Index of /publicDatasets/CTU-Malware-Capture-Botnet-115-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2015-04-09_capture-win3.biargus2016-12-05 22:30 16M 
[   ]2015-04-09_capture-win3.binetflow2016-12-05 22:30 11M 
[   ]2015-04-09_capture-win3.capinfos2016-12-05 22:30 1.1K 
[   ]2015-04-09_capture-win3.dnstop2016-12-05 22:30 1.9K 
[   ]2015-04-09_capture-win3.passivedns2016-12-05 22:30 8.4K 
[   ]2015-04-09_capture-win3.pcap2017-04-25 09:29 47M 
[   ]2015-04-09_capture-win3.rrd2015-04-08 22:04 8.0M 
[   ]2015-04-09_capture-win3.tcpdstat2016-12-05 22:30 1.3K 
[   ]2015-04-09_capture-win3.uniargus2016-12-05 22:30 32M 
[   ]2015-04-09_capture-win3.uninetflow2016-12-05 22:30 22M 
[   ]2015-04-09_capture-win3.weblogng2016-06-15 18:04 232  
[   ]43671d11ed11b2764a660c5bfbb83067.exe.zip2015-12-16 10:26 181K 
[TXT]README.html2017-04-25 09:29 1.0K 
[TXT]README.md2015-06-12 15:04 860  
[DIR]bro/2017-04-25 09:29 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-15 13:04 196  

Timeline

Wed Apr 1 17:25:59 CEST 2015

start win3

Wed Apr 1 17:27:18 CEST 2015

Probably Volatile Cedar

It worked! It seems it is doing some DNS request to www.microsoft.com! 01:04:44.956138 udp 10.0.2.103 52522 <-> 8.8.8.8 53 CON 2 345 s[35]=.............www.microsoft.com..... d[120]=.............www.microsoft.com.................toggle.www.ms.akadns.net../...........www.microsoft.com-c.edgekey.D.U... s[35]=.............www.microsoft.com..... d[226]=.............www.microsoft.com.................toggle.www.ms.akadns.net../...........www.microsoft.com-c.edgekey.D.U......!....www.microsoft.com-c.edgekey.net.globalredir.=.............e10088.dspb.akamaiedge.D.............?O.

Thu Apr 9 10:38:37 CEST 2015

The computer froze yesterday around 22hs. I'm starting