Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

10 April 2013
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

01:45:00 Win2K-f 61.12.24.211 (DIRECT.NET.IN):
TATA COMMUNICATIONS INTERNET SERVICES LTD,
NEW DELHI, DELHI, IN. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:04:38:00 WinXP 91.83.126.76 (SULINET.HU):
INVITEL TAVKOZLESI SZOLGALTATO RT,
HU. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

07:04:00 Win2K-f 113.253.6.14 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a :www.maxmind.com
:getmyip.co.uk
:www.getmyip.org
EU:checkip.dyndns.org
174.36.207.186:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:44:00 Win2K-f 72.48.186.227 (USAWIDE.NET):
FITCH AFFORDABLE TELECOM CO,
CORPUS CHRISTI, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:50:00 WinXP 193.248.30.95 (ABO.WANADOO.FR):
NSLIL205 LILLE,
LILLE, NORD-PAS-DE-CALAIS, FR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:06:00 WinXP 173.31.119.52 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MIDDLETOWN, NEW YORK, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:13:00 WinXP 94.248.157.13 (KABELNET.HU):
VIDANET CABLE TELEVISION PROVIDER LTD,
HU. (DSL) 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:11:38:00 WinXP 46.40.34.32 (-):
. n/a DE:citi-bank.ru
DE:213.155.14.161:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:47:00 WinXP 95.75.93.43 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) n/a PT:siliconfireware.ru
RU:www.bbin.ru
:www.google-analytics.com
:fonts.googleapis.com
:themes.googleusercontent.com
:html5shiv.googlecode.com
RU:binbank.ru
RU:counter.yadro.ru
:mc.yandex.ru
:i.ctnsnet.com
:googleads.g.doubleclick.net
US:ib.adnxs.com
:cm.g.doubleclick.net
:wpad 445 pcap raw alerts
ruleset http
http
http
413 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:48:00 WinXP 46.40.34.32 (-):
. 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:10:00 WinXP 46.130.64.253 (-):
. 213.155.14.161:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none