|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 04:36:00 | Win2K-f | 95.14.177.20 (TTNET.NET.TR): TELEKOM, ANKARA, ANKARA, TR. (DSL) |
n/a | :www.google.com :gxfyywov.net :resyormx.net US:sjobiwdcjw.biz :pgwlfq.org :mbliwllno.info :oszqwlaljd.com CA:yilua.info :plmnpsl.org US:agjxjopn.biz :egboskr.org :cijowxc.info :hgkydlct.com :oyacanrf.org :vqdzugmpk.net :ycmjaxorrnl.info :kjxdwn.com :gnkhnd.org :rfynbceq.com :kfjrfuv.com :ywcopnqq.info :tsvmg.info :spajobezu.net :oousoavam.net :bqqnyfj.org :bsdgcg.org :gdytmhhc.org :unozvwxm.org :ofasu.com :xvicxu.net :ghzpazglens.org US:adqhc.biz US:tquvln.biz :wefpmgbvo.info :cwiyehqbh.info :iixne.info :qvmvgxgk.org :rrakz.org :yliccosl.com :aozbryo.org :cdgzrvgahf.net US:ivuqsmya.biz :wbuelwkq.org :mzywtcrq.com :mdcddixq.info :xasvpqhv.info :gommvazlyp.info :necvyd.com :lkosqce.com :svvchqgf.org :cvhmam.com :pnqdxcvql.info :vlhchweuw.org US:xpibcdkpw.biz :vujnvfri.org :uiaxxdd.info :clemshrj.info :zxeqgxisoei.info :usmzadt.org :mohfkd.info US:yyysjgutjb.biz EE:www.starman.ee EE:www.online.if.ee FI:www.if.ee :dvecwak.net :wlejeylz.net :szjaozrnf.net :seyxqmfegs.net :qphowobuot.com US:yxphdjww.biz :bkgke.org :akridji.com :btgsebc.net :wpxrb.info US:149.20.56.32:80 FI:194.215.38.135:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:39:00 | Win2K-f | 114.40.176.6 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:www.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 US:204.152.184.139:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:49:00 | Win2K-f | 124.123.76.70 (BEAMCABLESYSTEM.IN): INTERNET TELEPHONY SERVICE PROVIDER, HYDERABAD, ANDHRA PRADESH, IN. (DSL) |
n/a | EE:www.starman.ee :nkarv.net :drrtbmspjni.net :ehozjxxnllq.com :wbuelwkq.org US:dxnqhmma.biz US:ivuqsmya.biz :joorasjpdfy.org :msocyoi.org :yaglshyr.net :xidzboik.com :hddtj.info :yswipfttn.com :awmwa.org :hxvhjrlrznc.com US:vqlbpkz.biz :qwagncvu.info US:oipbxva.biz :kodecykccx.info :zhhlkdwc.org US:vzlqhaqwau.biz :uiaxxdd.info :clxzdtq.info :viptmunjbu.com :eroclxuzv.net :gnkhnd.org :qmewsn.com :ojitrobbc.org :akridji.com :ghzpazglens.org :tfvzw.net EE:www.online.if.ee FI:www.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:01:00 | Win2K-f | 178.40.191.139 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | EE:www.online.if.ee EE:www.starman.ee FI:www.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:12:00 | Win2K-f | 188.173.32.245 (RIPE.NET): EUROPEAN REGIONAL REGISTRY, UK. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:22:00 | Win2K-f | 186.36.21.93 (CHILESAT.NET): TELMEX SERVICIOS EMPRESARIALES S.A, CL. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:46:00 | Win2K-f | 109.175.91.224 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 US:204.152.184.139:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:54:00 | Win2K-f | 37.157.139.249 (-): . |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:04:00 | Win2K-f | 2.92.195.245 (-): . |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:14:00 | Win2K-f | 109.197.84.164 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:24:00 | Win2K-f | 110.139.119.45 (TELKOM.NET.ID): PT TELKOM INDONESIA, JAKARTA, JAKARTA RAYA, ID. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:34:00 | Win2K-f | 109.165.67.140 (STERLINGSTUDENTS.NET): EU-ZZ, UK. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:44:00 | Win2K-f | 186.89.11.233 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:54:00 | Win2K-f | 88.26.230.102 (RIMA-TDE.NET): TELEFONICA DE ESPANA (NCC#2008052974), MADRID, MADRID, ES. (DSL) |
n/a | :tsyprenyap.com US:enbtf.biz US:owhwme.biz :tsvmg.info US:abfgnyyli.biz :fcphydps.org :wsnmslv.net :hddtj.info US:pwmvjuob.biz :pzfeatf.net :rgoqtro.com :necvyd.com :yliccosl.com :zvzpzn.org US:xvkrd.biz :odycvlaffqr.net :wdyxyglbctq.com US:knpjkity.biz :kyktfxdbmzv.info :mhgqgdo.org :plmnpsl.org :mdcddixq.info US:yxphdjww.biz :ysmant.info US:ymjly.biz :oyacanrf.org :ompjkmwryig.com :vdxkfth.net US:sskhwqfce.biz :kbbegwsj.net :bkgke.org :ehozjxxnllq.com :bqqnyfj.org US:uqmnw.biz US:ixdfjlgldf.biz :rrakz.org :usmzadt.org :yaegxffsir.info :kjxdwn.com :qvmvgxgk.org |
445 | pcap | raw alerts ruleset |
http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:04:00 | Win2K-f | 177.180.250.213 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:14:00 | Win2K-f | 123.30.37.46 (LOCALHOST): VIETNAM DATA COMMUNICATION COMPANY (VDC), VN. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:24:00 | Win2K-f | 186.95.49.10 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 25 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:34:00 | Win2K-f | 41.234.31.49 (TEDATA.NET): AFRINIC, CAIRO, AL QAHIRAH, EG. (DSL) |
n/a | FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
http 28 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:44:00 | Win2K-f | 94.156.20.99 (TELECABLENET.COM): NETERRA-TELECABLENET-NET, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 7 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:54:00 | Win2K-f | 200.29.113.75 (EMCALI.NET.CO): EMCATEL, CALI, VALLE DEL CAUCA, CO. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:04:00 | Win2K-f | 88.149.223.250 (STATICNET.NGI.IT): SWISSCOM EUROSPOT ITALIA SPA, MILANO, LOMBARDIA, IT. (100Mbps) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 EE:62.65.192.25:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:42:00 | Win2K-f | 85.14.9.58 (LIREX.NET): NAT, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | EE:www.starman.ee FI:www.if.ee EE:www.online.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:47:00 | Win2K-f | 117.21.178.21 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. (DSL) |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:www.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:00:00 | Win2K-f | 202.59.163.124 (NAP.NET.ID): PT. NAP INFO LINTAS NUSA, JAKARTA, JAKARTA RAYA, ID. (DSL) |
n/a | :www.google.com :zindkd.com :qikeygrpt.org :mybdgms.com US:asbskytn.biz :itossuqxez.com :vttwdmqddbk.com US:jwchcff.biz :qslyjqwm.com :rifxgk.com :ueoxrb.org :mtdrl.org :wivqbuhpu.com US:fanjx.biz US:kxphsoite.biz US:wwhwfivkg.biz US:fjkbtf.biz :puooa.net :ycqztaebib.org :frahbhijhu.org :ysqqqaunqps.org US:jibxgpzehh.biz :ztwhulgto.net :tivtzpl.net US:vmdoiubnf.biz :rrnhdqxhnzl.com :nchgjqrno.net US:xulbo.biz :palel.net :tempmmhn.info :ihziimmm.info :skpqf.org :upwyyyxx.info :iqlgfnqlks.info US:ftipxgxol.biz US:vxsyfgcjhly.biz US:reexsjmw.biz :dxvyy.info :lyancs.net :hxbekjlo.info :kfrygpbcziz.org US:szxltplkf.biz :duzhygme.net :pjmgguvs.org :sxmvwjmv.info US:bxzoenn.biz US:catqdkde.biz :yiynaytgb.info :flnbo.info US:fqwhaewx.biz :sktwsue.com :csmwlr.info :jxgayiotym.net :rnaxjo.com US:yjmxuyzbsd.biz :embyy.org :metyhjyn.com US:qnecigbf.biz US:duifssie.biz :kejyla.info US:badtvx.biz US:149.20.56.32:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:57:00 | Win2K-f | 106.79.191.220 (-): . |
n/a | EE:www.starman.ee EE:www.online.if.ee FI:www.if.ee FI:194.215.38.135:80 EE:195.50.195.10:443 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |