|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:03:00:00 | WinXP | 5.228.60.173 (-): . |
n/a | PT:siliconfireware.ru :wpad RU:ebookfinaltrash.ru |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee NEW |
none[0] | none:none |
ASPack| | lines=298 embedded dns |
trace |
| 03:33:00 | Win2K-f | 88.206.73.144 (-): DIAL-UP SERVICE NIZHNIY NOVGOROD, NIZHNIY NOVGOROD, NIZHEGOROD, RU. (DSL) |
n/a | CA:www.msn.com :dcumk.org :hxsgba.org US:impsawjv.biz :jwglvcqisd.info :iimht.net :ggbafxwgj.org :phudquswyvb.info :hrzgibao.org :iatix.org :erwaigxts.com :lzlryd.info :mjbcxqdkzt.com :szuzpl.org :rgiszdj.org :hzmrhaxcme.org :zknoe.info :ghorebhafl.org :wykglukbn.org :hhaqh.org US:qxcms.biz :awtsupxqp.org :ytjvfpvzcq.com US:lixrqkmy.biz US:ugutjes.biz :qvjjjgobfgt.org :dztazx.org :tajngjghsjr.com :fipjqryg.info US:flvycndyznd.biz :sptijoidgz.org :psffwztkf.info US:ozcrx.biz US:sfnsv.biz :actugfp.com :enzjvcn.org :makilpwl.net :sajikgyzv.com :plptylp.info :gxpjhtphyhu.info :sksip.info :vtzjcddrj.com :zehishtbg.info US:tliehypgmy.biz US:aivmoyah.biz :eqtcttkbcq.net :grmwwzpe.info :lgzrzjijw.com :luyxyoy.com US:sakualnug.biz :iblctqsjrb.org US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:53:00 | WinXP | 37.252.73.169 (-): . |
n/a | DE:moscow-advokat.ru :flanders.be.eu.undernet.org SE:ozbytes.dal.net :los-angeles.ca.us.undernet.org NL:diemen.nl.eu.undernet.org SE:coins.dal.net NL:broekhuisjuweliers.nl :gaspode.zanet.org.za :lia.zanet.net SE:vancouver.dal.net TH:btech.ac.th AT:graz.at.eu.undernet.org TR:btr.gen.tr :lulea.se.eu.undernet.org SE:qis.md.us.dal.net TR:burakasansor.com SE:viking.dal.net ES:bytegraf.com :caen.fr.eu.undernet.org TH:nt.go.th :cizreemlak.net :washington.dc.us.undernet.org SE:ced.dal.net DE:82.98.86.164:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 048b720afe NEW |
none[none] | none:none |
none|none | none | none |
| 09:43:00 | Win2K-f | 78.62.28.253 (ZEBRA.LT): LIETUVOS, VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) |
n/a | US:www.w3.org :hylgghzw.info :qggsd.org :yjsgpsna.com :srxqwivno.org :qbiex.org US:bnyiqsz.biz :rjwabk.com :cvdtmmaznw.com US:oucytuzuci.biz US:lixrqkmy.biz :cqpyczbq.net :cgpvmre.org :nvadr.com :awtsupxqp.org US:pljfe.biz :jwyvvwwswf.net :vcocf.info :tkxthitp.com :bryeg.com :ngftwjee.com US:hzyhpyfj.biz :jascabxa.net :qaoavdutw.org :mdnetdync.org :ecabuwmgg.com :nbkqozha.net :hxsgba.org :xzsvpnxj.org :fvzddsyxp.net :ghorebhafl.org US:128.30.52.37:80 US:149.20.56.32:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:07:00 | WinXP | 109.110.132.155 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru :albat.somee.com **:boemaclasic.ro TH:www2.bpp.go.th :caetanojrecruz.adv.br DE:buyukfirsat.bu.funpic.org GB:www.bsnlondon.co.uk :dincermakinasanayi.com.tr DE:213.155.14.161:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | 94227c2434 NEW |
none[none] | none:none |
none|none | none | none |
| 12:10:00 | Win2K-f | 114.44.180.233 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:43:00 | WinXP | 37.229.237.150 (-): . |
213.155.14.161:80 | DE:citi-bank.ru :cikmayedekparca.com :brucegarrod.com :cbbasimevi.com :brandaoematos.com.br **:caglarteknik.com :bharatisangli.in BR:cacs.org.br RO:butacm.go.ro EU:boyabateml.k12.tr :casbygroup.com |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 42 | 8a2553433c NEW |
none[none] | none:none |
none|none | none | none |
| T:14:07:00 | WinXP | 94.240.175.43 (FLAGMAN.ZP.UA): UA-FLAGMAN, KIEV, KYYIV, UA. (DSL) |
n/a | DE:citi-bank.ru :albat.somee.com **:boemaclasic.ro TH:www2.bpp.go.th :caetanojrecruz.adv.br DE:buyukfirsat.bu.funpic.org GB:www.bsnlondon.co.uk :dincermakinasanayi.com.tr DE:213.155.14.161:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 94227c2434 NEW |
none[none] | none:none |
none|none | none | none |
| 15:04:00 | Win2K-f | 31.210.77.45 (-): . |
n/a | FI:194.215.38.135:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:39:00 | Win2K-f | 173.186.213.172 (WINDSTREAM.NET): WINDSTREAM COMMUNICATIONS INC, LITTLE ROCK, ARKANSAS, US. (DSL) |
n/a | :www.maxmind.com DE:131.220.6.26:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:25:00 | Win2K-f | 120.29.103.151 (-): . |
n/a | :getmyip.co.uk :www.getmyip.org US:checkip.dyndns.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |