Index of /publicDatasets/CTU-Malware-Capture-Botnet-159-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2015-05-01_capture-win4.biargus2016-12-05 22:26 29M 
[   ]2015-05-01_capture-win4.binetflow2016-12-05 22:26 20M 
[   ]2015-05-01_capture-win4.capinfos2016-05-01 17:55 762  
[   ]2015-05-01_capture-win4.dnstop2016-05-01 17:54 15K 
[   ]2015-05-01_capture-win4.passivedns2016-05-01 17:54 1.3K 
[   ]2015-05-01_capture-win4.pcap2016-04-30 16:21 55M 
[   ]2015-05-01_capture-win4.rrd2016-05-01 17:52 8.0M 
[   ]2015-05-01_capture-win4.tcpdstat2016-09-03 16:53 1.3K 
[   ]2015-05-01_capture-win4.uniargus2016-12-05 22:26 49M 
[   ]2015-05-01_capture-win4.uninetflow2016-12-05 22:26 36M 
[   ]2015-05-01_capture-win4.weblogng2016-06-15 17:38 232  
[   ]14010ce6f03e0a978693424d60e34ba9.exe.zip2016-05-01 17:54 30K 
[TXT]README.html2017-01-13 22:15 1.2K 
[TXT]README.md2016-05-01 17:54 841  
[DIR]bro/2017-08-31 09:45 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-13 22:15 59K 

Description

Timeline

Fri Apr 29 22:04:08 CEST 2016

started win4

Fri Apr 29 22:05:51 CEST 2016

Infected

Analysis

It is using DGA, and is the fasted DGA I ever saw. After some days, it stopped sending traffic.

Sun May 1 17:54:23 CEST 2016

poweroff