Index of /publicDatasets/CTU-Malware-Capture-Botnet-102

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[TXT]README.html2017-06-26 22:48 4.3K 
[TXT]README.md2017-06-26 22:48 3.4K 
[   ]Win2-test.rrd2015-02-25 13:43 8.0M 
[DIR]bro/2017-01-16 09:25 -  
[   ]capture-win2.biargus2017-01-16 09:25 45K 
[   ]capture-win2.binetflow2017-01-16 09:25 16K 
[   ]capture-win2.capinfos2017-01-16 09:25 1.1K 
[   ]capture-win2.dnstop2017-01-16 09:25 4.8K 
[TXT]capture-win2.html2017-06-26 22:43 3.3M 
[   ]capture-win2.json2017-06-26 22:43 5.4M 
[   ]capture-win2.passivedns2017-01-16 09:25 8.3K 
[   ]capture-win2.pcap2015-02-25 13:38 2.5M 
[   ]capture-win2.tcpdstat2017-01-16 09:25 1.8K 
[   ]capture-win2.weblogng2016-06-15 17:41 63K 
[TXT]fast-flux-dga-first-analysis.txt2017-01-16 09:25 11K 
[DIR]suricata/2019-03-23 14:41 -  



IP Addresses

- Infected host:


Wed Feb 25 10:24:53 CET 2015

started win2

Wed Feb 25 10:25:51 CET 2015

I received a phising email for the fio banka. This is new so it is working. The mail had only one link:

Some page was downloaded

The site in VirusTotal has two known URLs detected as phising sites. Its IP address is which in VirusTotal is repoted to have been used for several hundreds phising URLs.

The content of redirects the browser to the URL, which in VirusTotal is detected as having at least 15 malware and phising sites. This website resolves to the IP address which also has several dozen detections.

Wed Feb 25 10:30:32 CET 2015

tried to login with name: pavel heslo: pavel2014

They asked for a sms code

Wed Feb 25 10:31:33 CET 2015

i put sms kdwo3

They 'logged me' into some 'fake bank'.

Wed Feb 25 11:44:33 CET 2015

i started clicking some buttons

Wed Feb 25 13:42:04 CET 2015

power off win2


These files were generated in the Stratosphere Lab as part of the Malware Capture Facility Project in the CVUT University, Prague, Czech Republic. The goal is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us: Sebastian Garcia:

You are free to use these files as long as you reference this project and the authors as follows: Garcia, Sebastian. Malware Capture Facility Project. Retrieved from