|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:02:28:00 | WinXP | 37.75.91.134 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
37 of 43 | ca3e3b13f3 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:03:00 | WinXP | 46.237.41.233 (-): . |
213.155.14.161:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
42 of 43 | 269ce49eb2 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:51:00 | Win2K-f | 24.155.202.219 (GRANDENETWORKS.NET): GRANDE COMMUNICATIONS CORPUS CHRISTI HUB, CORPUS CHRISTI, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
d031b42d3f NEW fa14802705 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:07:00 | WinXP | 46.185.69.169 (-): . |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 94227c2434 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:56:00 | WinXP | 208.94.176.211 (KARIBCABLE.COM): KARIB CABLE, KINGSTOWN, SAINT GEORGE, VC. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 37 of 41 |
c89b154681 NEW d2b40c91a1 NEW |
58d02dbffa [0] fbaa414397[0] |
ASM:Graph ASM:Graph |
StarForce| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
| 16:50:00 | Win2K-f | 201.186.240.220 (-): . |
n/a | :www.maxmind.com :getmyip.co.uk :www.getmyip.org US:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
2 of 37 | d60e538e72 NEW |
none[3] | none:none |
UPX| | none | trace |
| 17:53:00 | Win2K-f | 103.4.145.125 (-): . |
n/a | :www.maxmind.com :www.getmyip.org :getmyip.co.uk US:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:18:02:00 | Win2K-f | 103.4.145.125 (-): . |
n/a | :www.maxmind.com EU:checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:20:23:00 | WinXP | 190.209.144.87 (-): TELMEX CHILE S.A HFC, CL. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 1096ba143e NEW |
none[none] | none:none |
none|none | none | none |
| T:21:50:00 | WinXP | 50.82.175.81 (-): . |
n/a | US:gg.arrancar.org US:208.73.210.201:555 |
135 | pcap | raw alerts ruleset |
other 158 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 39 | 2e8bb50e90 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:00:00 | WinXP | 208.95.91.168 (-): GILA RIVER TELECOMMUNICATIONS INC, CHANDLER, ARIZONA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 37 of 41 |
c89b154681 NEW d2b40c91a1 NEW |
58d02dbffa [0] fbaa414397[0] |
ASM:Graph ASM:Graph |
StarForce| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |