Index of /publicDatasets/CTU-Malware-Capture-Botnet-104-1

	Name	Last modified	Size	Description
	Parent Directory		-
	6f192c38d24c17ddd0d4de60b12ae2e2.exe.zip	2015-12-16 10:26	51K
	2015-03-09_capture_win3.biargus	2016-12-05 22:31	17M
	2015-03-09_capture_win3.binetflow	2016-12-05 22:31	6.3M
	2015-03-09_capture_win3.capinfos	2015-06-24 14:52	760
	2015-03-09_capture_win3.dnstop	2016-12-05 22:31	1.6K
	2015-03-09_capture_win3.html	2015-06-24 14:58	10M
	2015-03-09_capture_win3.json	2015-06-24 14:58	6.5M
	2015-03-09_capture_win3.passivedns	2016-12-05 22:31	1.4K
	2015-03-09_capture_win3.pcap	2015-03-09 14:19	22M
	2015-03-09_capture_win3.tcpdstat	2016-12-05 22:31	1.7K
	2015-03-09_capture_win3.weblogng	2016-06-15 17:43	797K
	README.html	2017-01-15 13:04	652
	README.md	2015-06-24 14:51	457
	bro/	2017-08-31 09:45	-
	fast-flux-dga-first-analysis.txt	2017-01-15 13:04	1.6K

Timeline

• Probably Yakes Malware
• MD5: 6f192c38d24c17ddd0d4de60b12ae2e2
• VirusTotal

Sun Mar 1 10:56:38 CET 2015

started win3

Sun Mar 1 11:03:47 CET 2015

Infected

It was perfectly infected, seding probably encrypted post requests.

Mon Mar 9 14:43:48 CET 2015

The server computer froze and I have to restart the capture.