Index of /publicDatasets/CTU-Malware-Capture-Botnet-163-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[DIR]bro/2017-08-31 09:45 -  
[   ]2016-06-02_capture-win6.capinfos2016-06-03 14:15 763  
[TXT]README.md2016-06-03 14:14 1.1K 
[TXT]README.html2017-01-13 22:08 1.5K 
[   ]2016-06-02_capture-win6.tcpdstat2016-09-03 16:52 1.8K 
[   ]2016-06-02_capture-win6.dnstop2016-06-03 14:15 3.0K 
[   ]2016-06-02_capture-win6.passivedns2016-06-03 14:15 3.5K 
[TXT]fast-flux-dga-first-analysis.txt2017-01-13 22:08 5.7K 
[   ]2016-06-02_capture-win6.weblogng2016-06-15 17:38 21K 
[   ]2016-06-02_capture-win6.binetflow2016-12-05 22:25 35K 
[   ]2016-06-02_capture-win6.biargus2016-12-05 22:25 82K 
[   ]79acc1b8aaac2d3837e2f16e7a58ed658dbeb8802b6a32db85c0644ccc9039fa.exe.zip2016-06-03 14:15 100K 
[TXT]2016-06-02_capture-win6.html2016-06-03 14:17 877K 
[   ]2016-06-02_capture-win6.json2016-06-03 14:17 890K 
[   ]2016-06-02_capture-win6.pcap2016-06-03 14:13 1.5M 
[   ]2016-06-02_capture-win6.rrd2016-06-03 14:14 8.0M 

Description

Timeline

Mon May 30 13:47:37 CEST 2016

started win 6

Mon May 30 13:51:38 CEST 2016

infected succesful

At 04:11:46.102078 (capture time) there was no more connections to the CC. I will try to reboot it.

Mon May 30 16:58:48 CEST 2016

restarted, keep the same pcap

The malware is running again.

mon May 30 20:25:07 CEST 2016

restarted because it was not sending

Fri Jun 3 14:13:43 CEST 2016

Poweroff because it stop sending again and it did not recover.