Index of /publicDatasets/CTU-Malware-Capture-Botnet-120-2

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2015-06-07_capture-win4.biargus2015-06-11 16:18 1.8M 
[   ]2015-06-07_capture-win4.binetflow2015-09-17 17:06 1.6M 
[   ]2015-06-07_capture-win4.capinfos2015-06-15 15:48 764  
[   ]2015-06-07_capture-win4.dnstop2016-12-06 08:07 1.8K 
[TXT]2015-06-07_capture-win4.html2015-06-07 20:05 352K 
[   ]2015-06-07_capture-win4.json2015-06-07 20:05 2.1K 
[   ]2015-06-07_capture-win4.passivedns2016-12-06 08:07 1.8K 
[   ]2015-06-07_capture-win4.pcap2015-06-07 20:02 305M 
[   ]2015-06-07_capture-win4.rrd2015-06-07 20:02 8.0M 
[   ]2015-06-07_capture-win4.tcpdstat2016-12-06 08:07 1.8K 
[   ]2015-06-07_capture-win4.uniargus2016-12-06 08:08 78M 
[   ]2015-06-07_capture-win4.uninetflow2016-12-06 08:08 30M 
[   ]2015-06-07_capture-win4.weblogng2016-06-15 18:05 418  
[TXT]README.html2017-01-15 16:34 962  
[TXT]README.md2015-06-15 15:47 691  
[DIR]bro/2017-08-31 09:45 -  
[   ]d1e1acd259b5548c2f09906dc3efa7df.exe.zip2015-12-16 10:26 11K 
[TXT]fast-flux-dga-first-analysis.txt2017-01-15 16:34 2.5K 
[   ]mss3.exe.zip2015-12-16 10:26 1.3M 

Timeline

Wed Apr 22 11:15:05 CEST 2015

started win4 already infected

Wed Apr 22 11:23:22 CEST 2015

It got connected to the server because I started the server

Wed Apr 29 09:49:11 CEST 2015

I stopped the njrat server and started it again. Because the traffic looks like something strange was happening. Now is working again.

Sun Jun 7 20:02:32 CEST 2015

poweroff