Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
fast-flux-dga-first-analysis.txt | 2017-01-13 22:18 | 59K | ||
bro/ | 2017-08-31 09:45 | - | ||
README.md | 2016-05-01 17:45 | 892 | ||
README.html | 2017-01-13 22:18 | 1.2K | ||
8006cbd1c70b2ed096af9c72d6fef2c3e9cb0a4168540897967e5d3bbb2331bc.exe.zip | 2016-05-01 17:45 | 30K | ||
2015-05-01_capture-win2.weblogng | 2016-06-15 17:53 | 232 | ||
2015-05-01_capture-win2.tcpdstat | 2016-09-03 16:53 | 1.3K | ||
2015-05-01_capture-win2.rrd | 2016-05-01 17:42 | 8.0M | ||
2015-05-01_capture-win2.pcap | 2016-04-30 10:32 | 52M | ||
2015-05-01_capture-win2.passivedns | 2016-05-01 17:42 | 1.3K | ||
2015-05-01_capture-win2.dnstop | 2016-05-01 17:42 | 15K | ||
2015-05-01_capture-win2.capinfos | 2016-05-01 17:43 | 763 | ||
2015-05-01_capture-win2.binetflow | 2016-12-05 22:26 | 19M | ||
2015-05-01_capture-win2.biargus | 2016-12-05 22:26 | 28M | ||
Zip password: infected
RobotHash
Started win2
infected successfully
It is using DGA, and is the fasted DGA I ever saw.
Restarted the windows because it stopped sending packets. It didn't worked.