|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 10:11:00 | Win2K-f | 31.176.241.239 (-): . |
n/a | CA:www.msn.com :wcanqubwumz.info :etlfiiyfc.org US:juqzyihgs.biz :glylgeyn.info US:szsbvulpf.biz :uabqlva.org :fnvvositp.net US:ljfkqkrgsn.biz US:lmcozozpa.biz :jyahluzop.org US:jbnuktpgu.biz DE:iynta.com :rnurzj.net :hbowlequlgk.info :wlotdlop.net :cwqnn.org :cetyeavwsfa.net :rbluidpak.org US:bocgypnoyg.biz :fmgspxw.org DE:sedoparking.com :vztovenp.info :yipvgwjgsfv.com :taptcqurjl.org :rkbinenqcj.com :coqibpzeqyv.org :durpqidkdyl.com US:dhlmsqs.biz :cwfurq.info :wpbnrzhs.com :ulsarysni.org :wesbzou.net :syarxskmkh.org US:ixjyenfufyn.biz :durpr.com :cmomsuqf.info US:pbpmero.biz :rhaehzco.info US:pwymx.biz :xrdfvgsv.com :qckwen.com US:inggzsyefmk.biz :niefgeit.info US:qfkctj.biz :oitbkddrzb.net US:woawq.biz :bnllmr.net :offzkqai.net US:qezijmefp.biz :ksgtezkmpbp.info :puapvqgz.net :ijzuykouxp.com US:ovehkyjdmim.biz :mkqfoww.com US:nxmvm.biz :quinf.com :jgfsvb.info :zfptw.net :luiyjioml.info US:ducvsolb.biz :kdlbfpba.org :vmvtimzt.net US:zgdbakeb.biz :xgbblgul.info :wxctf.info US:xmjosgc.biz :sgjjyaw.net :vtwyrvfxx.net :wzlnyqnmz.org :beofyqpo.org :kwpcwap.org US:149.20.56.32:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:34:00 | Win2K-f | 117.239.70.227 (10/24.BSNL.IN): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
n/a | :www.maxmind.com US:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 16:24:00 | Win2K-f | 114.41.217.117 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | :utsps.com :sobblkeahr.org US:extcetyf.biz US:bocgypnoyg.biz :wxctf.info :jgfsvb.info :niefgeit.info US:mfvlsnwj.biz :fjnybauip.com :ncjvomwytr.info :quinf.com :pugfima.info :evnaxadkkbf.info :hgfpaybheql.com :bdgflaqjiei.net :mlmcpawa.net :mkqfoww.com :ihfiawazge.info :botbaqsq.info :nzhsevzr.org :eblbssqa.org US:scoelve.biz :dgymmy.net :fnntoim.com :vepnjud.org :vpcmb.net :nytonjxw.info :ufpolfwj.net :lpqmxwitl.com :oiiml.org :uwwvhh.com :lpkzieuuytf.com :nsnpg.com :ryjzjubnytb.info :urhqi.net :imzye.info :vztovenp.info :gyofptwb.org :yetibwnpb.info :xplvebg.info US:149.20.56.32:80 US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:30:00 | Win2K-f | 36.227.195.234 (-): . |
n/a | CN:www.baidu.com :kjiazchv.org :ncqed.com :ncsbzkaivj.com :uhsntu.com :jkkxxdiffzi.info :juymliqv.info :orleyw.net :zegttryavvw.com :twxxqlkdme.net :minquw.info :kijggqfgt.info :qesaschyloy.net :hlykeo.net :aiewdy.info US:mqafppufzao.biz :crkyo.net :hmwqedwt.org :qlukhgmtajy.info :coabydoz.info :dbsaparx.net :ctoeioqy.info :knxzf.info :lftzoxzm.net :dwrddcvlae.info :mhbcrgmudx.net :otcfpwdlhvy.com US:oqmgarmwsp.biz :rxiqacaf.com :xathlec.com :rrjansz.org :ufdbicozkvz.info :szchymmd.org :bfirnrmtwoz.com US:xaortxqyps.biz US:rxucck.biz :zitus.org :nnopprbj.net US:aojufz.biz :bgdlahoro.com US:wpzcsdkm.biz :ajtkag.net :ixoivyvf.net US:urxwsjtfqsw.biz US:whqaev.biz :snvrh.org :ulyunwbi.info :djjzxx.com :clmrmxganlf.com US:wmzwncdy.biz :hmjep.org US:204.152.184.139:80 CN:220.181.111.147:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |