Index of /publicDatasets/CTU-Malware-Capture-Botnet-116-4

	Name	Last modified	Size	Description
	Parent Directory		-
	2012-05-25-capture1.biargus	2015-10-07 14:07	7.5M
	2012-05-25-capture1.binetflow	2015-10-07 14:07	6.8M
	2012-05-25-capture1.capinfos	2015-10-07 13:36	720
	2012-05-25-capture1.dnstop	2015-10-07 13:35	20K
	2012-05-25-capture1.html	2015-10-07 14:46	33M
	2012-05-25-capture1.json	2015-10-07 14:46	50M
	2012-05-25-capture1.passivedns	2015-10-07 13:35	40K
	2012-05-25-capture1.pcap	2015-10-07 13:25	106M
	2012-05-25-capture1.weblogng	2016-06-15 18:06	1.3M
	948549816.111111.exe.zip	2015-12-16 10:26	285K
	README.html	2015-10-15 14:39	1.6K
	README.md	2015-10-15 14:39	1.2K
	bro/	2017-08-31 09:45	-

Description

• Probable name: Kazy
• This is a capture made in a home environment using two VirtualBox Windows
• Infected VMs:
  • First VM
    • Name: Tiny71
    • IP: 192.168.0.150
  • Second VM
    • Name: Tiny72
    • IP: 192.168.0.151
• MD5: 8df6603d7cbc2fd5862b14377582d46a
  
• SHA1: 816a5736e2809a403724bce17c3fc0e607719d5f
  
• SHA256: 936c0358df132965439ee9314f4ed59b3795f2a62dc4c588564bdfce969639a7
  
• Filename: 948549816.111111.exe
• VirusTotal
• HybridAnalysis
• RobotHash

Timeline

Fri May 25 19:02:19 ART 2012

Started the capture

Fri May 25 19:10:23 ART 2012

Started first VM Tiny71, 192.168.0.150

Fri May 25 19:12:31 ART 2012

Infect the first VM

Fri May 25 19:13:19 ART 2012

Started the second VM Tiny72

Fri May 25 19:16:43 ART 2012

Infected the second VM

Fri May 25 23:38:06 ART 2012

Power off both vms