Index of /publicDatasets/CTU-Malware-Capture-Botnet-158-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2015-05-01_capture-win2.biargus2016-12-05 22:26 28M 
[   ]2015-05-01_capture-win2.binetflow2016-12-05 22:26 19M 
[   ]2015-05-01_capture-win2.capinfos2016-05-01 17:43 763  
[   ]2015-05-01_capture-win2.dnstop2016-05-01 17:42 15K 
[   ]2015-05-01_capture-win2.passivedns2016-05-01 17:42 1.3K 
[   ]2015-05-01_capture-win2.pcap2016-04-30 10:32 52M 
[   ]2015-05-01_capture-win2.rrd2016-05-01 17:42 8.0M 
[   ]2015-05-01_capture-win2.tcpdstat2016-09-03 16:53 1.3K 
[   ]2015-05-01_capture-win2.uniargus2016-12-05 22:26 47M 
[   ]2015-05-01_capture-win2.uninetflow2016-12-05 22:26 35M 
[   ]2015-05-01_capture-win2.weblogng2016-06-15 17:53 232  
[   ]8006cbd1c70b2ed096af9c72d6fef2c3e9cb0a4168540897967e5d3bbb2331bc.exe.zip2016-05-01 17:45 30K 
[TXT]README.html2017-01-13 22:18 1.2K 
[TXT]README.md2016-05-01 17:45 892  
[DIR]bro/2017-08-31 09:45 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-13 22:18 59K 

Description

Timeline

Fri Apr 29 21:23:20 CEST 2016

Started win2

Fri Apr 29 21:42:37 CEST 2016

infected successfully

Analysis

It is using DGA, and is the fasted DGA I ever saw.

Sun May 1 10:56:23 CEST 2016

Restarted the windows because it stopped sending packets. It didn't worked.