Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
2015-10-23_win7.pcap | 2015-09-26 05:46 | 236M | ||
2015-10-23_win7.rrd | 2015-10-23 10:01 | 8.0M | ||
README.md | 2015-10-23 10:13 | 1.4K | ||
2015-10-23_win7.dnstop | 2015-10-23 10:14 | 14K | ||
2015-10-23_win7.passivedns | 2015-10-23 10:14 | 5.5K | ||
2015-10-23_win7.capinfos | 2015-10-23 10:17 | 755 | ||
2015-10-23_win7.json | 2015-10-23 10:26 | 147K | ||
2015-10-23_win7.html | 2015-10-23 10:26 | 422K | ||
4881c7d89c2b5e934d4741a653fbdaf87cc5e7571b68c723504069d519d8a737.exe.zip | 2015-12-16 10:26 | 264K | ||
2015-10-23_win7.weblogng | 2016-06-15 18:49 | 1.0K | ||
2015-10-23_win7.tcpdstat | 2016-10-11 20:10 | 1.8K | ||
2015-10-23_win7.netflow5 | 2016-11-04 19:00 | 5.7M | ||
2015-10-23_win7.biargus | 2016-12-05 22:28 | 7.7M | ||
2015-10-23_win7.binetflow | 2016-12-05 22:28 | 4.3M | ||
fast-flux-dga-first-analysis.txt | 2017-01-14 17:05 | 83K | ||
README.html | 2017-01-14 17:05 | 1.9K | ||
bro/ | 2017-08-31 09:45 | - | ||
started win7
removed the guest additions and reboot
Infected
Successful resolved to eboduftazce-ru.com, but port seems filtered.
DGA traffic
The trojan stop sending packets.... Weird because so far it was working..
The vm was rebooted to see if there was some change
Since the machine didn't generate any packet, we noticed that it loose its network access.
The machine has an IP address and route
I tried to ping www.google.com Didn't worked.
I tried to ping 8.8.8.8 Didn't worked.