.net :cnvbmijx.info US:hxphgfpzbg.biz :oajejxb.org :pbcowae.net :vpvpjpcw.com :wtqvuqrpja.net US:kidqr.biz US:snakjrtui.biz :kfxlteqrka.com US:149.20.56.32:80 FI:194.215.38.135:80 US:204.152.184.139:80 CN:220.181.111.147:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |